Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24288

regex password validation fails when invited

    XMLWordPrintable

    Details

    • Release Notes Summary:
      The regular expression used for password validation works with invitations.
    • Tags:
    • Backlog priority:
      500
    • Sprint:
      nxGang Sprint 10.1.4, nxGang Sprint 10.1.5
    • Story Points:
      3

      Description

      1. install nuxeo 7.10
      2. add the following contribution:
        <require>org.nuxeo.ecm.platform.usermanager.UserManagerImpl</require>
        
        <extension target="org.nuxeo.ecm.platform.usermanager.UserService" point="userManager">
          <userManager>
        		      <!-- The password is valid if :
        			        - it has only word characters : [a-zA-Z0-9_]
        			        - it's at least 8 long
        			        - it has at least one digit
        			        - it has at least two lowercase letter
        			        - it has at least one uppercase letter -->
            <userPasswordPattern>
              ^\w*(?=.{8,})(?=.*\d)(?=(.*[a-z]){2,})(?=.*[A-Z])\w*$
            </userPasswordPattern>
          </userManager>
        </extension>
        
        <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration">
          <property name="nuxeo.usermanager.check.password">true</property>
        </extension>
        

        following NXP-18751 implementation.

      3. create a user without password
      4. this generates a registration mail
      5. click the link in the mail and enter a password which does not match the regex (password for instance)
      6. observe the following stack in the logs:
        2018-01-26 11:48:31,747 ERROR [http-bio-0.0.0.0-8080-exec-27] [org.nuxeo.ecm.core.event.impl.EventServiceImpl] Exception during invitationListener sync listener execution, transaction will be rolled back
        org.nuxeo.ecm.platform.usermanager.exceptions.InvalidPasswordException: Unable to complete registration, null
        	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.checkPasswordValidity(UserManagerImpl.java:1262)
        	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:1235)
        	at org.nuxeo.ecm.platform.usermanager.UserManagerImpl.createUser(UserManagerImpl.java:814)
        	at org.nuxeo.ecm.user.invite.DefaultInvitationUserFactory.doCreateUser(DefaultInvitationUserFactory.java:70)
        	at org.nuxeo.ecm.user.invite.UserInvitationComponent.createUser(UserInvitationComponent.java:729)
        	at org.nuxeo.ecm.user.invite.UserInvitationListener.handleEvent(UserInvitationListener.java:50)
        	at org.nuxeo.ecm.core.event.impl.EventServiceImpl.fireEvent(EventServiceImpl.java:191)
        	at org.nuxeo.ecm.user.invite.UserInvitationComponent.sendEvent(UserInvitationComponent.java:433)
        	at org.nuxeo.ecm.user.invite.UserInvitationComponent$RegistrationAcceptator.run(UserInvitationComponent.java:391)
        	at org.nuxeo.ecm.core.api.UnrestrictedSessionRunner.runUnrestricted(UnrestrictedSessionRunner.java:139)
        	at org.nuxeo.ecm.user.invite.UserInvitationComponent.validateRegistration(UserInvitationComponent.java:647)
        	at org.nuxeo.ecm.webengine.invite.UserInvitationObject.validateTrialForm(UserInvitationObject.java:94)
        	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        	at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
        	at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ObjectOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:258)
        	at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
        	at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
        	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        	at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
        	at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
        	at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
        	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1542)
        	at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1473)
        	at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1419)
        

      Please note doing the same in 9.10 does not even enforce the format set by the regex.

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 4 hours
                4h

                  PagerDuty

                  Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.