RED-7292: added check, if KC password policy exists

This commit is contained in:
Ali Oezyetimoglu 2023-08-24 09:11:30 +02:00
parent c0b897112a
commit 98c6f27190

View File

@ -85,7 +85,7 @@ public class TenantManagementService implements TenantProvider {
@SneakyThrows
public TenantResponse createTenant(TenantRequest tenantRequest) {
log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).collect(Collectors.toList()));
log.info("Tenants are: {}", tenantRepository.findAll().stream().map(TenantEntity::getTenantId).toList());
log.info("Requested to create tenant for: {}", tenantRequest.getTenantId());
try {
@ -297,7 +297,7 @@ public class TenantManagementService implements TenantProvider {
rolesRepresentation.setRealm(roles);
realm.setRoles(rolesRepresentation);
realm.setUsers(users.stream().map(this::toUserRepresentation).collect(Collectors.toList()));
realm.setUsers(users.stream().map(tenantUser -> toUserRepresentation(tenantId, tenantUser)).toList());
realm.setPasswordPolicy("digits(1) and length(12) and lowerCase(1) and notEmail and notUsername and specialChars(1) and upperCase(1)");
@ -315,11 +315,11 @@ public class TenantManagementService implements TenantProvider {
}
private UserRepresentation toUserRepresentation(TenantUser redUser) {
private UserRepresentation toUserRepresentation(String tenantId, TenantUser redUser) {
var credentialRepresentation = new CredentialRepresentation();
credentialRepresentation.setType("password");
validatePasswordWithPolicy(redUser.getPassword(), redUser.getUsername(), redUser.getEmail());
credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
validatePasswordWithPolicy(tenantId, redUser.getPassword(), redUser.getUsername(), redUser.getEmail());
credentialRepresentation.setValue(redUser.getPassword());
var user = new UserRepresentation();
@ -346,10 +346,14 @@ public class TenantManagementService implements TenantProvider {
}
private void validatePasswordWithPolicy(String password, String username, String email) {
private void validatePasswordWithPolicy(String tenantId, String password, String username, String email) {
if (password.equals(username) || !validateEmailIsNotPassword(email, password) || !checkStringContainsUpperCaseAndLowerCaseAndDigitsAndSpecialCharsAndHasLength(password)) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Password does not match password policy.");
var realmPasswordPolicy = realmService.realm(tenantId).toRepresentation().getPasswordPolicy();
if(realmPasswordPolicy == null || realmPasswordPolicy.isEmpty()) {
// KC has no policy set, thus we validate it manually
if (password.equals(username) || !validateEmailIsNotPassword(email, password) || !checkStringContainsUpperCaseAndLowerCaseAndDigitsAndSpecialCharsAndHasLength(password)) {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Password does not match password policy.");
}
}
}
@ -481,7 +485,7 @@ public class TenantManagementService implements TenantProvider {
public List<TenantResponse> getTenants() {
return tenantRepository.findAll().stream().map(this::convert).collect(Collectors.toList());
return tenantRepository.findAll().stream().map(this::convert).toList();
}