check password complexity in backend

This commit is contained in:
Peter Hormanns 2021-03-19 19:18:31 +01:00
parent 656410c031
commit 8a837cdeef
3 changed files with 8 additions and 2 deletions

View File

@ -37,6 +37,6 @@
<classpathentry kind="lib" path="lib/org.apache.bval.bundle-0.5.jar"/>
<classpathentry kind="lib" path="lib/serp-1.15.1.jar"/>
<classpathentry kind="lib" path="lib/xbean-asm6-shaded-4.8.jar"/>
<classpathentry kind="lib" path="lib/hsadmin-util-4.0.3-SNAPSHOT.jar"/>
<classpathentry kind="lib" path="lib/hsadmin-util-4.0.4-SNAPSHOT.jar"/>
<classpathentry kind="output" path="bin"/>
</classpath>

View File

@ -11,6 +11,7 @@ import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.Transaction;
import de.hsadmin.core.util.HSAdminException;
import de.hsadmin.core.util.PasswordTool;
import de.hsadmin.hostsharing.BasePacType;
import de.hsadmin.hostsharing.MultiOption;
import de.hsadmin.mods.pac.Pac;
@ -98,6 +99,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
if (passWord.indexOf(':') >= 0) {
throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
}
PasswordTool.checkPasswordComplexity(passWord);
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
qPac.setParameter("pacName", userName.substring(0, 5));
Object singleResult = qPac.getSingleResult();
@ -164,7 +166,11 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
if (!attachedUnixUser.getName().equals(detachedUnixUser.getName())) {
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "name");
}
attachedUnixUser.setPassword(detachedUnixUser.getPassword());
final String passWord = detachedUnixUser.getPassword();
if (passWord != null && passWord.length() > 0) {
PasswordTool.checkPasswordComplexity(passWord);
attachedUnixUser.setPassword(passWord);
}
if (hasFullAccessOnPacOf(attachedUnixUser)) {
attachedUnixUser.setComment(detachedUnixUser.getComment());
attachedUnixUser.setHomedir(detachedUnixUser.getHomedir());