Project

General

Profile

« Previous | Next » 

Revision 51772

changes in username and password checks

View differences:

modules/dnet-openaire-users/trunk/src/main/java/eu/dnetlib/openaire/usermanagement/RegisterServlet.java
69 69
        String confirmEmail = request.getParameter("email_conf").trim();
70 70
        String password = request.getParameter("password");
71 71
        String confirmPassword = request.getParameter("password_conf");
72

  
72 73
        String gRecaptchaResponse = request.getParameter("g-recaptcha-response");
73 74

  
75
        boolean isRecaptchaVerified = VerifyRecaptcha.verify(gRecaptchaResponse, secret);
74 76
        //System.out.println("RESPONSE " + gRecaptchaResponse);
75 77

  
76 78
        if (organization == null){
......
79 81

  
80 82
        if (firstName != null && lastName != null &&  username != null && email!= null &&
81 83
                email.equals(confirmEmail) && password!= null && password.equals(confirmPassword) &&
82
                !EmailValidator.getInstance().isValid(email) && isValidPassword(password) && VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {
83

  
84
                EmailValidator.getInstance().isValid(email) && isValidPassword(password) && isRecaptchaVerified) {
84 85
            try {
85 86

  
86
                 if (username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email)
87
                 if (username.matches("^[a-zA-Z0-9][a-zA-Z0-9\\.\\_\\-]{4,150}") && !ldapActions.usernameExists(username) && !ldapActions.emailExists(email)
87 88
                         && !ldapActions.isZombieUsersEmail(email) && !ldapActions.isZombieUsersUsername(username) && EmailValidator.getInstance().isValid(email)) {
88 89

  
89 90
                     ldapActions.createZombieUser(username, email, firstName, lastName, organization, password);
......
122 123

  
123 124
                 } else {
124 125

  
125
                     if(!username.matches("^[a-zA-Z0-9\\.\\_\\-]{4,150}")) {
126
                     validateUsername(request, username);
126 127

  
127
                         validateUsername(request, username);
128

  
129
                     }
130

  
131 128
                     if (ldapActions.usernameExists(username) || ldapActions.isZombieUsersUsername(username)) {
132 129
                        request.getSession().setAttribute("username_message", "Username already exists! Choose another one.");
133 130
                        logger.info("Username already exists");
134 131
                     }
135 132

  
133
                     if (!EmailValidator.getInstance().isValid(email)) {
134
                         request.getSession().setAttribute("email_message", "Please enter a valid email.");
135
                         logger.info("Invalid email.");
136
                     }
137

  
136 138
                     if (ldapActions.emailExists(email)) {
137 139
                         request.getSession().setAttribute("email_message", "There is another user with this email.");
138 140
                         logger.info("There is another user with this email");
139 141
                     }
140 142

  
141
                     if (!EmailValidator.getInstance().isValid(email)) {
142
                         request.getSession().setAttribute("email_message", "Please enter a valid email.");
143
                         logger.info("Invalid email.");
144
                     }
145

  
146 143
                     if (ldapActions.isZombieUsersEmail(email)) {
147 144
                         request.getSession().setAttribute("email_message", "You have already registered with this email address! Please check your email to activate your account or contact OpenAIRE <a href=\"https://www.openaire.eu/support/helpdesk\">helpdesk</a>.");
148 145
                         logger.info("There is another user with this email");
......
176 173
            } catch (MessagingException e) {
177 174
                logger.error("Error in sending email", e);
178 175
                request.getSession().setAttribute("message","Error sending email");
179
                response.sendRedirect(UrlConstructor.getRedirectUrl(request, "./remindUsername.jsp"));
176
                response.sendRedirect(UrlConstructor.getRedirectUrl(request, "./register.jsp"));
180 177
                //response.sendRedirect("./error.jsp");
181 178

  
182 179
                //TODO better handling of these exceprions
......
196 193
            request.getSession().setAttribute("email_conf", confirmEmail);
197 194

  
198 195
            if (firstName == null || firstName.isEmpty()) {
196
                logger.info("No first name");
199 197
                request.getSession().setAttribute("msg_first_name_error_display", "display:block" );
200 198
            }
201 199

  
202 200
            if (lastName == null || lastName.isEmpty()) {
201
                logger.info("No last name");
203 202
                request.getSession().setAttribute("msg_last_name_error_display", "display:block" );
204 203
            }
205 204

  
206 205
            if (username == null || username.isEmpty()) {
207 206
                request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");
208
                logger.info("Username does not exist.");
207
                logger.info("No username");
209 208

  
210 209
            } else {
211 210
                validateUsername(request, username);
212 211
            }
213 212

  
214 213
            if (password == null || password.isEmpty()) {
214
                logger.info("No valid password");
215 215
                request.getSession().setAttribute("msg_password_error_display", "display:block" );
216 216
            }
217 217

  
218 218
            if(!EmailValidator.getInstance().isValid(email)) {
219
                logger.info("No valid e-mail");
219 220
                request.getSession().setAttribute("msg_email_validation_error_display", "display:block");
220 221
            }
221 222

  
222 223
            if (!email.equals(confirmEmail)) {
224
                logger.info("No matching e-mails");
223 225
                request.getSession().setAttribute("msg_email_conf_error_display", "display:block" );
224 226
            }
225 227

  
228
            if(!isValidPassword(password)) {
229
                logger.info("No valid password");
230
                request.getSession().setAttribute("msg_invalid_password_display", "display:block");
231
            }
232

  
226 233
            if (!password.equals(confirmPassword)){
234
                logger.info("No matching passwords");
227 235
                request.getSession().setAttribute("msg_pass_conf_error_display", "display:block" );
228 236
            }
229 237

  
230
            if(!isValidPassword(password)) {
231
                request.getSession().setAttribute("msg_invalid_password_display", "display:block");
232
            }
233

  
234
            if (!VerifyRecaptcha.verify(gRecaptchaResponse, secret)) {
238
            if (!isRecaptchaVerified) {
239
                logger.info("No valid recaptcha");
235 240
                request.getSession().setAttribute("recaptcha_error_display", "display:block" );
236 241
            }
237 242

  
......
244 249
    }
245 250

  
246 251
    private void validateUsername(HttpServletRequest request, String username) {
247
        if (username.length() < 5) {
248
            request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");
249
            logger.info("Minimum username length 5 characters.");
250
        }
251 252

  
252
        if (username.length() > 150) {
253
            request.getSession().setAttribute("username_message", "Maximum username length 150 characters.");
254
            logger.info("Maximum username length 150 characters.");
255
        }
253
            if(!username.matches("^[a-zA-Z0-9][a-zA-Z0-9\\.\\_\\-]{4,150}")) {
256 254

  
257
        if (!username.matches("^[a-zA-Z0-9\\.\\_\\-]")) {
258
            request.getSession().setAttribute("username_allowed_chars_message", "You can use letters, numbers, underscores, hyphens and periods.");
259
            logger.info("Only letters, numbers, underscores, hyphens and periods.");
260
        }
255
                logger.info("No valid username");
256
                if (username.length() < 5) {
257
                    request.getSession().setAttribute("username_message", "Minimum username length 5 characters.");
258
                    logger.info("Minimum username length 5 characters.");
259
                }
261 260

  
262
        if (!username.matches("^[a-zA-Z0-9].*")) {
263
            request.getSession().setAttribute("username_first_char_message", "The username must start with letter or digit.");
264
            logger.info("The username must start with letter or digit.");
265
        }
261
                if (username.length() > 150) {
262
                    request.getSession().setAttribute("username_message", "Maximum username length 150 characters.");
263
                    logger.info("Maximum username length 150 characters.");
264
                }
265

  
266
                if (!username.matches("^[a-zA-Z0-9\\.\\_\\-]")) {
267
                    request.getSession().setAttribute("username_allowed_chars_message", "You can use letters, numbers, underscores, hyphens and periods.");
268
                    logger.info("Only letters, numbers, underscores, hyphens and periods.");
269
                }
270

  
271
                if (!username.matches("^[a-zA-Z0-9].*")) {
272
                    request.getSession().setAttribute("username_first_char_message", "The username must start with letter or digit.");
273
                    logger.info("The username must start with letter or digit.");
274
                }
275
            }
266 276
    }
267 277

  
268 278
    public static boolean isValidPassword(String password) {
......
271 281
            (?=.*[0-9])       # a digit must occur at least once
272 282
            (?=.*[a-z])       # a lower case letter must occur at least once
273 283
            (?=.*[A-Z])       # an upper case letter must occur at least once
274
            (?=.*[@#$%^&+=])  # a special character must occur at least once
284
            (?=.*[@#$%^&+=])  # a special character must occur at least once. This has been removed.
285
                              # Please add if special character is needed.
275 286
            (?=\S+$)          # no whitespace allowed in the entire string
276 287
            .{8,}             # anything, at least eight places though
277 288
            $                 # end-of-string
278 289
         */
279 290

  
280
        if (password.matches("^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[@#$%^&+=])(?=\\S+$).{6,}$")) {
291
        if (password.matches("^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=\\S+$).{6,}$")) {
281 292
            logger.info("Valid password!");
282 293
            return true;
283 294
        }
......
285 296
        logger.info("Not valid password!");
286 297
        return false;
287 298
    }
288

  
289

  
290

  
291 299
}
292 300

  
modules/uoa-user-management/trunk/src/main/java/eu/dnetlib/openaire/user/utils/VerifyRecaptcha.java
49 49
            wr.close();
50 50

  
51 51
            int responseCode = con.getResponseCode();
52
            System.out.println("\nSending 'POST' request to URL : " + url);
53
            System.out.println("Post parameters : " + postParams);
54
            System.out.println("Response Code : " + responseCode);
52
            logger.debug("\nSending 'POST' request to URL : " + url);
53
            logger.debug("Post parameters : " + postParams);
54
            logger.info("recaptcha response Code : " + responseCode);
55 55

  
56 56
            BufferedReader in = new BufferedReader(new InputStreamReader(
57 57
                    con.getInputStream()));
......
64 64
            in.close();
65 65

  
66 66
            // print result
67
            System.out.println(response.toString());
67
            logger.debug(response.toString());
68 68

  
69 69
            //parse JSON response and return 'success' value
70 70
            JsonReader jsonReader = Json.createReader(new StringReader(response.toString()));
......
74 74
            return jsonObject.getBoolean("success");
75 75

  
76 76
        } catch(Exception e){
77
            e.printStackTrace();
77
            logger.error("Error validating recaptcha");
78 78
            return false;
79 79
        }
80 80
    }

Also available in: Unified diff