apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

server: skip password policies check on empty password (#8370)

Browse Source 
This PR changes the password.policy.regex default value to empty. With an empty value for the configuration, it is skipped during the password policy check, only when the configuration is set to something different than a blank string, the regex will get checked.
This way, when creating a user on org.apache.cloudstack.ldap.LdapAuthenticator#authenticate() we won't get an error by default, as an empty value for the password is passed.
This commit is contained in:
João Jandre 2023-12-22 07:13:39 -03:00 committed by GitHub
parent d83d994929
commit 08749d8354
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/src/main/java/com/cloud/user/PasswordPolicyImpl.java
View File

@ -27,6 +27,12 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable {
private Logger logger = Logger.getLogger(PasswordPolicyImpl.class);
public void verifyIfPasswordCompliesWithPasswordPolicies(String password, String username, Long domainId) {
if (StringUtils.isEmpty(password)) {
logger.warn(String.format("User [%s] has an empty password, skipping password policy checks. " +
"If this is not a LDAP user, there is something wrong.", username));
return;
}
int numberOfSpecialCharactersInPassword = 0;
int numberOfUppercaseLettersInPassword = 0;
int numberOfLowercaseLettersInPassword = 0;
@ -188,12 +194,12 @@ public class PasswordPolicyImpl implements PasswordPolicy, Configurable {
logger.trace(String.format("Validating if the new password for user [%s] matches regex [%s] defined in the configuration [%s].",
username, passwordPolicyRegex, PasswordPolicyRegex.key()));
if (passwordPolicyRegex == null){
logger.trace(String.format("Regex is null; therefore, we will not validate if the new password matches with regex for user [%s].", username));
if (StringUtils.isEmpty(passwordPolicyRegex)) {
logger.trace(String.format("Regex is empty; therefore, we will not validate if the new password matches with regex for user [%s].", username));
return;
}
if (!password.matches(passwordPolicyRegex)){
if (!password.matches(passwordPolicyRegex)) {
logger.error(String.format("User [%s] informed a new password that does not match with regex [%s]. Refusing the user's new password.", username, passwordPolicyRegex));
throw new InvalidParameterValueException("User password does not match with password policy regex.");
}