Merge pull request #578 from digitalfabrik/482-CheckAndValidatePasswo…

…rdPolicies 482: Check and validate password policies
digitalfabrik · Oct 11, 2022 · e9eb626 · e9eb626
2 parents 3d73919 + 5f9a7be
commit e9eb626
Show file tree

Hide file tree

Showing 5 changed files with 126 additions and 1 deletion.
diff --git a/.idea/runConfigurations/Create_Admin_Account.xml b/.idea/runConfigurations/Create_Admin_Account.xml
diff --git a/.idea/runConfigurations/Test_Backend.xml b/.idea/runConfigurations/Test_Backend.xml
diff --git a/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/PasswordValidator.kt b/backend/src/main/kotlin/app/ehrenamtskarte/backend/auth/PasswordValidator.kt
@@ -0,0 +1,42 @@
+package app.ehrenamtskarte.backend.auth
+
+const val minPasswordLength = 12
+const val minLowercaseChars = 1
+const val minUppercaseChars = 1
+const val minNumericChars = 0
+const val minSpecialChars = 1
+
+enum class PasswordValidationResult {
+    VALID,
+    NOT_LONG_ENOUGH,
+    TOO_FEW_LOWERCASE_CHARS,
+    TOO_FEW_UPPERCASE_CHARS,
+    TOO_FEW_NUMERIC_CHARS,
+    TOO_FEW_SPECIAL_CHARS
+}
+
+object PasswordValidator {
+
+    fun validatePassword(password: String): PasswordValidationResult {
+        if (password.length < minPasswordLength) {
+            return PasswordValidationResult.NOT_LONG_ENOUGH
+        }
+        val numLowercaseChars = password.count { it.isLowerCase() }
+        val numUppercaseChars = password.count { it.isUpperCase() }
+        val numNumericChars = password.count { it.isDigit() }
+        val numSpecialChars = password.length - numLowercaseChars - numUppercaseChars - numNumericChars
+        if (numLowercaseChars < minLowercaseChars) {
+            return PasswordValidationResult.TOO_FEW_LOWERCASE_CHARS
+        } else if (numUppercaseChars < minUppercaseChars) {
+            return PasswordValidationResult.TOO_FEW_UPPERCASE_CHARS
+        } else if (numNumericChars < minNumericChars) {
+            return PasswordValidationResult.TOO_FEW_NUMERIC_CHARS
+        } else if (numSpecialChars < minSpecialChars) {
+            return PasswordValidationResult.TOO_FEW_SPECIAL_CHARS
+        }
+        return PasswordValidationResult.VALID
+    }
+}
+
+class InvalidPasswordException(passwordValidation: PasswordValidationResult) :
+    Throwable(message = passwordValidation.toString())
diff --git a/...rc/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt b/...rc/main/kotlin/app/ehrenamtskarte/backend/auth/database/repos/AdministratorsRepository.kt
@@ -1,5 +1,8 @@
 package app.ehrenamtskarte.backend.auth.database.repos
 
+import app.ehrenamtskarte.backend.auth.InvalidPasswordException
+import app.ehrenamtskarte.backend.auth.PasswordValidationResult
+import app.ehrenamtskarte.backend.auth.PasswordValidator
 import app.ehrenamtskarte.backend.auth.database.AdministratorEntity
 import app.ehrenamtskarte.backend.auth.database.Administrators
 import app.ehrenamtskarte.backend.auth.database.PasswordCrypto
@@ -45,6 +48,11 @@ object AdministratorsRepository {
             throw java.lang.IllegalArgumentException("Role ${role.db_value} cannot have a region assigned.")
         }
 
+        val passwordValidation = PasswordValidator.validatePassword(password)
+        if (passwordValidation != PasswordValidationResult.VALID) {
+            throw InvalidPasswordException(passwordValidation)
+        }
+
         AdministratorEntity.new {
             this.email = email
             this.projectId = projectId

diff --git a/backend/src/test/kotlin/app/ehrenamtskarte/backend/auth/PasswordValidatorTest.kt b/backend/src/test/kotlin/app/ehrenamtskarte/backend/auth/PasswordValidatorTest.kt
@@ -0,0 +1,52 @@
+package app.ehrenamtskarte.backend.auth
+
+import org.junit.Test
+import kotlin.test.assertEquals
+
+internal class PasswordValidatorTest {
+
+    @Test
+    fun invalidatesPasswordIfTooShort() {
+        val password = "a!Bcrf83592"
+        assertEquals(
+            PasswordValidator.validatePassword(password),
+            PasswordValidationResult.NOT_LONG_ENOUGH
+        )
+    }
+
+    @Test
+    fun invalidatesPasswordIfTooFewLowercaseChars() {
+        val password = "A!BCRF835921"
+        assertEquals(
+            PasswordValidator.validatePassword(password),
+            PasswordValidationResult.TOO_FEW_LOWERCASE_CHARS
+        )
+    }
+
+    @Test
+    fun invalidatesPasswordIfTooFewUppercaseChars() {
+        val password = "a!bcrf835921"
+        assertEquals(
+            PasswordValidator.validatePassword(password),
+            PasswordValidationResult.TOO_FEW_UPPERCASE_CHARS
+        )
+    }
+
+    @Test
+    fun invalidatesPasswordIfTooFewSpecialChars() {
+        val password = "a1Bcrf835921"
+        assertEquals(
+            PasswordValidator.validatePassword(password),
+            PasswordValidationResult.TOO_FEW_SPECIAL_CHARS
+        )
+    }
+
+    @Test
+    fun validatesPassword() {
+        val password = "a!Bcrf835921"
+        assertEquals(
+            PasswordValidator.validatePassword(password),
+            PasswordValidationResult.VALID
+        )
+    }
+}