Repository: usergrid Updated Branches: refs/heads/hotfix-20170728 [created] b3bf7ed0d
HTML encoding fixes Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/b3bf7ed0 Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/b3bf7ed0 Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/b3bf7ed0 Branch: refs/heads/hotfix-20170728 Commit: b3bf7ed0d12c33ad007604695c070e914e3aa143 Parents: 436cb80 Author: Mike Dunker <mdun...@google.com> Authored: Wed Jul 26 15:13:32 2017 -0700 Committer: Mike Dunker <mdun...@google.com> Committed: Wed Jul 26 15:13:32 2017 -0700 ---------------------------------------------------------------------- .../rest/management/users/UserResource.java | 9 ++ .../apache/usergrid/rest/TestResource/error.jsp | 4 +- .../apache/usergrid/rest/TestResource/test.jsp | 4 +- .../ApplicationResource/authorize_form.jsp | 14 +- .../applications/ApplicationResource/error.jsp | 4 +- .../users/UserResource/activate.jsp | 4 +- .../applications/users/UserResource/confirm.jsp | 4 +- .../applications/users/UserResource/error.jsp | 4 +- .../users/UserResource/resetpw_email_form.jsp | 10 +- .../UserResource/resetpw_email_success.jsp | 4 +- .../users/UserResource/resetpw_set_form.jsp | 8 +- .../users/UserResource/resetpw_set_success.jsp | 4 +- .../applications/users/UsersResource/error.jsp | 4 +- .../users/UsersResource/resetpw_email_form.jsp | 8 +- .../UsersResource/resetpw_email_success.jsp | 4 +- .../ManagementResource/authorize_form.jsp | 14 +- .../management/ManagementResource/error.jsp | 4 +- .../OrganizationResource/activate.jsp | 4 +- .../OrganizationResource/confirm.jsp | 4 +- .../OrganizationResource/error.jsp | 4 +- .../management/users/UserResource/activate.jsp | 4 +- .../management/users/UserResource/confirm.jsp | 4 +- .../management/users/UserResource/error.jsp | 4 +- .../users/UserResource/resetpw_email_form.jsp | 8 +- .../UserResource/resetpw_email_success.jsp | 4 +- .../users/UserResource/resetpw_set_form.jsp | 8 +- .../users/UserResource/resetpw_set_success.jsp | 4 +- .../management/users/UsersResource/error.jsp | 4 +- .../users/UsersResource/resetpw_email_form.jsp | 6 +- .../UsersResource/resetpw_email_success.jsp | 4 +- .../usergrid/management/ManagementService.java | 10 +- .../cassandra/ManagementServiceImpl.java | 14 ++ .../usergrid/security/PasswordPolicy.java | 53 +++++++ .../usergrid/security/PasswordPolicyFig.java | 79 ++++++++++ .../usergrid/security/PasswordPolicyImpl.java | 156 +++++++++++++++++++ .../services/guice/ServiceModuleImpl.java | 7 + 36 files changed, 403 insertions(+), 85 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java index 95f607b..cac5f2b 100644 --- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java +++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java @@ -43,6 +43,7 @@ import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriInfo; +import java.util.Collection; import java.util.Map; import java.util.UUID; @@ -297,6 +298,14 @@ public class UserResource extends AbstractContextResource { if ( ( password1 != null ) || ( password2 != null ) ) { if ( management.checkPasswordResetTokenForAdminUser( user.getUuid(), tokenInfo ) ) { if ( ( password1 != null ) && password1.equals( password2 ) ) { + // validate password + Collection<String> violations = management.passwordPolicyCheck(password1, true); + if (violations.size() > 0) { + // password not valid + errorMsg = management.getPasswordDescription(true); + return handleViewable( "resetpw_set_form", this, organizationId ); + } + management.setAdminUserPassword( user.getUuid(), password1 ); management.revokeAccessTokenForAdminUser( user.getUuid(), token ); loginEndpoint = properties.getProperty("usergrid.viewable.loginEndpoint"); http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp index 83a6ad1..5dd8ebc 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/TestResource/test.jsp @@ -24,6 +24,6 @@ limitations under the License. <link rel="stylesheet" type="text/css" href="/css/styles.css" /> </head> <body> -<h1>${it.foo}</h1> +<h1>${fn:escapeXml(it.foo)}</h1> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp index 6b1b8b2..1ee5e31 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/authorize_form.jsp @@ -28,13 +28,13 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="response_type" value="${it.responseType}"> - <input type="hidden" name="client_id" value="${it.clientId}"> - <input type="hidden" name="redirect_uri" value="${it.redirectUri}"> - <input type="hidden" name="scope" value="${it.scope}"> - <input type="hidden" name="state" value="${it.state}"> + <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}"> + <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}"> + <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}"> + <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}"> + <input type="hidden" name="state" value="${fn:escapeXml(it.state)}"> <fieldset> <p> <label for="username">Username</label> @@ -56,4 +56,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/ApplicationResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp index dfcf3b7..20e69b8 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p> + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp index 02e9ee3..d7f3acc 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed. + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you account has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp index 0f53bfc..9d920e5 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_form.jsp @@ -26,17 +26,17 @@ limitations under the License. </head> <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> Enter the captcha to have your password reset instructions sent to - <c:out value="${it.user.email}" /> + <c:out value="${it.user.email}" escapeXml="true" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <input type="submit" value="submit" /> </p> @@ -44,4 +44,4 @@ limitations under the License. </form> </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp index a83d80d..60384c4 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_form.jsp @@ -30,12 +30,12 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="token" value="${it.token}"> + <input type="hidden" name="token" value="${fn:escapeXml(it.token)}"> <fieldset> <p> - <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label> + <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label> </p> <p> <input class="text_field" id="password1" name="password1" type="password" /> @@ -54,4 +54,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp index 9de90ba..3915084 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UserResource/resetpw_set_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>New password set for <c:out value="${it.user.email}"/></p> + <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp index 3211a3a..d60eae6 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_form.jsp @@ -27,8 +27,8 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> @@ -41,7 +41,7 @@ limitations under the License. <input class="text_field" id="email" name="email" type="text" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <button type="submit">Submit</button> </p> @@ -50,4 +50,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/applications/users/UsersResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp index 6b1b8b2..1ee5e31 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/authorize_form.jsp @@ -28,13 +28,13 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="response_type" value="${it.responseType}"> - <input type="hidden" name="client_id" value="${it.clientId}"> - <input type="hidden" name="redirect_uri" value="${it.redirectUri}"> - <input type="hidden" name="scope" value="${it.scope}"> - <input type="hidden" name="state" value="${it.state}"> + <input type="hidden" name="response_type" value="${fn:escapeXml(it.responseType)}"> + <input type="hidden" name="client_id" value="${fn:escapeXml(it.clientId)}"> + <input type="hidden" name="redirect_uri" value="${fn:escapeXml(it.redirectUri)}"> + <input type="hidden" name="scope" value="${fn:escapeXml(it.scope)}"> + <input type="hidden" name="state" value="${fn:escapeXml(it.state)}"> <fieldset> <p> <label for="username">Username</label> @@ -56,4 +56,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/ManagementResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp index 85114cd..f5fa14d 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your organization <c:out value="${it.organization.name}"/> has been successfully activated.</p> + <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp index f4307b7..5fb41c7 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your organization <c:out value="${it.organization.name}"/> has been successfully confirmed. + <p>Your organization <c:out value="${it.organization.name}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you organization has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/organizations/OrganizationResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp index dfcf3b7..20e69b8 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/activate.jsp @@ -26,7 +26,7 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully activated.</p> + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully activated.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp index 02e9ee3..d7f3acc 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/confirm.jsp @@ -26,8 +26,8 @@ limitations under the License. </head> <body> - <p>Your account with email address <c:out value="${it.user.email}"/> has been successfully confirmed. + <p>Your account with email address <c:out value="${it.user.email}" escapeXml="true"/> has been successfully confirmed. You will received an email soon to let you know when you account has been activated</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp index 3e56cd1..6b0b48f 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_form.jsp @@ -26,17 +26,17 @@ limitations under the License. </head> <body> <div class="dialog-area password-reset-form"> - <c:if test="${!empty it.errorMsg}"> - <div class="dialog-form-message">${it.errorMsg}</div> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"> + <div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div> </c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> Enter the captcha to have your password reset instructions sent to - <c:out value="${it.user.email}" /> + <c:out value="${it.user.email}" escapeXml="true" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <input type="submit" value="submit" /> </p> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp index a83d80d..60384c4 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_form.jsp @@ -30,12 +30,12 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> - <input type="hidden" name="token" value="${it.token}"> + <input type="hidden" name="token" value="${fn:escapeXml(it.token)}"> <fieldset> <p> - <label for="password1">Please enter your new password for <c:out value="${it.user.email}"/>.</label> + <label for="password1">Please enter your new password for <c:out value="${it.user.email}" escapeXml="true"/>.</label> </p> <p> <input class="text_field" id="password1" name="password1" type="password" /> @@ -54,4 +54,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp index 9de90ba..3915084 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UserResource/resetpw_set_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>New password set for <c:out value="${it.user.email}"/></p> + <p>New password set for <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp index be184b1..d02ad40 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/error.jsp @@ -27,7 +27,7 @@ limitations under the License. </head> <body> - <p>An error occurred <c:out value="${it}"/>.</p> + <p>An error occurred <c:out value="${it}" escapeXml="true"/>.</p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp index 8643016..8b15cd4 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_form.jsp @@ -27,7 +27,7 @@ limitations under the License. <body> <div class="dialog-area"> - <c:if test="${!empty it.errorMsg}"><div class="dialog-form-message">${it.errorMsg}</div></c:if> + <c:if test="${!empty fn:escnapeXml(it.errorMsg)}"><div class="dialog-form-message">${fn:escapeXml(it.errorMsg)}</div></c:if> <form class="dialog-form" action="" method="post"> <fieldset> <p> @@ -38,7 +38,7 @@ limitations under the License. <input class="text_field" id="email" name="email" type="text" /> </p> <p id="human-proof"></p> - ${it.reCaptchaHtml} + ${fn:escapeXml(it.reCaptchaHtml)} <p class="buttons"> <button type="submit">Submit</button> </p> @@ -47,4 +47,4 @@ limitations under the License. </div> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp ---------------------------------------------------------------------- diff --git a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp index 23f8508..41c5176 100644 --- a/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp +++ b/stack/rest/src/main/webapp/WEB-INF/jsp/org/apache/usergrid/rest/management/users/UsersResource/resetpw_email_success.jsp @@ -29,7 +29,7 @@ limitations under the License. </head> <body> - <p>Email with instructions for password reset sent to <c:out value="${it.user.email}"/></p> + <p>Email with instructions for password reset sent to <c:out value="${it.user.email}" escapeXml="true"/></p> </body> -</html> \ No newline at end of file +</html> http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java index 2b88b07..df42d6a 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/ManagementService.java @@ -17,11 +17,7 @@ package org.apache.usergrid.management; -import java.util.List; -import java.util.Map; -import java.util.Properties; -import java.util.Set; -import java.util.UUID; +import java.util.*; import org.apache.usergrid.persistence.CredentialsInfo; import org.apache.usergrid.persistence.Entity; @@ -372,6 +368,10 @@ public interface ManagementService { Observable<Id> deleteAllEntities(final UUID applicationId,final int limit); + Collection<String> passwordPolicyCheck(String password, boolean isAdminUser); + + String getPasswordDescription(boolean isAdminUser); + // DO NOT REMOVE BELOW METHODS, THEY ARE HERE TO ALLOW EXTERNAL CLASSES TO OVERRIDE AND HOOK INTO POST PROCESSING void createOrganizationPostProcessing( final OrganizationInfo orgInfo, http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java index 876cd5b..2d60441 100644 --- a/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/management/cassandra/ManagementServiceImpl.java @@ -54,6 +54,7 @@ import org.apache.usergrid.persistence.model.entity.Id; import org.apache.usergrid.persistence.model.entity.SimpleId; import org.apache.usergrid.security.AuthPrincipalInfo; import org.apache.usergrid.security.AuthPrincipalType; +import org.apache.usergrid.security.PasswordPolicy; import org.apache.usergrid.security.crypto.EncryptionService; import org.apache.usergrid.security.oauth.AccessInfo; import org.apache.usergrid.security.oauth.ClientCredentialsInfo; @@ -172,6 +173,8 @@ public class ManagementServiceImpl implements ManagementService { protected LocalShiroCache localShiroCache; + protected PasswordPolicy passwordPolicy; + private LoadingCache<UUID, OrganizationConfig> orgConfigByAppCache = CacheBuilder.newBuilder().maximumSize( 1000 ) .expireAfterWrite( Long.valueOf( System.getProperty(ORG_CONFIG_CACHE_PROP, "30000") ) , TimeUnit.MILLISECONDS) @@ -215,6 +218,7 @@ public class ManagementServiceImpl implements ManagementService { this.service = injector.getInstance(ApplicationService.class); this.localShiroCache = injector.getInstance(LocalShiroCache.class); + this.passwordPolicy = injector.getInstance(PasswordPolicy.class); } @Autowired @@ -3497,6 +3501,16 @@ public class ManagementServiceImpl implements ManagementService { } @Override + public Collection<String> passwordPolicyCheck(String password, boolean isAdminUser) { + return passwordPolicy.policyCheck(password, isAdminUser); + } + + @Override + public String getPasswordDescription(boolean isAdminUser) { + return passwordPolicy.getDescription(isAdminUser); + } + + @Override public void createOrganizationPostProcessing( final OrganizationInfo orgInfo, final Map<String,String> properties ){ // do nothing, this is a hook for any classes extending the ManagementServiceInterface http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java new file mode 100644 index 0000000..cc29b20 --- /dev/null +++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicy.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.usergrid.security; + + +import java.util.Collection; + + +/** + * Interface to password policy. + */ +public interface PasswordPolicy { + + String ERROR_POLICY_VIOLIATION = "error_password_policy_violation"; + + String ERROR_UPPERCASE_POLICY = "error_uppercase_policy"; + + String ERROR_DIGITS_POLICY = "error_digits_policy"; + + String ERROR_SPECIAL_CHARS_POLICY = "error_special_chars_policy"; + + String ERROR_LENGTH_POLICY = "error_length_policy"; + + + /** + * Check to see if password conforms to policy. + * + * @param password Password to check. + * @return Collection of error strings, one for each policy violated or empty if password conforms. + */ + Collection<String> policyCheck( String password, boolean isAdminUser ); + + + /** + * Get description of password policy for error messages. + */ + String getDescription( boolean isAdminUser ); +} http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java new file mode 100644 index 0000000..e93f8e4 --- /dev/null +++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyFig.java @@ -0,0 +1,79 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.usergrid.security; + +import org.safehaus.guicyfig.Default; +import org.safehaus.guicyfig.FigSingleton; +import org.safehaus.guicyfig.GuicyFig; +import org.safehaus.guicyfig.Key; + + +@FigSingleton +public interface PasswordPolicyFig extends GuicyFig { + + String ALLOWED_SPECIAL_CHARS = "usergrid.password-policy.allowed-special-chars"; + + String MIN_UPPERCASE_ADMIN = "usergrid.password-policy.min-uppercase-admin"; + String MIN_UPPERCASE = "usergrid.password-policy.min-uppercase"; + + String MIN_DIGITS_ADMIN = "usergrid.password-policy.min-digits-admin"; + String MIN_DIGITS = "usergrid.password-policy.min-digits"; + + String MIN_SPECIAL_CHARS_ADMIN = "usergrid.password-policy.min-special-chars-admin"; + String MIN_SPECIAL_CHARS = "usergrid.password-policy.min-special-chars"; + + String MIN_LENGTH_ADMIN = "usergrid.password-policy.min-length-admin"; + String MIN_LENGTH = "usergrid.password-policy.min-length"; + + + @Key(MIN_UPPERCASE_ADMIN) + @Default("0") + int getMinUppercaseAdmin(); + + @Key(MIN_UPPERCASE) + @Default("0") + int getMinUppercase(); + + @Key(MIN_DIGITS_ADMIN) + @Default("0") + int getMinDigitsAdmin(); + + @Key(MIN_DIGITS) + @Default("0") + int getMinDigits(); + + @Key(MIN_SPECIAL_CHARS_ADMIN) + @Default("0") + int getMinSpecialCharsAdmin(); + + @Key(MIN_SPECIAL_CHARS) + @Default("0") + int getMinSpecialChars(); + + @Key(MIN_LENGTH_ADMIN) + @Default("4") + int getMinLengthAdmin(); + + @Key(MIN_LENGTH) + @Default("4") + int getMinLength(); + + @Key(ALLOWED_SPECIAL_CHARS) + @Default("`~!@#$%^&*()-_=+[{]}\\|;:'\",<.>/?") + String getAllowedSpecialChars(); +} http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java new file mode 100644 index 0000000..500592a --- /dev/null +++ b/stack/services/src/main/java/org/apache/usergrid/security/PasswordPolicyImpl.java @@ -0,0 +1,156 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.usergrid.security; + +import com.google.inject.Inject; +import org.apache.commons.lang3.StringUtils; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; + + +public class PasswordPolicyImpl implements PasswordPolicy { + + private final PasswordPolicyFig passwordPolicyFig; + + + @Inject + PasswordPolicyImpl( PasswordPolicyFig passwordPolicyFig ) { + this.passwordPolicyFig = passwordPolicyFig; + } + + + @Override + public String getDescription( boolean isAdminUser ) { + + final int minLength; + final int minUppercase; + final int minDigits; + final int minSpecialChars; + + if ( isAdminUser ) { + minLength = passwordPolicyFig.getMinLengthAdmin(); + minUppercase = passwordPolicyFig.getMinUppercaseAdmin(); + minDigits = passwordPolicyFig.getMinDigitsAdmin(); + minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin(); + } else { + minLength = passwordPolicyFig.getMinLength(); + minUppercase = passwordPolicyFig.getMinUppercase(); + minDigits = passwordPolicyFig.getMinDigits(); + minSpecialChars = passwordPolicyFig.getMinSpecialChars(); + } + + StringBuilder sb = new StringBuilder(); + sb.append( "Password must be at least " ).append( minLength ).append(" characters. "); + if ( minUppercase > 0 ) { + sb.append( "Must include " ).append( minUppercase ).append(" uppercase characters. "); + } + if ( minDigits > 0 ) { + sb.append( "Must include " ).append( minDigits ).append(" numbers. "); + } + if ( minSpecialChars > 0 ) { + sb.append( "Must include " ).append( minUppercase ).append(" special characters. "); + } + return sb.toString(); + } + + + @Override + public Collection<String> policyCheck( String password, boolean isAdminUser ) { + + final int minLength; + final int minUppercase; + final int minDigits; + final int minSpecialChars; + + if ( isAdminUser ) { + minLength = passwordPolicyFig.getMinLengthAdmin(); + minUppercase = passwordPolicyFig.getMinUppercaseAdmin(); + minDigits = passwordPolicyFig.getMinDigitsAdmin(); + minSpecialChars = passwordPolicyFig.getMinSpecialCharsAdmin(); + } else { + minLength = passwordPolicyFig.getMinLength(); + minUppercase = passwordPolicyFig.getMinUppercase(); + minDigits = passwordPolicyFig.getMinDigits(); + minSpecialChars = passwordPolicyFig.getMinSpecialChars(); + } + + return policyCheck( password, minLength, minUppercase, minDigits, minSpecialChars ); + } + + + public Collection<String> policyCheck( + String password, int minLength, int minUppercase, int minDigits, int minSpecialChars ) { + + + List<String> violations = new ArrayList<>(3); + + // check length + if ( password == null || password.length() < minLength ) { + violations.add( PasswordPolicy.ERROR_LENGTH_POLICY + + ": must be at least " + minLength + " characters" ); + } + + // count upper case + if ( minUppercase > 0 ) { + int upperCaseCount = 0; + for (char c : password.toCharArray()) { + if (StringUtils.isAllUpperCase( String.valueOf( c ) )) { + upperCaseCount++; + } + } + if (upperCaseCount < minUppercase) { + violations.add( PasswordPolicy.ERROR_UPPERCASE_POLICY + + ": requires " + minUppercase + " uppercase characters" ); + } + } + + // count digits case + if ( minDigits > 0 ) { + int digitCount = 0; + for (char c : password.toCharArray()) { + if (StringUtils.isNumeric( String.valueOf( c ) )) { + digitCount++; + } + } + if (digitCount < minDigits) { + violations.add( PasswordPolicy.ERROR_DIGITS_POLICY + + ": requires " + minDigits + " digits" ); + } + } + + // count special characters + if ( minSpecialChars > 0 ) { + int specialCharCount = 0; + for (char c : password.toCharArray()) { + if (passwordPolicyFig.getAllowedSpecialChars().contains( String.valueOf( c ) )) { + specialCharCount++; + } + } + if (specialCharCount < minSpecialChars) { + violations.add( PasswordPolicy.ERROR_SPECIAL_CHARS_POLICY + + ": requires " + minSpecialChars + " special characters" ); + } + } + + return violations; + } + + +} http://git-wip-us.apache.org/repos/asf/usergrid/blob/b3bf7ed0/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java ---------------------------------------------------------------------- diff --git a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java index 58b301a..9e5485b 100644 --- a/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java +++ b/stack/services/src/main/java/org/apache/usergrid/services/guice/ServiceModuleImpl.java @@ -31,8 +31,12 @@ import org.apache.usergrid.persistence.cache.impl.CacheFactoryImpl; import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerialization; import org.apache.usergrid.persistence.cache.impl.ScopedCacheSerializationImpl; import org.apache.usergrid.persistence.core.migration.data.MigrationPlugin; +import org.apache.usergrid.security.PasswordPolicy; +import org.apache.usergrid.security.PasswordPolicyFig; +import org.apache.usergrid.security.PasswordPolicyImpl; import org.apache.usergrid.security.shiro.UsergridAuthenticationInfo; import org.apache.usergrid.security.shiro.UsergridAuthorizationInfo; +import org.safehaus.guicyfig.GuicyFigModule; // <bean id="notificationsQueueListener" class="org.apache.usergrid.services.notifications.QueueListener" @@ -70,5 +74,8 @@ public class ServiceModuleImpl extends AbstractModule implements ServiceModule { bind( new TypeLiteral<ScopedCacheSerialization<String, UsergridAuthenticationInfo>>() {}) .to( new TypeLiteral<ScopedCacheSerializationImpl<String, UsergridAuthenticationInfo>>() {}); + bind( PasswordPolicy.class ).to( PasswordPolicyImpl.class ); + + install( new GuicyFigModule( PasswordPolicyFig.class ) ); } }
