From eccff8d2b0e9a6a6fc8ce6c4533153fb3e5cd15f Mon Sep 17 00:00:00 2001
From: Denis Natusch <denis.natusch@mailbox.tu-dresden.de>
Date: Mon, 20 Nov 2023 22:20:52 +0100
Subject: [PATCH] Refuse nullbyte as password

Closes #26
---
 src/main/java/catering/users/UserController.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main/java/catering/users/UserController.java b/src/main/java/catering/users/UserController.java
index 4d97d8d..5fc1d6a 100644
--- a/src/main/java/catering/users/UserController.java
+++ b/src/main/java/catering/users/UserController.java
@@ -39,6 +39,9 @@ public class UserController {
 		if (result.hasErrors()){
 			return "register";
 		}
+		if (form.getPassword().chars().anyMatch(Character::isISOControl)) {
+			return "register";
+		}
 		userManagement.createCustomer(form.getUsername(),form.getAddress(),form.getPassword(),form.getFullName());
 		return "redirect:/login";
 	}
@@ -68,7 +71,9 @@ public class UserController {
 		user.setFullName(form.getFullName());
 		user.setAddress(form.getAddress());
 		if (!form.getPassword().get().isEmpty()) {
-			userManagement.setPassword(form.getPassword().get(), user.getUserAccount());
+			if (form.getPassword().get().chars().anyMatch(Character::isISOControl)) {
+				userManagement.setPassword(form.getPassword().get(), user.getUserAccount());
+			}
 		}
 		userManagement.save(user);