Empty password is invalid

Signed-off-by: Petr Plavjanik <plavjanik@gmail.com>
zowe · Nov 17, 2019 · 09ebc2f · 09ebc2f
1 parent 934c869
commit 09ebc2f
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 1 deletion.
diff --git a/...i-commons-spring/src/main/java/org/zowe/commons/zos/security/platform/PlatformErrno2.java b/...i-commons-spring/src/main/java/org/zowe/commons/zos/security/platform/PlatformErrno2.java
@@ -1785,6 +1785,8 @@ public enum PlatformErrno2 {
 
     private static Map<Integer, PlatformErrno2> BY_ERRNO = new HashMap<>();
 
+    public static int ERRNO2_BASE = 0x090c0000;
+
     static {
         for (PlatformErrno2 e : values()) {
             BY_ERRNO.put(e.errno2, e);

diff --git a/...-commons-spring/src/main/java/org/zowe/commons/zos/security/platform/SafPlatformUser.java b/...-commons-spring/src/main/java/org/zowe/commons/zos/security/platform/SafPlatformUser.java
@@ -20,6 +20,9 @@ public SafPlatformUser(PlatformClassFactory platformClassFactory) {
 
     @Override
     public PlatformReturned authenticate(String userid, String password) {
+        if ((password == null) || password.isEmpty()) {
+            return PlatformReturned.builder().success(false).rc(0).errno(PlatformPwdErrno.EINVAL.errno).errno2(PlatformErrno2.ERRNO2_BASE | PlatformErrno2.JRPasswordLenError.errno2).build();
+        }
         try {
             Object safReturned = platformClassFactory.getPlatformUserClass()
                     .getMethod("authenticate", String.class, String.class)

diff --git a/...ons-spring/src/test/java/org/zowe/commons/zos/security/platform/SafPlatformUserTests.java b/...ons-spring/src/test/java/org/zowe/commons/zos/security/platform/SafPlatformUserTests.java
@@ -10,6 +10,7 @@
  */
 package org.zowe.commons.zos.security.platform;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.zowe.commons.zos.security.platform.MockPlatformUser.VALID_PASSWORD;
@@ -28,9 +29,18 @@ public void returnsNullForValidAuthentication() {
     }
 
     @Test
-    public void returnsDetailsForInvalidAuthentication() {
+    public void returnsErrorDetailsForInvalidAuthentication() {
         PlatformReturned returned = safPlatformUser.authenticate(INVALID_USERID, INVALID_PASSWORD);
         assertFalse(returned.isSuccess());
     }
 
+    @Test
+    public void returnsErrorDetailsForEmptyPassword() {
+        PlatformReturned returned = safPlatformUser.authenticate(VALID_USERID, "");
+        assertFalse(returned.isSuccess());
+        assertEquals(PlatformPwdErrno.EINVAL.errno, returned.errno);
+        assertEquals(0, returned.rc);
+        assertEquals(0x090C02A7, returned.errno2);
+        assertEquals(PlatformErrno2.JRPasswordLenError, PlatformErrno2.valueOfErrno(returned.errno2));
+    }
 }
diff --git a/...t/java/org/zowe/sample/apiservice/security/SecurityContextControllerIntegrationTests.java b/...t/java/org/zowe/sample/apiservice/security/SecurityContextControllerIntegrationTests.java
@@ -48,6 +48,12 @@ public void failsWithInvalidAuthentication() throws Exception {
         when().get("/api/v1/securityTest/authenticatedUser").then().statusCode(401);
     }
 
+    @Test
+    public void failsWithEmptyPassword() throws Exception {
+        RestAssured.authentication = basic(VALID_USERID, "");
+        when().get("/api/v1/securityTest/authenticatedUser").then().statusCode(401);
+    }
+
     @Test
     public void failsWithExpiredAuthentication() throws Exception {
         assumeTrue("The service under test is not running on localhost",