NOJIRA - Slight refactoring of password validation, and improved error message for...

diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/5-account-bigbird.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/5-account-bigbird.xml
index 327ff7f1fe4062c34ab0e3f196294c4d1b644a86..ed27953781181e1c9283fac432924fe967f6c415 100755 (executable)
--- a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/5-account-bigbird.xml
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/5-account-bigbird.xml
@@ -7,6 +7,7 @@ xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
   <email>bigbird@cspace.org</email>\r
   <phone>1234567890</phone>\r
   <userId>bigbird2010</userId>\r
+       <!-- Password is bigbird2010 base 64 encoded -->\r
   <password>YmlnYmlyZDIwMTA=</password>\r
   <tenants>\r
     <tenant_id>1</tenant_id>\r

diff --git a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/6-account-elmo.xml b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/6-account-elmo.xml
index 882a6be5d42bca9b38e34e2afdc224a76d563988..dc3bf0301885ef5f8e4547cf8f9eddf8dffd4cd0 100755 (executable)
--- a/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/6-account-elmo.xml
+++ b/services/IntegrationTests/src/test/resources/test-data/xmlreplay/security/6-account-elmo.xml
@@ -7,6 +7,7 @@ xmlns:ns3="http://collectionspace.org/services/hyperjaxb">
   <email>elmo@cspace.org</email>\r
   <phone>1234567890</phone>\r
   <userId>elmo2010</userId>\r
+       <!-- Pass word is elmo2010, base64 encoded -->\r
   <password>ZWxtbzIwMTA=</password>\r
   <tenants>\r
     <tenant_id>1</tenant_id>\r

diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
index 16dbf680f4916920e6d29ccfd379c0b4002f2bb5..4da74926512ad207b5037a16c2453c2d8035dabf 100644 (file)
--- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
+++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityUtils.java
@@ -43,6 +43,8 @@ public class SecurityUtils {
 
     private static final Logger logger = LoggerFactory.getLogger(SecurityUtils.class);
     public static final String URI_PATH_SEPARATOR = "/";
+    public static final int MIN_PASSWORD_LENGTH = 8;
+    public static final int MAX_PASSWORD_LENGTH = 24;
 
     /**
      * createPasswordHash creates password has using configured digest algorithm
@@ -65,14 +67,15 @@ public class SecurityUtils {
      * @param password
      */
     public static void validatePassword(String password) {
-        //TODO: externalize password length
         if (password == null) {
             String msg = "Password missing ";
             logger.error(msg);
             throw new IllegalArgumentException(msg);
         }
-        if (password.length() < 8 || password.length() > 24) {
-            String msg = "Password length should be >8 and <24";
+        if (password.length() < MIN_PASSWORD_LENGTH 
+                       || password.length() > MAX_PASSWORD_LENGTH) {
+            String msg = "Bad password: '"+password+"': length should be >= "
+                       + MIN_PASSWORD_LENGTH + " and <= " + MAX_PASSWORD_LENGTH;
             logger.error(msg);
             throw new IllegalArgumentException(msg);
         }