padmavati
(padma b)
January 18, 2017, 11:07am
1
In Openmrs we have a validate password method in OpenmrsUtil.java
* @should fail with password equals to system id if not allowed
* @should pass with password equals to system id if allowed
* @should fail with password not matching configured regex
* @should pass with password matching configured regex
* @should allow password to contain non alphanumeric characters
* @should allow password to contain white spaces
* @should still work without an open session
*/
public static void validatePassword(String username, String password, String systemId) throws PasswordException {
// default values for all of the global properties
String userGp = "true";
String lengthGp = "8";
String caseGp = "true";
String digitGp = "true";
String nonDigitGp = "true";
String regexGp = null;
AdministrationService svc = null;
try {
svc = Context.getAdministrationService();
If password is empty or if it matches to username when the security.passwordCannotMatchUsername property is set to true we are raising a WeakPasswordException.
In weak password exception we are not getting the translated message
* <p>
* For details on what is checked, see {@link OpenmrsUtil#validatePassword(String, String, String)}.
*
* @since 1.5
*/
public class WeakPasswordException extends PasswordException {
private static final long serialVersionUID = 31620091004L;
public WeakPasswordException() {
super("error.password.weak");
}
public WeakPasswordException(String message) {
super(message);
}
}
so the response is returning as is.
For the remaining validations we are translating the key and returning
if ("true".equals(userGp) && (password.equals(username) || password.equals(systemId))) {
throw new WeakPasswordException();
}
if (StringUtils.isNotEmpty(lengthGp)) {
try {
int minLength = Integer.parseInt(lengthGp);
if (password.length() < minLength) {
throw new ShortPasswordException(getMessage("error.password.length", lengthGp));
}
}
catch (NumberFormatException nfe) {
log.warn(
"Error in global property <" + OpenmrsConstants.GP_PASSWORD_MINIMUM_LENGTH + "> must be an Integer");
}
}
if ("true".equals(caseGp) && !containsUpperAndLowerCase(password)) {
throw new InvalidCharactersPasswordException(getMessage("error.password.requireMixedCase"));
}
dkayiwa
(Daniel Kayiwa)
January 18, 2017, 11:33am
2
Is that in a unit test or user interface? If user interface, can you attach some screenshots?
dkayiwa
(Daniel Kayiwa)
January 18, 2017, 12:08pm
4
You may consider moving this to the bahmni talk category.
darius
(Darius Jazayeri)
January 18, 2017, 12:55pm
5
@dkayiwa , the question is about how Bahmni should be using the OpenMRS API.
@padmavati are you getting this untranslated error message in the Java API or in the REST API? What is your expectation of what should be happening?
It sounds like you’re suggesting that instead of
throw new WeakPasswordException();
we should be doing this
throw new WeakPasswordException(getMessage("error.password.weak"));
padmavati
(padma b)
January 18, 2017, 1:52pm
6
@darius
The expectation is it should send the translated message like how it is doing for the remaining validations.
throw new WeakPasswordException(getMessage(“error.password.weak”));
Yes we are suggesting this.