Refuse nullbyte as password

Closes #26
2024-06-28 12:03:43 +02:00 · 2023-11-20 22:20:52 +01:00 · 2023-11-20 22:20:52 +01:00 · eccff8d2b0
parent 27fdc3ef02
commit eccff8d2b0
1 changed files with 6 additions and 1 deletions
--- a/src/main/java/catering/users/UserController.java
+++ b/src/main/java/catering/users/UserController.java
@ -39,6 +39,9 @@ public class UserController {
 		if (result.hasErrors()){
 			return "register";
 		}
+		if (form.getPassword().chars().anyMatch(Character::isISOControl)) {
+			return "register";
+		}
 		userManagement.createCustomer(form.getUsername(),form.getAddress(),form.getPassword(),form.getFullName());
 		return "redirect:/login";
 	}
@ -68,7 +71,9 @@ public class UserController {
 		user.setFullName(form.getFullName());
 		user.setAddress(form.getAddress());
 		if (!form.getPassword().get().isEmpty()) {
-			userManagement.setPassword(form.getPassword().get(), user.getUserAccount());
+			if (form.getPassword().get().chars().anyMatch(Character::isISOControl)) {
+				userManagement.setPassword(form.getPassword().get(), user.getUserAccount());
+			}
 		}
 		userManagement.save(user);