Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: isCommonlyUsed password check not hardcoded #4018 #4207

Merged
merged 1 commit into from
Jan 19, 2022
Merged

feature: isCommonlyUsed password check not hardcoded #4018 #4207

merged 1 commit into from
Jan 19, 2022

Conversation

WillardHu
Copy link
Contributor

@WillardHu WillardHu commented Jan 13, 2022
edited by Anilople
Loading

Signed-off-by: WillardHu wei.hu@daocloud.io

What's the purpose of this PR

isCommonlyUsed password check not hardcoded

Which issue(s) this PR fixes:

Fixes #4018

Brief changelog

XXXXX

Follow this checklist to help us incorporate your contribution quickly and easily:

  • Read the Contributing Guide before making this pull request.
  • Write a pull request description that is detailed enough to understand what the pull request does, how, and why.
  • Write necessary unit tests to verify the code.
  • Run mvn clean test to make sure this pull request doesn't break anything.
  • Update the CHANGES log.

@codecov-commenter
Copy link

codecov-commenter commented Jan 13, 2022
edited
Loading

Codecov Report

Merging #4207 (6f31393) into master (7fb6b8b) will decrease coverage by 0.04%.
The diff coverage is 50.00%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master    #4207      +/-   ##
============================================
- Coverage     52.59%   52.54%   -0.05%     
+ Complexity     2620     2619       -1     
============================================
  Files           484      484              
  Lines         15192    15201       +9     
  Branches       1571     1573       +2     
============================================
- Hits           7990     7988       -2     
- Misses         6645     6654       +9     
- Partials        557      559       +2
Impacted Files Coverage Δ
...k/apollo/portal/component/config/PortalConfig.java 23.59% <0.00%> (-1.12%) ⬇️
...o/portal/util/checker/AuthUserPasswordChecker.java 80.95% <75.00%> (-6.55%) ⬇️
...ework/apollo/internals/RemoteConfigRepository.java 85.27% <0.00%> (-3.07%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7fb6b8b...6f31393. Read the comment docs.

Anilople
Anilople reviewed Jan 16, 2022
View reviewed changes
...lo-portal/src/main/java/com/ctrip/framework/apollo/portal/component/config/PortalConfig.java Outdated
@@ -273,4 +275,12 @@ public String getAdminServiceAccessTokens() {
public boolean supportSearchByItem() {
return getBooleanProperty("searchByItem.switch", true);
}

public List<String> listOfCodeFragment() {
String[] value = getArrayProperty("auth.user-password-checker.list-of-code-fragment", null);
Copy link
Contributor

@Anilople Anilople Jan 16, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add the prefix to the key?

Suggested change
String[] value = getArrayProperty("auth.user-password-checker.list-of-code-fragment", null);
String[] value = getArrayProperty("apollo.portal.auth.user-password-checker.list-of-code-fragment", null);

Or change it?

Suggested change
String[] value = getArrayProperty("auth.user-password-checker.list-of-code-fragment", null);
String[] value = getArrayProperty("apollo.portal.auth.user-password-not-allow-list", null);

Alternative

  • auth.user-password-checker.list-of-code-fragment
  • apollo.portal.auth.user-password-checker.list-of-code-fragment
  • apollo.portal.auth.user-password-fragment
  • apollo.portal.auth.user-password-checker-fragment
  • apollo.portal.auth.user-password-checker-code-fragment
  • apollo.portal.auth.user-password-not-allow-list
  • ...

An better key let user more understandable this feature.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@Anilople Anilople added area/portal apollo-portal feature Categorizes issue as related to a new feature. labels Jan 16, 2022
Anilople
Anilople reviewed Jan 17, 2022
View reviewed changes
...al/src/main/java/com/ctrip/framework/apollo/portal/util/checker/AuthUserPasswordChecker.java Outdated
@@ -28,7 +29,7 @@
private static final Pattern PWD_PATTERN = Pattern
.compile("^(?=.*[0-9].*)(?=.*[a-zA-Z].*).{8,20}$");

private static final List<String> LIST_OF_CODE_FRAGMENT = Arrays.asList(
private static final List<String> DEFAULT_USER_PASSWORD_NOT_ALLOW_LIST = Arrays.asList(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move the default value to PortalConfig's method?

  private static final List<String> DEFAULT_USER_PASSWORD_NOT_ALLOW_LIST = Arrays.asList(xxx);

  public List<String> getUserPasswordNotAllowList() {
    String[] value = getArrayProperty("apollo.portal.auth.user-password-not-allow-list", null);
    if (value == null || value.length == 0) {
      return DEFAULT_USER_PASSWORD_NOT_ALLOW_LIST;
    }
    return Arrays.asList(value);
  }

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

Anilople
Anilople reviewed Jan 17, 2022
View reviewed changes
...portal/src/test/java/com/ctrip/framework/apollo/portal/util/AuthUserPasswordCheckerTest.java
@@ -81,4 +80,24 @@ public void testIsWeakPassword() {
Assert.assertTrue(res.isSuccess());
}

@Test
public void testIsWeakPassword2() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we can add more test case like return empty list, single element list?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

@WillardHu
feature: isCommonlyUsed password check not hardcoded apolloconfig#4018
27eac92 
Signed-off-by: WillardHu <wei.hu@daocloud.io>
nobodyiam
nobodyiam approved these changes Jan 19, 2022
View reviewed changes
Copy link
Member

@nobodyiam nobodyiam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me now. @Anilople would you please help to take a look from your perspective?

@Anilople Anilople merged commit f4ae484 into apolloconfig:master Jan 19, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Jan 19, 2022
@nobodyiam nobodyiam added this to the 2.0.0 milestone Jan 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Anilople Anilople Anilople approved these changes

@nobodyiam nobodyiam nobodyiam approved these changes

Assignees
No one assigned
Labels
area/portal apollo-portal feature Categorizes issue as related to a new feature.
Projects
None yet
Milestone
2.0.0
Development

Successfully merging this pull request may close these issues.

feature: isCommonlyUsed password check not hardcoded
4 participants
@WillardHu @codecov-commenter @nobodyiam @Anilople