#157 add UserService and move logic to check and save user passwords …

…to that service
HBTGmbH · Jul 18, 2022 · 0c60f5b · 0c60f5b
1 parent cfc64f2
commit 0c60f5b
Show file tree

Hide file tree

Showing 6 changed files with 129 additions and 12 deletions.
diff --git a/src/main/java/org/tb/user/ShowSettingsAction.java b/src/main/java/org/tb/user/ShowSettingsAction.java
@@ -20,6 +20,7 @@ public class ShowSettingsAction extends LoginRequiredAction<ShowSettingsForm> {
 
     private final EmployeeDAO employeeDAO;
     private final UserAccessTokenService userAccessTokenService;
+    private final UserService userService;
 
     @Override
     protected ActionForward executeAuthenticated(ActionMapping mapping,
@@ -39,14 +40,15 @@ protected ActionForward executeAuthenticated(ActionMapping mapping,
             Employee loginEmployee = (Employee) request.getSession().getAttribute("loginEmployee");
 
             // set new password and save
-            Employee em = employeeDAO.getEmployeeById(loginEmployee.getId());
-            em.changePassword(settingsForm.getNewpassword());
-            loginEmployee.changePassword(settingsForm.getNewpassword());
-            employeeDAO.save(em);
-
-
-            request.setAttribute("passwordchanged", true);
-            return mapping.findForward("success");
+            if(userService.changePassword(loginEmployee.getId(), settingsForm.getNewpassword())) {
+                request.setAttribute("passwordchanged", true);
+                return mapping.findForward("success");
+            } else {
+                ActionMessages messages = new ActionMessages();
+                messages.add("newpassword", new ActionMessage("form.settings.error.newpassword.violates.rules"));
+                saveErrors(request, messages);
+                return mapping.getInputForward();
+            }
         } else {
             // task == null -> standard procedure
             return mapping.findForward("success");
@@ -88,7 +90,6 @@ private ActionMessages validatePassword(HttpServletRequest request,
             errors.add("confirmpassword", new ActionMessage("form.settings.error.confirmpassword.false"));
         }
 
-
         saveErrors(request, errors);
         return errors;
     }

diff --git a/src/main/java/org/tb/user/UserService.java b/src/main/java/org/tb/user/UserService.java
@@ -0,0 +1,39 @@
+package org.tb.user;
+
+import lombok.RequiredArgsConstructor;
+import org.passay.*;
+import org.springframework.stereotype.Service;
+import org.tb.common.GlobalConstants;
+import org.tb.employee.domain.Employee;
+import org.tb.employee.persistence.EmployeeDAO;
+
+import static org.tb.common.GlobalConstants.EMPLOYEE_PASSWORD_MAX_LENGTH;
+import static org.tb.common.GlobalConstants.EMPLOYEE_PASSWORD_MIN_LENGTH;
+
+@Service
+@RequiredArgsConstructor
+public class UserService {
+
+    private final EmployeeDAO employeeDAO;
+
+    public boolean changePassword(long employeeId, String newPassword) {
+        var characterRule = new CharacterCharacteristicsRule();
+        characterRule.setNumberOfCharacteristics(3);
+        characterRule.getRules().add(new CharacterRule(GermanCharacterData.UpperCase, 1));
+        characterRule.getRules().add(new CharacterRule(GermanCharacterData.LowerCase, 1));
+        characterRule.getRules().add(new CharacterRule(EnglishCharacterData.Digit, 1));
+        characterRule.getRules().add(new CharacterRule(EnglishCharacterData.Special, 1));
+        PasswordValidator validator = new PasswordValidator(
+                new LengthRule(EMPLOYEE_PASSWORD_MIN_LENGTH, EMPLOYEE_PASSWORD_MAX_LENGTH),
+                characterRule
+        );
+        var valid = validator.validate(new PasswordData(newPassword)).isValid();
+        if(valid) {
+            var employee = employeeDAO.getEmployeeById(employeeId);
+            employee.changePassword(newPassword);
+            employeeDAO.save(employee);
+        }
+        return valid;
+    }
+
+}
diff --git a/src/main/resources/org/tb/web/MessageResources_de.properties b/src/main/resources/org/tb/web/MessageResources_de.properties
@@ -163,6 +163,7 @@ form.employee.error.delete.isloginemployee=Der eingeloggte Mitarbeiter kann sich
 form.settings.error.oldpassword.false=Falsches Password!
 form.settings.error.newpassword.tooshort=Neues Passwort ist zu kurz!
 form.settings.error.newpassword.toolong=Neues Passwort ist zu lang!
+form.settings.error.newpassword.violates.rules=Neues Passwort versößt gegen Passwortregeln!
 form.settings.error.confirmpassword.missing=Bestätigung des neuen Passwortes fehlt!
 form.settings.error.confirmpassword.false=Passwörter stimmen nicht überein!
 
@@ -198,7 +199,6 @@ main.settings.password.confirm.text=Neues Passwort best
 main.settings.password.change.succesful.text=Passwort wurde geändert.
 main.settings.rule.text=Kennwortrichtlinie
 main.settings.rule1.text=* Kennwort enthält mindestens 6 Zeichen;
-main.settings.rule2.text=* Kennwort ist nicht mit einem der letzten 3 Kennwörter identisch;
 main.settings.rule3.text=* Der Benutzername bzw. vollständige Name ist nicht enthalten;
 main.settings.rule4.text=* Kennwort enthält mindestens drei der folgenden vier Zeichengruppen:
 main.settings.rule41.text= * Großbuchstaben (A bis Z, ohne Umlaute);

diff --git a/src/main/resources/org/tb/web/MessageResources_en.properties b/src/main/resources/org/tb/web/MessageResources_en.properties
@@ -162,6 +162,7 @@ form.employee.error.delete.isloginemployee=The employee who is logged in cannot
 form.settings.error.oldpassword.false=Wrong password!
 form.settings.error.newpassword.tooshort=New password is too short!
 form.settings.error.newpassword.toolong=New password is too long!
+form.settings.error.newpassword.violates.rules=New password violates password rules!
 form.settings.error.confirmpassword.missing=Please confirm new password!
 form.settings.error.confirmpassword.false=Passwords do not match!
 
@@ -197,7 +198,6 @@ main.settings.password.confirm.text=Confirm new password
 main.settings.password.change.succesful.text=Password has been changed.
 main.settings.rule.text=Password policy
 main.settings.rule1.text=* Password contains at least 6 characters;
-main.settings.rule2.text=* Password is not identical to the last 3 chosen;
 main.settings.rule3.text=* The password must not contain name or username;
 main.settings.rule4.text=* Password contains at least 3 of the 4 following rules;
 main.settings.rule41.text= * Upper case (A to Z, without umlaute);

diff --git a/src/main/webapp/user/showSettings.jsp b/src/main/webapp/user/showSettings.jsp
@@ -38,7 +38,6 @@
 				style="font-size:10pt;font-weight:bold;"><bean:message
 				key="main.settings.rule.text" /></span><br>
 			<bean:message key="main.settings.rule1.text" /><br>
-			<bean:message key="main.settings.rule2.text" /><br>
 			<bean:message key="main.settings.rule3.text" /><br>
 			<bean:message key="main.settings.rule4.text" /><br>
 			&nbsp;&nbsp;<bean:message key="main.settings.rule41.text" /><br>

diff --git a/src/test/java/org/tb/user/UserServiceTest.java b/src/test/java/org/tb/user/UserServiceTest.java
@@ -0,0 +1,78 @@
+package org.tb.user;
+
+import org.junit.jupiter.api.DisplayNameGeneration;
+import org.junit.jupiter.api.DisplayNameGenerator;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.tb.employee.domain.Employee;
+import org.tb.employee.persistence.EmployeeDAO;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.Mockito.when;
+
+@ExtendWith({SpringExtension.class})
+@DisplayNameGeneration(DisplayNameGenerator.ReplaceUnderscores.class)
+class UserServiceTest {
+
+    @Mock
+    private EmployeeDAO employeeDAO;
+
+    @Test
+    public void should_accept_quality_password_1() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "abc123ABC");
+        assertThat(valid).isTrue();
+    }
+
+    @Test
+    public void should_accept_quality_password_2() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "abcABC%");
+        assertThat(valid).isTrue();
+    }
+
+    @Test
+    public void should_accept_quality_password_3() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "123ABC$");
+        assertThat(valid).isTrue();
+    }
+
+    @Test
+    public void should_reject_too_short_password() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "12BC$");
+        assertThat(valid).isFalse();
+    }
+
+    @Test
+    public void should_reject_insufficient_password_1() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "1234ABC");
+        assertThat(valid).isFalse();
+    }
+
+    @Test
+    public void should_reject_insufficient_password_2() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "1234abc");
+        assertThat(valid).isFalse();
+    }
+
+    @Test
+    public void should_reject_insufficient_password_3() {
+        Employee testEmployee = new Employee();
+        when(employeeDAO.getEmployeeById(1)).thenReturn(testEmployee);
+        var valid = new UserService(employeeDAO).changePassword(1, "12$%&/()");
+        assertThat(valid).isFalse();
+    }
+
+}