[CST-6938] Removed old password verification on eperson creation

2025-10-07 01:54:22 +00:00 · 2022-09-27 15:43:02 +02:00
parent e9e6fbd216
commit 591e361caf
4 changed files with 26 additions and 20 deletions
--- a/dspace-api/src/main/java/org/dspace/eperson/AccountServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/eperson/AccountServiceImpl.java
@@ -12,7 +12,6 @@ import java.sql.SQLException;
 import java.util.Locale;
 import javax.mail.MessagingException;

-import org.apache.commons.lang3.StringUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.dspace.authorize.AuthorizeException;
@@ -178,14 +177,6 @@ public class AccountServiceImpl implements AccountService {
        registrationDataService.deleteByToken(context, token);
    }

-    @Override
-    public boolean verifyPasswordStructure(String password) {
-        if (StringUtils.length(password) < 6) {
-            return false;
-        }
-        return true;
-    }
-
    /**
     * THIS IS AN INTERNAL METHOD. THE SEND PARAMETER ALLOWS IT TO BE USED FOR
     * TESTING PURPOSES.
--- a/dspace-api/src/main/java/org/dspace/eperson/service/AccountService.java
+++ b/dspace-api/src/main/java/org/dspace/eperson/service/AccountService.java
@@ -46,11 +46,4 @@ public interface AccountService {

    public void deleteToken(Context context, String token)
        throws SQLException;
-
-    /**
-     * This method verifies that a certain String adheres to the password rules for DSpace
-     * @param password  The String to be checked
-     * @return          A boolean indicating whether or not the given String adheres to the password rules
-     */
-    public boolean verifyPasswordStructure(String password);
 }
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/EPersonRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/EPersonRestRepository.java
@@ -206,10 +206,6 @@ public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, E
                throw new EPersonNameNotProvidedException();
            }
        }
-        String password = epersonRest.getPassword();
-        if (!accountService.verifyPasswordStructure(password)) {
-            throw new DSpaceBadRequestException("The given password is invalid");
-        }
    }

    @Override
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
@@ -192,6 +192,32 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
                   .andExpect(status().isNoContent());
    }

+    @Test
+    public void testCreateWithInvalidPassword() throws Exception {
+
+        accountService.sendRegistrationInfo(context, "test@fake-email.com");
+        String token = registrationDataService.findByEmail(context, "test@fake-email.com").getToken();
+
+        String ePersonData = "{" +
+            "   \"metadata\":{" +
+            "      \"eperson.firstname\":[{\"value\":\"John\"}]," +
+            "      \"eperson.lastname\":[{\"value\":\"Doe\"}]" +
+            "   }," +
+            "   \"email\":\"test@fake-email.com\"," +
+            "   \"password\":\"1234\"," +
+            "   \"type\":\"eperson\"" +
+            "}";
+
+        getClient().perform(post("/api/eperson/epersons")
+            .content(ePersonData)
+            .contentType(contentType)
+            .param("token", token))
+            .andExpect(status().isUnprocessableEntity())
+            .andExpect(status().reason(is("New password is invalid. "
+                + "Valid passwords must be at least 8 characters long!")));
+
+    }
+
    @Test
    public void findAllTest() throws Exception {
        context.turnOffAuthorisationSystem();