Skip to content
Browse files

GPSPRINGSECURITYUI-25 some refactoring and also added tests and docs

  • Loading branch information...
1 parent 615e96f commit 2773f4e2a2df3b7da7a93bdb8020b8d1724b4f23 @burtbeckwith burtbeckwith committed Sep 12, 2011
View
32 grails-app/controllers/grails/plugins/springsecurity/ui/RegisterController.groovy
@@ -202,16 +202,36 @@ class RegisterController extends AbstractS2UiController {
return 'command.password.error.username'
}
+ if (!checkPasswordMinLength(password, command) ||
+ !checkPasswordMaxLength(password, command) ||
+ !checkPasswordRegex(password, command)) {
+ return 'command.password.error.strength'
+ }
+ }
+
+ static boolean checkPasswordMinLength(String password, command) {
def conf = SpringSecurityUtils.securityConfig
- int minLength = (conf.ui.password.minLength)? conf.ui.password.minLength : 6
- int maxLength = (conf.ui.password.maxLength)? conf.ui.password.maxLength : 64
+ int minLength = conf.ui.password.minLength instanceof Number ? conf.ui.password.minLength : 8
- def passValidationRegex = (conf.ui.password.validationRegex)? conf.ui.password.validationRegex : '^.*(?=.*\\d)(?=.*[a-zA-Z])(?=.*[@#$%^&+=]).*$'
+ password && password.length() >= minLength
+ }
- if (password && (password.length() < minLength || password.length() > maxLength || !password.matches(passValidationRegex)) ) {
- return 'command.password.error.strength'
- }
+ static boolean checkPasswordMaxLength(String password, command) {
+ def conf = SpringSecurityUtils.securityConfig
+
+ int maxLength = conf.ui.password.maxLength instanceof Number ? conf.ui.password.maxLength : 64
+
+ password && password.length() <= maxLength
+ }
+
+ static boolean checkPasswordRegex(String password, command) {
+ def conf = SpringSecurityUtils.securityConfig
+
+ String passValidationRegex = conf.ui.password.validationRegex ?:
+ '^.*(?=.*\\d)(?=.*[a-zA-Z])(?=.*[!@#$%^&]).*$'
+
+ password && password.matches(passValidationRegex)
}
static final password2Validator = { value, command ->
View
13 src/docs/guide/10 Customization.gdoc
@@ -123,4 +123,15 @@ This option defaults to @true@ to avoid a breaking change, so if you have a newe
{code}
grails.plugins.springsecurity.ui.encodePassword = false
{code}
-
+
+h4. Password Verification
+
+By default the registration controller has rather strict requirements for valid passwords; they must be between 8 and 64 characters and must include at least one uppercase letter, at least one number, and at least one symbol from "!@#$%^&". You can customize these rules with these Config.groovy attributes:
+
+{table}
+*Property* | *Default Value*
+grails.plugins.springsecurity. ui.password.minLength | 8
+grails.plugins.springsecurity. ui.password.maxLength | 64
+grails.plugins.springsecurity. ui.password.validationRegex | "^.\*(?=.\*\\\\\\d)(?=.\*\[a-zA-Z\])(?=.\*\[!\@#$%^&\]).\*$"
+{table}
+
View
103 test/unit/grails/plugins/springsecurity/ui/RegisterControllerTests.groovy
@@ -0,0 +1,103 @@
+package grails.plugins.springsecurity.ui
+
+import org.codehaus.groovy.grails.plugins.springsecurity.SpringSecurityUtils
+
+class RegisterControllerTests extends GroovyTestCase {
+
+ void testPasswordValidator_SameAsUsername() {
+ assertEquals 'command.password.error.username',
+ RegisterController.passwordValidator('username', [username: 'username'])
+ }
+
+ void testPasswordValidator_MinLength() {
+
+ SpringSecurityUtils.setSecurityConfig [:] as ConfigObject
+
+ def command = [username: 'username']
+ String password = 'h!Z7'
+
+ assertFalse RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertEquals 'command.password.error.strength',
+ RegisterController.passwordValidator(password, command)
+
+ SpringSecurityUtils.securityConfig.ui.password.minLength = 3
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertNull RegisterController.passwordValidator(password, command)
+ }
+
+ void testPasswordValidator_MaxLength() {
+
+ SpringSecurityUtils.setSecurityConfig [:] as ConfigObject
+
+ def command = [username: 'username']
+ String password = 'h!Z7aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa1'
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertFalse RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertEquals 'command.password.error.strength',
+ RegisterController.passwordValidator(password, command)
+
+ SpringSecurityUtils.securityConfig.ui.password.maxLength = 100
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertNull RegisterController.passwordValidator(password, command)
+ }
+
+ void testPasswordValidator_Regex() {
+
+ SpringSecurityUtils.setSecurityConfig [:] as ConfigObject
+
+ def command = [username: 'username']
+ String password = 'password'
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertFalse RegisterController.checkPasswordRegex(password, command)
+
+ assertEquals 'command.password.error.strength',
+ RegisterController.passwordValidator(password, command)
+
+ password = 'h!Z7abcd'
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertNull RegisterController.passwordValidator(password, command)
+
+ SpringSecurityUtils.securityConfig.ui.password.validationRegex = '^.*s3cr3t.*$'
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertFalse RegisterController.checkPasswordRegex(password, command)
+
+ assertEquals 'command.password.error.strength',
+ RegisterController.passwordValidator(password, command)
+
+ password = '123_s3cr3t_asd'
+
+ assertTrue RegisterController.checkPasswordMinLength(password, command)
+ assertTrue RegisterController.checkPasswordMaxLength(password, command)
+ assertTrue RegisterController.checkPasswordRegex(password, command)
+
+ assertNull RegisterController.passwordValidator(password, command)
+ }
+
+ @Override
+ protected void tearDown() {
+ super.tearDown()
+ SpringSecurityUtils.resetSecurityConfig()
+ }
+}

0 comments on commit 2773f4e

Please sign in to comment.
Something went wrong with that request. Please try again.