fix username and password verification

2018-08-06 23:03:17 +02:00 · 2018-08-06 23:03:17 +02:00 · d1fa341650
parent 624bbd45e3
commit d1fa341650
3 changed files with 23 additions and 5 deletions
--- a/libnymea-core/usermanager.cpp
+++ b/libnymea-core/usermanager.cpp
@ -137,12 +137,11 @@ QStringList UserManager::users() const
 UserManager::UserError UserManager::createUser(const QString &username, const QString &password)
 {
    if (!validateUsername(username)) {
-        qCWarning(dcUserManager) << "Error creating user. Invalid username";
+        qCWarning(dcUserManager) << "Error creating user. Invalid username:" << username;
        return UserErrorInvalidUserId;
    }

-    QRegExp passwordValidator = QRegExp("^(?=.*[A-Za-z])(?=.*\[0-9])(?=.*[$@$!%*#?&])[A-Za-z0-9$@$!%*#?&]{8,}$");
-    if (!passwordValidator.exactMatch(password)) {
+    if (!validatePassword(password)) {
        qCWarning(dcUserManager) << "Password failed character validation. Must contain a letter, a number and a special charactar. Minimum length: 8";
        return UserErrorBadPassword;
    }
@ -407,10 +406,27 @@ void UserManager::rotate(const QString &dbName)

 bool UserManager::validateUsername(const QString &username) const
 {
-    QRegExp validator("(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+.[a-zA-Z0-9-.]+$)");
+    QRegExp validator("(^[a-zA-Z0-9_\\.+-]+@[a-zA-Z0-9-_]+\\.[a-zA-Z]+$)");
    return validator.exactMatch(username);
 }

+bool UserManager::validatePassword(const QString &password) const
+{
+    if (password.length() < 8) {
+        return false;
+    }
+    if (!password.contains(QRegExp("[a-z]"))) {
+        return false;
+    }
+    if (!password.contains(QRegExp("[0-9]"))) {
+        return false;
+    }
+    if (!password.contains(QRegExp("[!\"§$%&/()#*\\'+\\.\\\\]"))) {
+        return false;
+    }
+    return true;
+}
+
 bool UserManager::validateToken(const QByteArray &token) const
 {
    QRegExp validator(QRegExp("(^[a-zA-Z0-9_.+-/=]+$)"));
--- a/libnymea-core/usermanager.h
+++ b/libnymea-core/usermanager.h
@ -71,6 +71,7 @@ private:
    bool initDB();
    void rotate(const QString &dbName);
    bool validateUsername(const QString &username) const;
+    bool validatePassword(const QString &password) const;
    bool validateToken(const QByteArray &token) const;

 private slots:
@ -83,7 +84,7 @@ private:
    QPair<int, QString> m_pushButtonTransaction;

 };
-
 }
+Q_DECLARE_METATYPE(nymeaserver::UserManager::UserError)

 #endif // USERMANAGER_H
--- a/tests/auto/auto.pro
+++ b/tests/auto/auto.pro
@ -22,4 +22,5 @@ SUBDIRS = versioning \
        configurations \
        timemanager \
        userloading \
+        usermanager \
        tags \