Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24288

regex password validation fails when invited

    XMLWordPrintable

    Details

    • Release Notes Summary:
      The regular expression used for password validation works with invitations.
    • Tags:
    • Backlog priority:
      500
    • Sprint:
      nxGang Sprint 10.1.4, nxGang Sprint 10.1.5
    • Story Points:
      3

      Description

      1. install nuxeo 7.10
      2. add the following contribution: 
        <require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>

<extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
  <userManager>
		      <!-- The password is valid if :
			        - it has only word characters : [a-zA-Z0-9_]
			        - it's at least 8 long
			        - it has at least one digit
			        - it has at least two lowercase letter
			        - it has at least one uppercase letter -->
    <userPasswordPattern>
      ^\w*(?=.{8,})(?=.*\d)(?=(.*[a-z]){2,})(?=.*[A-Z])\w*$
    </userPasswordPattern>
  </userManager>
</extension>

<extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
  <property name="nuxeo.usermanager.check.password">true</property>
</extension>

        following NXP-18751 implementation.

      3. create a user without password
      4. this generates a registration mail
      5. click the link in the mail and enter a password which does not match the regex (password for instance)
      6. observe the following stack in the logs: 
        2018-01-26 11:48:31,747 ERROR [http-bio-0.0.0.0-8080-exec-27] [org.nuxeo.ecm.core.event.impl.EventServiceImpl] Exception during invitationListener sync listener execution, transaction will be rolled back
org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException: Unable to complete registration, null
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkPasswordValidity(UserManagerImpl.java:1262)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:1235)
	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:814)
	at org.nuxeo.ecm.user.invite.DefaultInvitationUserFactory.doCreateUser(DefaultInvitationUserFactory.java:70)
	at org.nuxeo.ecm.user.invite.UserInvitationComponent.createUser(UserInvitationComponent.java:729)
	at org.nuxeo.ecm.user.invite.UserInvitationListener.handleEvent(UserInvitationListener.java:50)
	at org.nuxeo.ecm.core.event.impl.EventServiceImpl.fireEvent(EventServiceImpl.java:191)
	at org.nuxeo.ecm.user.invite.UserInvitationComponent.sendEvent(UserInvitationComponent.java:433)
	at org.nuxeo.ecm.user.invite.UserInvitationComponent$RegistrationAcceptator.run(UserInvitationComponent.java:391)
	at org.nuxeo.ecm.core.api.UnrestrictedSessionRunner.runUnrestricted(UnrestrictedSessionRunner.java:139)
	at org.nuxeo.ecm.user.invite.UserInvitationComponent.validateRegistration(UserInvitationComponent.java:647)
	at org.nuxeo.ecm.webengine.invite.UserInvitationObject.validateTrialForm(UserInvitationObject.java:94)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:498)
	at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ObjectOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:258)
	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
	at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
	at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
	at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)

      Please note doing the same in 9.10 does not even enforce the format set by the regex.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours
                4h