[EDELIVERY-13839] Reset password policy validation fix

54c1d47e · Joze RIHTARSIC · c7c80818 · 54c1d47e · 54c1d47e · 54c1d47e
Commit 54c1d47e authored 7 months ago by Joze RIHTARSIC
--- a/smp-angular/src/app/common/global-lookups.ts
+++ b/smp-angular/src/app/common/global-lookups.ts
@@ -13,6 +13,7 @@ import {SecurityEventService} from "../security/security-event.service";
 import {DateAdapter} from "@angular/material/core";
 import {NgxMatDateAdapter} from "@angular-material-components/datetime-picker";
 import {DomainRo} from "./model/domain-ro.model";
+import {Subject} from "rxjs";

 /**
 * Purpose of object is to fetch lookups as domains and users
@@ -20,6 +21,9 @@ import {DomainRo} from "./model/domain-ro.model";

 @Injectable()
 export class GlobalLookups {
+  // global data observers. The components will subscribe to these Subject to get
+  // data updates.
+  private smpInfoUpdateSubject: Subject<SmpInfo> = new Subject<SmpInfo>();

  domainObserver: Observable<SearchTableResult>
  userObserver: Observable<SearchTableResult>
@@ -71,15 +75,6 @@ export class GlobalLookups {
    this.refreshDomainLookup(domainUrl);
  }

-  public refreshDomainLookupForLoggedUser() {
-    let domainUrl = SmpConstants.REST_PUBLIC_DOMAIN;
-    // for authenticated admin use internal url which returns more data!
-    if (this.securityService.isCurrentUserSystemAdmin()) {
-      domainUrl = SmpConstants.REST_INTERNAL_DOMAIN_MANAGE_DEPRECATED;
-    }
-    this.refreshDomainLookup(domainUrl);
-  }
-
  public refreshDomainLookup(domainUrl: string) {
    let params: HttpParams = new HttpParams()
      .set('page', '-1')
@@ -96,16 +91,18 @@ export class GlobalLookups {
    });
  }

-
  public refreshApplicationInfo() {

    this.http.get<SmpInfo>(SmpConstants.REST_PUBLIC_APPLICATION_INFO)
-      .subscribe((res: SmpInfo) => {
+      .subscribe({
+        next: (res: SmpInfo): void => {
          this.cachedApplicationInfo = res;
-        }, error => {
-          console.log("getSmpInfo:" + error);
+          this.smpInfoUpdateSubject.next(res);
+        },
+        error: (err: any): void => {
+          console.log("getSmpInfo:" + err);
        }
-      );
+      });

  }

@@ -116,12 +113,13 @@ export class GlobalLookups {
      console.log("Refresh application configuration is authenticated " + isAuthenticated)
      if (isAuthenticated) {
        this.http.get<SmpConfig>(SmpConstants.REST_PUBLIC_APPLICATION_CONFIG)
-          .subscribe((res: SmpConfig) => {
-              this.cachedApplicationConfig = res;
-            }, error => {
-              console.log("getSmpConfig:" + error);
-            }
-          );
+          .subscribe({next: (res :SmpConfig):void => {
+          this.cachedApplicationConfig = res;
+        },
+        error: (err: any)=> {
+          console.log("getSmpConfig:" + err);
+        }
+      });
      }
    });
  }
@@ -143,7 +141,6 @@ export class GlobalLookups {
      let sub: Subscription = this.userObserver.subscribe((users: SearchTableResult) => {
        this.cachedServiceGroupOwnerList = users.serviceEntities.map(serviceEntity => {
          return {...serviceEntity}
-
        });
        sub.unsubscribe();
      }, (error: any) => {
@@ -160,4 +157,8 @@ export class GlobalLookups {
    this.cachedApplicationConfig = null;
    this.cachedDomainList = [];
  }
+
+  public onSmpInfoUpdateEvent(): Observable<SmpInfo> {
+    return this.smpInfoUpdateSubject.asObservable();
+  }
 }
--- a/smp-angular/src/app/security/reset-credential/reset-credential.component.ts
+++ b/smp-angular/src/app/security/reset-credential/reset-credential.component.ts
@@ -2,8 +2,11 @@
 import {ActivatedRoute, Router} from '@angular/router';
 import {FormGroup, UntypedFormControl, Validators} from "@angular/forms";
 import {GlobalLookups} from "../../common/global-lookups";
-import {equal} from "../../common/dialogs/password-change-dialog/password-change-dialog.component";
+import {
+  equal
+} from "../../common/dialogs/password-change-dialog/password-change-dialog.component";
 import {SecurityService} from "../security.service";
+import {SmpInfo} from "../../app-info/smp-info.model";

 @Component({
  templateUrl: './reset-credential.component.html',
@@ -26,18 +29,38 @@ export class ResetCredentialComponent implements OnInit {

  ngOnInit() {
    this.initForm();
+    this.lookups.onSmpInfoUpdateEvent().subscribe((data: SmpInfo): void => {
+      this.resetPasswordValidator(data);
+    })
    this.resetToken = this.activatedRoute.snapshot.params['resetToken'];
  }

+  /**
+   * Reset password validator from the application info data object
+   * @param data - SmpInfo
+   */
+  private resetPasswordValidator(data: SmpInfo): void {
+    this.resetForm.controls['new-password'].setValidators([Validators.required, Validators.pattern(data.passwordValidationRegExp)]);
+  }
+
  private initForm() {

-    let newPasswdFormControl: UntypedFormControl = new UntypedFormControl({value: null, readonly: false},
+    let newPasswdFormControl: UntypedFormControl = new UntypedFormControl({
+        value: null,
+        readonly: false
+      },
      [Validators.required, Validators.pattern(this.passwordValidationRegExp)]);
-    let confirmNewPasswdFormControl: UntypedFormControl = new UntypedFormControl({value: null, readonly: false},
+    let confirmNewPasswdFormControl: UntypedFormControl = new UntypedFormControl({
+        value: null,
+        readonly: false
+      },
      [Validators.required, equal(newPasswdFormControl, true)]);

    this.resetForm = new FormGroup({
-      'resetUsername': new UntypedFormControl({value: null, readonly: true}, null),
+      'resetUsername': new UntypedFormControl({
+        value: null,
+        readonly: true
+      }, null),
      'new-password': newPasswdFormControl,
      'confirm-new-password': confirmNewPasswdFormControl
    });

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CredentialService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CredentialService.java
@@ -56,6 +56,7 @@ import java.text.SimpleDateFormat;
 import java.time.OffsetDateTime;
 import java.time.temporal.ChronoUnit;
 import java.util.*;
+import java.util.regex.Pattern;

 import static java.util.Locale.US;

@@ -354,12 +355,16 @@ public class CredentialService {
            return;
        }
        DBCredential dbCredential = optCredential.get();
-
        if (!resetToken.equals(dbCredential.getResetToken())) {
            LOG.warn("User [{}] reset token does not match the active reset token! The request is ignored", username);
            return;
        }

+        Pattern pattern = configurationService.getPasswordPolicyRexExp();
+        if (pattern != null && !pattern.matcher(newPassword).matches()) {
+            throw new SMPRuntimeException(ErrorCode.INVALID_REQUEST, "PasswordChange", configurationService.getPasswordPolicyValidationMessage());
+        }
+
        OffsetDateTime now = OffsetDateTime.now();
        dbCredential.setValue(BCrypt.hashpw(newPassword, BCrypt.gensalt()));
        dbCredential.setResetToken(null);