From 1b3ff38ed7c8dc0b8f427afb63f03c80a02ef1e8 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Thu, 23 Sep 2021 18:08:30 +0200 Subject: [PATCH 1/8] update password check, allow every special char (everything what isn't a-z, A-Z or 0-9) --- login_server/src/LOCALE/de_DE.mo | Bin 2428 -> 2378 bytes login_server/src/LOCALE/de_DE.po | 13 ++++++------- .../cpp/SingletonManager/SessionManager.cpp | 8 ++++---- login_server/src/cpsp/UserUpdatePassword.cpsp | 2 +- 4 files changed, 11 insertions(+), 12 deletions(-) diff --git a/login_server/src/LOCALE/de_DE.mo b/login_server/src/LOCALE/de_DE.mo index bfee8efd3031828aef1a46b92818abdfce8812ef..6a1735b6aeff6403fe194c5790665ba6c8fec182 100644 GIT binary patch delta 340 zcmXZWu}T9$6ouh4uIpygC~L9_LNF37R8~oXgls7`A(gd=T3h%85^StQ#R)>%v^J3~ zdhf9o$+}J*wnk)QQ3iB?wlYNAEq^4Jl!qh^LuBg#9u5r6j(NGZ)L}PQ5(9{QrHaBUEZd+qSt#wD& zrY0L|ZHzvG)X@J#gB>{h-g6G`d!Fa~cmCq46G_@jNL75tEi_3f#BFTi83uTR>-dUg zETp8GkrvS5ygw>U;{mqt6pMI^1?=H2_Hh!+X>~M3(MmH2cd&vdID_YC2j61`AOGy( zHRmU6;1Q25cF}%(hjn~IAHQ$~J%-ufZ6vqSiY`sbu@T1EiXKd@Sh5w%CeQv>(nS1e zKFpXqw^^??nj5q8{-GE56Q0QpU3t+U+0HKei-8-2YvF2qoO&6_4Yx!~nZf@K->Lin Dswpwz diff --git a/login_server/src/LOCALE/de_DE.po b/login_server/src/LOCALE/de_DE.po index b4bca3098..2b97bd88c 100644 --- a/login_server/src/LOCALE/de_DE.po +++ b/login_server/src/LOCALE/de_DE.po @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2021-06-21 13:37+0200\n" -"PO-Revision-Date: 2021-06-21 13:38+0200\n" +"POT-Creation-Date: 2021-09-23 17:56+0200\n" +"PO-Revision-Date: 2021-09-23 17:59+0200\n" "Last-Translator: \n" "Language-Team: \n" "Language: de_DE\n" @@ -455,11 +455,10 @@ msgstr "Gradido: Passwort zurücksetzen" #: src/cpp/SingletonManager/SessionManager.cpp:604 msgid "" "Please enter a valid password with at least 8 characters, upper and lower " -"case letters, at least one number and one special character (@$!%*?&+-_)!" +"case letters, at least one number and one special character!" msgstr "" "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und " -"Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen (@$!%*?&+-_) " -"ein!" +"Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen ein!" #: src/cpp/SingletonManager/SessionManager.cpp:610 msgid "Your password is to short!" @@ -478,8 +477,8 @@ msgid "Your password does not contain any number!" msgstr "Dein Passwort enthält keine Zahlen!" #: src/cpp/SingletonManager/SessionManager.cpp:630 -msgid "Your password does not contain special characters (@$!%*?&+-)!" -msgstr "Dein Passwort enthält keine Sonderzeichen (@$!%*?&+-)!" +msgid "Your password does not contain special characters!" +msgstr "Dein Passwort enthält keine Sonderzeichen!" #~ msgid "Account" #~ msgstr "Konto" diff --git a/login_server/src/cpp/SingletonManager/SessionManager.cpp b/login_server/src/cpp/SingletonManager/SessionManager.cpp index d854c2a97..13f2a7dd4 100644 --- a/login_server/src/cpp/SingletonManager/SessionManager.cpp +++ b/login_server/src/cpp/SingletonManager/SessionManager.cpp @@ -46,7 +46,7 @@ bool SessionManager::init() case VALIDATE_NAME: mValidations[i] = new Poco::RegularExpression("^[^<>&;]{2,}$"); break; case VALIDATE_USERNAME: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z][a-zA-Z0-9_-]*$"); break; case VALIDATE_EMAIL: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z0-9.!#$%&?*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$"); break; - case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[@$!%*?&+-_])[A-Za-z0-9@$!%*?&+-_]{8,}$"); break; + case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]).{8,}$"); break; case VALIDATE_PASSPHRASE: mValidations[i] = new Poco::RegularExpression("^(?:[a-z]* ){23}[a-z]*\s*$"); break; case VALIDATE_GROUP_ALIAS: mValidations[i] = new Poco::RegularExpression("^[a-z0-9-]{3,120}"); break; case VALIDATE_HEDERA_ID: mValidations[i] = new Poco::RegularExpression("^[0-9]*\.[0-9]*\.[0-9]\.$"); break; @@ -56,7 +56,7 @@ bool SessionManager::init() case VALIDATE_ONLY_HEX: mValidations[i] = new Poco::RegularExpression("^(0x)?[a-fA-F0-9]*$"); break; //case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}$"); break; case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\/?"); break; - case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression(".*[@$!%*?&+-].*"); break; + case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression(".*[^a-zA-Z0-9].*"); break; case VALIDATE_HAS_UPPERCASE_LETTER: mValidations[i] = new Poco::RegularExpression(".*[A-Z].*"); ServerConfig::g_ServerKeySeed->put(i, DRRandom::r64()); @@ -601,7 +601,7 @@ bool SessionManager::checkPwdValidation(const std::string& pwd, NotificationList if (!isValid(pwd, VALIDATE_PASSWORD)) { errorReciver->addError(new Error( lang->gettext("Password"), - lang->gettext("Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character (@$!%*?&+-_)!"))); + lang->gettext("Please enter a valid password with at least 8 characters, upper and lower case letters, at least one number and one special character!"))); // @$!%*?&+- if (pwd.size() < 8) { @@ -627,7 +627,7 @@ bool SessionManager::checkPwdValidation(const std::string& pwd, NotificationList else if (!isValid(pwd, VALIDATE_HAS_SPECIAL_CHARACTER)) { errorReciver->addError(new Error( lang->gettext("Password"), - lang->gettext("Your password does not contain special characters (@$!%*?&+-)!"))); + lang->gettext("Your password does not contain special characters!"))); } return false; diff --git a/login_server/src/cpsp/UserUpdatePassword.cpsp b/login_server/src/cpsp/UserUpdatePassword.cpsp index 04d1e487e..260a29475 100644 --- a/login_server/src/cpsp/UserUpdatePassword.cpsp +++ b/login_server/src/cpsp/UserUpdatePassword.cpsp @@ -85,7 +85,7 @@ enum PageState {

Bitte denke dir ein sicheres Passwort aus, das mindestens 8 Zeichen lang ist, einen Klein- und einen Großbuchstaben enthält, - eine Zahl und eines der folgenden Sonderzeichen: @$!%*?&+- + eine Zahl und ein Sonderzeichen.

From decf4d5013ba55653e6e5337022d3e741a90b194 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 27 Sep 2021 12:24:19 +0200 Subject: [PATCH 2/8] implement at least one special char rule for password in frontend --- .../Inputs/InputPasswordConfirmation.vue | 1 + frontend/src/locales/de.json | 1 + frontend/src/locales/en.json | 1 + frontend/src/validation-rules.js | 7 +++++ frontend/src/views/Pages/Register.spec.js | 10 +++---- .../src/views/Pages/ResetPassword.spec.js | 6 ++-- .../UserCard_FormUserPasswort.spec.js | 29 ++++++++++++------- 7 files changed, 37 insertions(+), 18 deletions(-) diff --git a/frontend/src/components/Inputs/InputPasswordConfirmation.vue b/frontend/src/components/Inputs/InputPasswordConfirmation.vue index 19d4ab02e..d0dc81156 100644 --- a/frontend/src/components/Inputs/InputPasswordConfirmation.vue +++ b/frontend/src/components/Inputs/InputPasswordConfirmation.vue @@ -9,6 +9,7 @@ containsUppercaseCharacter: true, containsNumericCharacter: true, atLeastEightCharactera: true, + atLeastOneSpecialCharater: true, }" :label="register ? $t('form.password') : $t('form.password_new')" :showAllErrors="true" diff --git a/frontend/src/locales/de.json b/frontend/src/locales/de.json index 5db1c0a82..be418352e 100644 --- a/frontend/src/locales/de.json +++ b/frontend/src/locales/de.json @@ -168,6 +168,7 @@ "lowercase": "Ein Kleinbuchstabe erforderlich.", "minimum": "Mindestens 8 Zeichen.", "one_number": "Eine Zahl erforderlich.", + "special-char": "Ein Sonderzeichen required (z.B. _ oder ä)", "subtitle": "Werde Teil der Gemeinschaft!", "title": "Erstelle dein Gradido-Konto", "uppercase": "Ein Großbuchstabe erforderlich." diff --git a/frontend/src/locales/en.json b/frontend/src/locales/en.json index 9ca544440..b3148fe3f 100644 --- a/frontend/src/locales/en.json +++ b/frontend/src/locales/en.json @@ -168,6 +168,7 @@ "lowercase": "One lowercase letter required.", "minimum": "8 characters minimum.", "one_number": "One number required.", + "special-char": "One special character required (e.g. _ or ä)", "subtitle": "Become a part of the community!", "title": "Create your Gradido account", "uppercase": "One uppercase letter required." diff --git a/frontend/src/validation-rules.js b/frontend/src/validation-rules.js index da4e07b78..e836de56b 100644 --- a/frontend/src/validation-rules.js +++ b/frontend/src/validation-rules.js @@ -112,6 +112,13 @@ export const loadAllRules = (i18nCallback) => { message: (_, values) => i18nCallback.t('site.signup.minimum', values), }) + extend('atLeastOneSpecialCharater', { + validate(value) { + return !!value.match(/[^a-zA-Z0-9 \t\n]/) + }, + message: (_, values) => i18nCallback.t('site.signup.special-char', values), + }) + extend('samePassword', { validate(value, [pwd]) { return value === pwd diff --git a/frontend/src/views/Pages/Register.spec.js b/frontend/src/views/Pages/Register.spec.js index a0de965d5..2529b118d 100644 --- a/frontend/src/views/Pages/Register.spec.js +++ b/frontend/src/views/Pages/Register.spec.js @@ -131,8 +131,8 @@ describe('Register', () => { wrapper.find('#registerFirstname').setValue('Max') wrapper.find('#registerLastname').setValue('Mustermann') wrapper.find('#Email-input-field').setValue('max.mustermann@gradido.net') - wrapper.find('input[name="form.password"]').setValue('Aa123456') - wrapper.find('input[name="form.passwordRepeat"]').setValue('Aa123456') + wrapper.find('input[name="form.password"]').setValue('Aa123456_') + wrapper.find('input[name="form.passwordRepeat"]').setValue('Aa123456_') wrapper.find('.language-switch-select').findAll('option').at(1).setSelected() wrapper.find('input[name="site.signup.agree"]').setChecked(true) }) @@ -185,8 +185,8 @@ describe('Register', () => { wrapper.find('#registerFirstname').setValue('Max') wrapper.find('#registerLastname').setValue('Mustermann') wrapper.find('#Email-input-field').setValue('max.mustermann@gradido.net') - wrapper.find('input[name="form.password"]').setValue('Aa123456') - wrapper.find('input[name="form.passwordRepeat"]').setValue('Aa123456') + wrapper.find('input[name="form.password"]').setValue('Aa123456_') + wrapper.find('input[name="form.passwordRepeat"]').setValue('Aa123456_') wrapper.find('.language-switch-select').findAll('option').at(1).setSelected() }) @@ -233,7 +233,7 @@ describe('Register', () => { email: 'max.mustermann@gradido.net', firstName: 'Max', lastName: 'Mustermann', - password: 'Aa123456', + password: 'Aa123456_', language: 'de', }, }), diff --git a/frontend/src/views/Pages/ResetPassword.spec.js b/frontend/src/views/Pages/ResetPassword.spec.js index 9f3830a55..a28051502 100644 --- a/frontend/src/views/Pages/ResetPassword.spec.js +++ b/frontend/src/views/Pages/ResetPassword.spec.js @@ -138,8 +138,8 @@ describe('ResetPassword', () => { beforeEach(async () => { await wrapper.setData({ authenticated: true, sessionId: 1 }) await wrapper.vm.$nextTick() - await wrapper.findAll('input').at(0).setValue('Aa123456') - await wrapper.findAll('input').at(1).setValue('Aa123456') + await wrapper.findAll('input').at(0).setValue('Aa123456_') + await wrapper.findAll('input').at(1).setValue('Aa123456_') await flushPromises() await wrapper.find('form').trigger('submit') }) @@ -167,7 +167,7 @@ describe('ResetPassword', () => { variables: { sessionId: 1, email: 'user@example.org', - password: 'Aa123456', + password: 'Aa123456_', }, }), ) diff --git a/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js b/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js index fa4aceb0c..7e9703c02 100644 --- a/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js +++ b/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js @@ -105,12 +105,13 @@ describe('UserCard_FormUserPasswort', () => { describe('validation', () => { it('displays all password requirements', () => { const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') - expect(feedbackArray).toHaveLength(5) + expect(feedbackArray).toHaveLength(6) expect(feedbackArray.at(0).text()).toBe('validations.messages.required') expect(feedbackArray.at(1).text()).toBe('site.signup.lowercase') expect(feedbackArray.at(2).text()).toBe('site.signup.uppercase') expect(feedbackArray.at(3).text()).toBe('site.signup.one_number') expect(feedbackArray.at(4).text()).toBe('site.signup.minimum') + expect(feedbackArray.at(5).text()).toBe('site.signup.special-char') }) it('removes first message when a character is given', async () => { @@ -125,7 +126,7 @@ describe('UserCard_FormUserPasswort', () => { await wrapper.findAll('input').at(1).setValue('a') await flushPromises() const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') - expect(feedbackArray).toHaveLength(3) + expect(feedbackArray).toHaveLength(4) expect(feedbackArray.at(0).text()).toBe('site.signup.uppercase') }) @@ -133,7 +134,7 @@ describe('UserCard_FormUserPasswort', () => { await wrapper.findAll('input').at(1).setValue('Aa') await flushPromises() const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') - expect(feedbackArray).toHaveLength(2) + expect(feedbackArray).toHaveLength(3) expect(feedbackArray.at(0).text()).toBe('site.signup.one_number') }) @@ -141,14 +142,22 @@ describe('UserCard_FormUserPasswort', () => { await wrapper.findAll('input').at(1).setValue('Aa1') await flushPromises() const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') - expect(feedbackArray).toHaveLength(1) + expect(feedbackArray).toHaveLength(2) expect(feedbackArray.at(0).text()).toBe('site.signup.minimum') }) - it('removes all messages when all rules are fulfilled', async () => { + it('removes the first five messages when a eight lowercase, uppercase and numeric characters are given', async () => { await wrapper.findAll('input').at(1).setValue('Aa123456') await flushPromises() const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') + expect(feedbackArray).toHaveLength(1) + expect(feedbackArray.at(0).text()).toBe('site.signup.special-char') + }) + + it('removes all messages when a eight lowercase, uppercase and numeric characters are given', async () => { + await wrapper.findAll('input').at(1).setValue('Aa123456_') + await flushPromises() + const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') expect(feedbackArray).toHaveLength(0) }) }) @@ -164,8 +173,8 @@ describe('UserCard_FormUserPasswort', () => { }, }) await form.findAll('input').at(0).setValue('1234') - await form.findAll('input').at(1).setValue('Aa123456') - await form.findAll('input').at(2).setValue('Aa123456') + await form.findAll('input').at(1).setValue('Aa123456_') + await form.findAll('input').at(2).setValue('Aa123456_') await form.trigger('submit') await flushPromises() }) @@ -176,7 +185,7 @@ describe('UserCard_FormUserPasswort', () => { variables: { email: 'user@example.org', password: '1234', - passwordNew: 'Aa123456', + passwordNew: 'Aa123456_', }, }), ) @@ -197,8 +206,8 @@ describe('UserCard_FormUserPasswort', () => { message: 'error', }) await form.findAll('input').at(0).setValue('1234') - await form.findAll('input').at(1).setValue('Aa123456') - await form.findAll('input').at(2).setValue('Aa123456') + await form.findAll('input').at(1).setValue('Aa123456_') + await form.findAll('input').at(2).setValue('Aa123456_') await form.trigger('submit') await flushPromises() }) From 77b5f9939e8135379ac4623cb7531834d7dcf530 Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 27 Sep 2021 12:30:32 +0200 Subject: [PATCH 3/8] fix wrong German translation --- frontend/src/locales/de.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/locales/de.json b/frontend/src/locales/de.json index be418352e..c7a0946f5 100644 --- a/frontend/src/locales/de.json +++ b/frontend/src/locales/de.json @@ -168,7 +168,7 @@ "lowercase": "Ein Kleinbuchstabe erforderlich.", "minimum": "Mindestens 8 Zeichen.", "one_number": "Eine Zahl erforderlich.", - "special-char": "Ein Sonderzeichen required (z.B. _ oder ä)", + "special-char": "Ein Sonderzeichen erforderlich (z.B. _ oder ä)", "subtitle": "Werde Teil der Gemeinschaft!", "title": "Erstelle dein Gradido-Konto", "uppercase": "Ein Großbuchstabe erforderlich." From 8a7acbf3ce77aa80083df2e986069d7b7ecbd6e8 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Mon, 27 Sep 2021 13:09:01 +0200 Subject: [PATCH 4/8] remove unnecessary .* from regexp --- login_server/src/cpp/SingletonManager/SessionManager.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/login_server/src/cpp/SingletonManager/SessionManager.cpp b/login_server/src/cpp/SingletonManager/SessionManager.cpp index 13f2a7dd4..1966c6726 100644 --- a/login_server/src/cpp/SingletonManager/SessionManager.cpp +++ b/login_server/src/cpp/SingletonManager/SessionManager.cpp @@ -50,18 +50,18 @@ bool SessionManager::init() case VALIDATE_PASSPHRASE: mValidations[i] = new Poco::RegularExpression("^(?:[a-z]* ){23}[a-z]*\s*$"); break; case VALIDATE_GROUP_ALIAS: mValidations[i] = new Poco::RegularExpression("^[a-z0-9-]{3,120}"); break; case VALIDATE_HEDERA_ID: mValidations[i] = new Poco::RegularExpression("^[0-9]*\.[0-9]*\.[0-9]\.$"); break; - case VALIDATE_HAS_NUMBER: mValidations[i] = new Poco::RegularExpression(".*[0-9].*"); break; + case VALIDATE_HAS_NUMBER: mValidations[i] = new Poco::RegularExpression("[0-9]"); break; case VALIDATE_ONLY_INTEGER: mValidations[i] = new Poco::RegularExpression("^[0-9]*$"); break; case VALIDATE_ONLY_DECIMAL: mValidations[i] = new Poco::RegularExpression("^[0-9]*(\.|,)[0-9]*$"); break; case VALIDATE_ONLY_HEX: mValidations[i] = new Poco::RegularExpression("^(0x)?[a-fA-F0-9]*$"); break; //case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}$"); break; case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\/?"); break; - case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression(".*[^a-zA-Z0-9].*"); break; + case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression("[^a-zA-Z0-9]"); break; case VALIDATE_HAS_UPPERCASE_LETTER: - mValidations[i] = new Poco::RegularExpression(".*[A-Z].*"); + mValidations[i] = new Poco::RegularExpression("[A-Z]"); ServerConfig::g_ServerKeySeed->put(i, DRRandom::r64()); break; - case VALIDATE_HAS_LOWERCASE_LETTER: mValidations[i] = new Poco::RegularExpression(".*[a-z].*"); break; + case VALIDATE_HAS_LOWERCASE_LETTER: mValidations[i] = new Poco::RegularExpression("[a-z]"); break; default: printf("[SessionManager::%s] unknown validation type\n", __FUNCTION__); } } From 9ef5f1e8119aaaa12a95b780ca275a17dab32dcb Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Mon, 27 Sep 2021 13:30:18 +0200 Subject: [PATCH 5/8] exclude space, tab, newline from special chars --- login_server/src/cpp/SingletonManager/SessionManager.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/login_server/src/cpp/SingletonManager/SessionManager.cpp b/login_server/src/cpp/SingletonManager/SessionManager.cpp index 1966c6726..c4039b10d 100644 --- a/login_server/src/cpp/SingletonManager/SessionManager.cpp +++ b/login_server/src/cpp/SingletonManager/SessionManager.cpp @@ -46,7 +46,7 @@ bool SessionManager::init() case VALIDATE_NAME: mValidations[i] = new Poco::RegularExpression("^[^<>&;]{2,}$"); break; case VALIDATE_USERNAME: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z][a-zA-Z0-9_-]*$"); break; case VALIDATE_EMAIL: mValidations[i] = new Poco::RegularExpression("^[a-zA-Z0-9.!#$%&?*+/=?^_`{|}~-]+@[a-zA-Z0-9-]+(?:\.[a-zA-Z0-9-]+)*$"); break; - case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9]).{8,}$"); break; + case VALIDATE_PASSWORD: mValidations[i] = new Poco::RegularExpression("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[^a-zA-Z0-9 \\t\\n\\r]).{8,}$"); break; case VALIDATE_PASSPHRASE: mValidations[i] = new Poco::RegularExpression("^(?:[a-z]* ){23}[a-z]*\s*$"); break; case VALIDATE_GROUP_ALIAS: mValidations[i] = new Poco::RegularExpression("^[a-z0-9-]{3,120}"); break; case VALIDATE_HEDERA_ID: mValidations[i] = new Poco::RegularExpression("^[0-9]*\.[0-9]*\.[0-9]\.$"); break; @@ -56,7 +56,7 @@ bool SessionManager::init() case VALIDATE_ONLY_HEX: mValidations[i] = new Poco::RegularExpression("^(0x)?[a-fA-F0-9]*$"); break; //case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}$"); break; case VALIDATE_ONLY_URL: mValidations[i] = new Poco::RegularExpression("^https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\/?"); break; - case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression("[^a-zA-Z0-9]"); break; + case VALIDATE_HAS_SPECIAL_CHARACTER: mValidations[i] = new Poco::RegularExpression("[^a-zA-Z0-9 \\t\\n\\r]"); break; case VALIDATE_HAS_UPPERCASE_LETTER: mValidations[i] = new Poco::RegularExpression("[A-Z]"); ServerConfig::g_ServerKeySeed->put(i, DRRandom::r64()); From d53ef3fc28092d4367ed41d5c4bbd697292423a8 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Mon, 27 Sep 2021 13:31:56 +0200 Subject: [PATCH 6/8] entferne 'ein' --- login_server/src/LOCALE/de_DE.mo | Bin 2378 -> 2374 bytes login_server/src/LOCALE/de_DE.po | 4 ++-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/login_server/src/LOCALE/de_DE.mo b/login_server/src/LOCALE/de_DE.mo index 6a1735b6aeff6403fe194c5790665ba6c8fec182..d3d2c86e96c799c6ba3ded9274335f3dd4fac11d 100644 GIT binary patch delta 92 zcmX>lbWCW252I}t0|Ucqb_NDjAZ^CMz@Px6V}P_Ckgf&NDnNP-kk$p#7lE`kkp2&( grGT{d=1#^d%mbV_K052I}#0|Ucqb_NDjAZ^9Lz@Px66M(cHkZuIhDnNPzkk$p#SAn!PkY?s& lV2}dR`kOl$uQ0P4D;SzvnObg6VZFe_tdN?y*_cC^5dg{|51Ie~ diff --git a/login_server/src/LOCALE/de_DE.po b/login_server/src/LOCALE/de_DE.po index 2b97bd88c..b9eea0d59 100644 --- a/login_server/src/LOCALE/de_DE.po +++ b/login_server/src/LOCALE/de_DE.po @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2021-09-23 17:56+0200\n" -"PO-Revision-Date: 2021-09-23 17:59+0200\n" +"PO-Revision-Date: 2021-09-27 13:31+0200\n" "Last-Translator: \n" "Language-Team: \n" "Language: de_DE\n" @@ -458,7 +458,7 @@ msgid "" "case letters, at least one number and one special character!" msgstr "" "Bitte gebe ein gültiges Password ein mit mindestens 8 Zeichen, Groß- und " -"Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen ein!" +"Kleinbuchstaben, mindestens einer Zahl und einem Sonderzeichen!" #: src/cpp/SingletonManager/SessionManager.cpp:610 msgid "Your password is to short!" From 342649ae1e8094b3536814f09b7eac8ad31bdf9b Mon Sep 17 00:00:00 2001 From: Moriz Wahl Date: Mon, 27 Sep 2021 13:34:58 +0200 Subject: [PATCH 7/8] no white space rule in password --- .../src/components/Inputs/InputPasswordConfirmation.vue | 1 + frontend/src/locales/de.json | 1 + frontend/src/locales/en.json | 1 + frontend/src/validation-rules.js | 9 ++++++++- .../Pages/UserProfile/UserCard_FormUserPasswort.spec.js | 3 ++- 5 files changed, 13 insertions(+), 2 deletions(-) diff --git a/frontend/src/components/Inputs/InputPasswordConfirmation.vue b/frontend/src/components/Inputs/InputPasswordConfirmation.vue index d0dc81156..ecb3aa55a 100644 --- a/frontend/src/components/Inputs/InputPasswordConfirmation.vue +++ b/frontend/src/components/Inputs/InputPasswordConfirmation.vue @@ -10,6 +10,7 @@ containsNumericCharacter: true, atLeastEightCharactera: true, atLeastOneSpecialCharater: true, + noWhitespaceCharacters: true, }" :label="register ? $t('form.password') : $t('form.password_new')" :showAllErrors="true" diff --git a/frontend/src/locales/de.json b/frontend/src/locales/de.json index c7a0946f5..f998df196 100644 --- a/frontend/src/locales/de.json +++ b/frontend/src/locales/de.json @@ -167,6 +167,7 @@ "dont_match": "Die Passwörter stimmen nicht überein.", "lowercase": "Ein Kleinbuchstabe erforderlich.", "minimum": "Mindestens 8 Zeichen.", + "no-whitespace": "Keine Leerzeichen und Tabulatoren", "one_number": "Eine Zahl erforderlich.", "special-char": "Ein Sonderzeichen erforderlich (z.B. _ oder ä)", "subtitle": "Werde Teil der Gemeinschaft!", diff --git a/frontend/src/locales/en.json b/frontend/src/locales/en.json index b3148fe3f..e7eba4b93 100644 --- a/frontend/src/locales/en.json +++ b/frontend/src/locales/en.json @@ -167,6 +167,7 @@ "dont_match": "Passwords don't match.", "lowercase": "One lowercase letter required.", "minimum": "8 characters minimum.", + "no-whitespace": "No white spaces and tabs", "one_number": "One number required.", "special-char": "One special character required (e.g. _ or ä)", "subtitle": "Become a part of the community!", diff --git a/frontend/src/validation-rules.js b/frontend/src/validation-rules.js index e836de56b..9ea954a92 100644 --- a/frontend/src/validation-rules.js +++ b/frontend/src/validation-rules.js @@ -114,11 +114,18 @@ export const loadAllRules = (i18nCallback) => { extend('atLeastOneSpecialCharater', { validate(value) { - return !!value.match(/[^a-zA-Z0-9 \t\n]/) + return !!value.match(/[^a-zA-Z0-9]/) }, message: (_, values) => i18nCallback.t('site.signup.special-char', values), }) + extend('noWhitespaceCharacters', { + validate(value) { + return !!value.match(/[^ \t\n\r]/) + }, + message: (_, values) => i18nCallback.t('site.signup.no-whitespace', values), + }) + extend('samePassword', { validate(value, [pwd]) { return value === pwd diff --git a/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js b/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js index 7e9703c02..a1fa1dd3f 100644 --- a/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js +++ b/frontend/src/views/Pages/UserProfile/UserCard_FormUserPasswort.spec.js @@ -105,13 +105,14 @@ describe('UserCard_FormUserPasswort', () => { describe('validation', () => { it('displays all password requirements', () => { const feedbackArray = wrapper.findAll('div.invalid-feedback').at(1).findAll('span') - expect(feedbackArray).toHaveLength(6) + expect(feedbackArray).toHaveLength(7) expect(feedbackArray.at(0).text()).toBe('validations.messages.required') expect(feedbackArray.at(1).text()).toBe('site.signup.lowercase') expect(feedbackArray.at(2).text()).toBe('site.signup.uppercase') expect(feedbackArray.at(3).text()).toBe('site.signup.one_number') expect(feedbackArray.at(4).text()).toBe('site.signup.minimum') expect(feedbackArray.at(5).text()).toBe('site.signup.special-char') + expect(feedbackArray.at(6).text()).toBe('site.signup.no-whitespace') }) it('removes first message when a character is given', async () => { From 5afe8fe741da375e47b4a9bda5d27eb5f15066a0 Mon Sep 17 00:00:00 2001 From: einhornimmond Date: Mon, 27 Sep 2021 13:35:39 +0200 Subject: [PATCH 8/8] add \r to js regexp --- frontend/src/validation-rules.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frontend/src/validation-rules.js b/frontend/src/validation-rules.js index e836de56b..a1c9a46c7 100644 --- a/frontend/src/validation-rules.js +++ b/frontend/src/validation-rules.js @@ -114,7 +114,7 @@ export const loadAllRules = (i18nCallback) => { extend('atLeastOneSpecialCharater', { validate(value) { - return !!value.match(/[^a-zA-Z0-9 \t\n]/) + return !!value.match(/[^a-zA-Z0-9 \t\n\r]/) }, message: (_, values) => i18nCallback.t('site.signup.special-char', values), })