From 2a9ba6b8703b25fb9fb4b4fbf6cf1b069c5e6b92 Mon Sep 17 00:00:00 2001 From: "daniel.solis" <2894221+dsolistorres@users.noreply.github.com> Date: Tue, 18 Jun 2024 14:21:26 -0600 Subject: [PATCH] fix (passwords): added start of line boundary to password validation (#28906) Fix: (#23292) ### Proposed Changes * Added start of input boundary (^) to password validation regex so all the password is validated against the regex ### Checklist - [x] Tests --- dotCMS/src/main/resources/portal.properties | 2 +- .../portal/ejb/UserLocalManagerTest.java | 72 +++++++++++++++++-- 2 files changed, 69 insertions(+), 5 deletions(-) diff --git a/dotCMS/src/main/resources/portal.properties b/dotCMS/src/main/resources/portal.properties index a178fc853bf6..685dbf9a7c87 100644 --- a/dotCMS/src/main/resources/portal.properties +++ b/dotCMS/src/main/resources/portal.properties @@ -306,7 +306,7 @@ # # This pattern ensures that passwords must have at least 6 characters and no white spaces. - passwords.regexptoolkit.pattern=/[!#%+1234567890:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]{8,}\\Z/ + passwords.regexptoolkit.pattern=/^[!#%+1234567890:=?@ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]{8,}$/ # This pattern ensures that passwords must have between 6 and 20 valid # characters: diff --git a/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java b/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java index 3c3819acd4d3..78eee7f782e7 100644 --- a/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java +++ b/dotcms-integration/src/test/java/com/liferay/portal/ejb/UserLocalManagerTest.java @@ -2,6 +2,9 @@ import static org.junit.Assert.assertTrue; +import com.dotcms.datagen.UserDataGen; +import com.dotmarketing.business.Role; +import com.liferay.portal.UserPasswordException; import org.junit.BeforeClass; import org.junit.Test; @@ -114,8 +117,69 @@ public void test_user_id_is_UUID() throws DotDataException, SystemException, Por assertTrue(UUIDUtil.isUUID(uuidPart)); } - - - - + + @Test + public void testValidPassword() throws Exception { + + User testUser = null; + try { + final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole(); + testUser = new UserDataGen().roles(backendRole).nextPersisted(); + final String userId = testUser.getUserId(); + + final String testPassword = "p4ss!word"; + UserLocalManager userManager = UserLocalManagerFactory.getManager(); + userManager.validate(userId, testPassword, testPassword); + + } finally { + if (null != testUser) { + UserDataGen.remove(testUser); + } + } + + } + + @Test(expected = UserPasswordException.class) + public void testInvalidCharacterInPassword() throws Exception { + + User testUser = null; + try { + final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole(); + testUser = new UserDataGen().roles(backendRole).nextPersisted(); + final String userId = testUser.getUserId(); + + final String testPassword = "p4ss$word"; + UserLocalManager userManager = UserLocalManagerFactory.getManager(); + userManager.validate(userId, testPassword, testPassword); + + } finally { + if (null != testUser) { + UserDataGen.remove(testUser); + } + } + + } + + + @Test (expected = UserPasswordException.class) + public void testNotEnoughCharsInPassword() throws Exception { + + User testUser = null; + try { + final Role backendRole = APILocator.getRoleAPI().loadBackEndUserRole(); + testUser = new UserDataGen().roles(backendRole).nextPersisted(); + final String userId = testUser.getUserId(); + + final String testPassword = "p4ss!"; + UserLocalManager userManager = UserLocalManagerFactory.getManager(); + userManager.validate(userId, testPassword, testPassword); + + } finally { + if (null != testUser) { + UserDataGen.remove(testUser); + } + } + + } + }