[BUG][API] Missing password validation during registration

[NY1105]

Summary

Validation seems missing for password during user registration Passwords are suppose to have 8+ length, 1+ Special, 1+ Uppercase, 1+ Lowercase

Severity

Major

Reporter

@NY1105

Assignee

@NY1105 @whongam

Product

e-commerce

Component

Backend API -> User

Version

Release 2

Environment

Visual Studio Code

Version: 1.85.0 (Universal) Commit: af28b32d7e553898b2a91af498b1fb666fdebe0c Date: 2023-12-06T18:18:04.614Z (4 days ago) Electron: 25.9.7 ElectronBuildId: 25551756 Chromium: 114.0.5735.289 Node.js: 18.15.0 V8: 11.4.183.29-electron.0 OS: macOS Darwin arm64 22.6.0

Thunder Client (Equivalent to Postman)

v2.16.2

Description

1. Prerequisites: 1.0 Make sure the database is empty and initiated 1.1 In CLI, run mvn spring-boot:run to start the server
2. In API caller, request POST localhost:8080/user/register with body: { "userId": "user123", "userPassword": "pass456" }

Current result:

Status: 200 Ok { "userId": "user123", "userPassword": "pass456", "totalSpent": 0.0, "carts": null, "membershipTier": 0 }

Expected result:

Status: 400 Bad Request

[whongam]

Took a look at this bug and successfully replicated this issue in my local environment. Root cause: Missing validation condition for input in the controller class. Solution: Adding jakarta validation library in the Vo class to resolve the problem

[whongam]

Fixed in the next release, closing this issue for now.

[NY1105]

Problem

Solution

Added regular expression matching before completing registration

    private boolean isValidPassword(String password) {
        String regex = "^(?=.*[a-z])(?=.*[A-Z])(?=.*\\W).+$";
        return password.matches(regex);
    }
    public ResponseEntity<User> register(User newUser) {
      if (!isValidPassword(newUser.getUserPassword())) {
        return ResponseEntity.badRequest().build();
      }
      User user = user_repository.saveAndFlush(newUser);
      return ResponseEntity.status(HttpStatus.CREATED).body(user);
    }

Tested