Refuse nullbyte as password

Closes #26
This commit is contained in:
Denis Natusch 2023-11-20 22:20:52 +01:00 committed by Simon Bruder
parent 27fdc3ef02
commit eccff8d2b0
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC

View file

@ -39,6 +39,9 @@ public class UserController {
if (result.hasErrors()){ if (result.hasErrors()){
return "register"; return "register";
} }
if (form.getPassword().chars().anyMatch(Character::isISOControl)) {
return "register";
}
userManagement.createCustomer(form.getUsername(),form.getAddress(),form.getPassword(),form.getFullName()); userManagement.createCustomer(form.getUsername(),form.getAddress(),form.getPassword(),form.getFullName());
return "redirect:/login"; return "redirect:/login";
} }
@ -68,8 +71,10 @@ public class UserController {
user.setFullName(form.getFullName()); user.setFullName(form.getFullName());
user.setAddress(form.getAddress()); user.setAddress(form.getAddress());
if (!form.getPassword().get().isEmpty()) { if (!form.getPassword().get().isEmpty()) {
if (form.getPassword().get().chars().anyMatch(Character::isISOControl)) {
userManagement.setPassword(form.getPassword().get(), user.getUserAccount()); userManagement.setPassword(form.getPassword().get(), user.getUserAccount());
} }
}
userManagement.save(user); userManagement.save(user);
// by default the user gets logged out by salespoint after changing the user name // by default the user gets logged out by salespoint after changing the user name