Issues in UserModelDtoValidator.java (master) - Issues in master - malinink/easy-tests - Measure and Improve Code Quality continuously with Scrutinizer

Issues (39)

admin/validators/UserModelDtoValidator.java (1 issue)

Labels

Security 1

Severity

Critical 1

package easytests.admin.validators;

import easytests.admin.dto.UserModelDto;
import easytests.common.validators.AbstractDtoValidator;
import easytests.core.models.UserModelInterface;
import easytests.core.services.UsersService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.validation.Errors;


/**
 * @author malinink
 */
@Service
public class UserModelDtoValidator extends AbstractDtoValidator {
    @Autowired
    private UsersService usersService;

    public boolean supports(Class candidate) {
        return UserModelDto.class.isAssignableFrom(candidate);
    }

    public void validate(Object obj, Errors errors) {
        final UserModelDto userModelDto = (UserModelDto) obj;
        this.validateEmailIsUnique(errors, userModelDto);
        this.validatePassword(errors, userModelDto);
        this.validatePasswordRepeat(errors, userModelDto);
    }

    private void validateEmailIsUnique(Errors errors, UserModelDto userModelDto) {
        final UserModelInterface userModel = this.usersService.findByEmail(userModelDto.getEmail());
        if ((userModel != null) && !userModel.getId().equals(userModelDto.getId())) {
            reject(errors, "email", "This Email already present");
        }
    }

    private void validatePassword(Errors errors, UserModelDto userModelDto) {
        final String password = userModelDto.getPassword();
        final String passwordField = "password";

        if ("".equals(password) || (password == null)) {
            // It's not a good idea to check whether we creating object by its id
            if (userModelDto.getId() == null) {
                reject(errors, passwordField, "Password is required on creating user procedure");
            }
            return;
        }
        if (password.length() < 8) {
            reject(errors, passwordField, "Password must be at least 8 symbols");
        }
        // TODO add more specific checks on password
    }

    private void validatePasswordRepeat(Errors errors, UserModelDto userModelDto) {
        final String password = userModelDto.getPassword();
        final String passwordRepeat = userModelDto.getPasswordRepeat();
        if (((password == null) && (passwordRepeat != null))
                || ((password != null) && !password.equals(passwordRepeat))) {
            reject(errors, "passwordRepeat", "Password repeat differs from password");
        }
    }
}


1			package easytests.admin.validators;
2
3			import easytests.admin.dto.UserModelDto;
4			import easytests.common.validators.AbstractDtoValidator;
5			import easytests.core.models.UserModelInterface;
6			import easytests.core.services.UsersService;
7			import org.springframework.beans.factory.annotation.Autowired;
8			import org.springframework.stereotype.Service;
9			import org.springframework.validation.Errors;
10
11
12			/**
13			* @author malinink
14			*/
15			@Service
16			public class UserModelDtoValidator extends AbstractDtoValidator {
17			@Autowired
18			private UsersService usersService;
19
20			public boolean supports(Class candidate) {
21			return UserModelDto.class.isAssignableFrom(candidate);
22			}
23
24			public void validate(Object obj, Errors errors) {
25			final UserModelDto userModelDto = (UserModelDto) obj;
26			this.validateEmailIsUnique(errors, userModelDto);
27			this.validatePassword(errors, userModelDto);
28			this.validatePasswordRepeat(errors, userModelDto);
29			}
30
31			private void validateEmailIsUnique(Errors errors, UserModelDto userModelDto) {
32			final UserModelInterface userModel = this.usersService.findByEmail(userModelDto.getEmail());
33			if ((userModel != null) && !userModel.getId().equals(userModelDto.getId())) {
34			reject(errors, "email", "This Email already present");
35			}
36			}
37
38			private void validatePassword(Errors errors, UserModelDto userModelDto) {
39			final String password = userModelDto.getPassword();
40			final String passwordField = "password";
			0 ignored issues – show Security introduced 2017-11-17 08:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this Hard-coding user names and passwords is a very insecure and inefficient practice. Consider reading the credentials from an outside file or other source, which you may not want to put in your source code repository. Loading history...
41			if ("".equals(password) \|\| (password == null)) {
42			// It's not a good idea to check whether we creating object by its id
43			if (userModelDto.getId() == null) {
44			reject(errors, passwordField, "Password is required on creating user procedure");
45			}
46			return;
47			}
48			if (password.length() < 8) {
49			reject(errors, passwordField, "Password must be at least 8 symbols");
50			}
51			// TODO add more specific checks on password
52			}
53
54			private void validatePasswordRepeat(Errors errors, UserModelDto userModelDto) {
55			final String password = userModelDto.getPassword();
56			final String passwordRepeat = userModelDto.getPasswordRepeat();
57			if (((password == null) && (passwordRepeat != null))
58			\|\| ((password != null) && !password.equals(passwordRepeat))) {
59			reject(errors, "passwordRepeat", "Password repeat differs from password");
60			}
61			}
62			}
63

malinink / easy-tests

Issues (39)

admin/validators/UserModelDtoValidator.java (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like