This provides one centralized place where the PasswordChecker used can
be selected or changed. (setPasswordChecker() is intended for use in the
tests – in normal operation, the PasswordChecker should be set up once
during initialization and then not changed.)
I’d like to do this via dependency injection, but neither User nor
Signup seem like the right places to do this. Perhaps this kind of logic
should be moved to some kind of service where this is more feasible, but
that’s not a refactoring I want to do right now.
PasswordChecker is a generic version of the interface which
PasswordStrengthChecker currently offers. PasswordStrengthChecker is
changed to implement the new interface (currently the only
implementation, but others will be added in the future).
Using this interface instead of PasswordStrengthChecker directly in
other code will let us introduce other ways of checking password
strength as well, e. g. implementing #143.
The interface is placed in the new `passwords` subpackage, and the
PasswordStrengthChecker implementation is also moved there.
INOPIAE [Sat, 3 Mar 2018 06:04:32 +0000 (07:04 +0100)]
chg: apply css 'table' class to table
The 'table' class is built-in from bootstrap to format a table to
spread across the screen. Bootstrap styles tables with the 'table' class
only due to the widespread use of tables for formatting purposes other
than tabular data.
Ant is clearly used for the whole build process, and wget is used to
download the public suffix list as part of the update-effective-tlds Ant
build target.
Felix Dörre [Tue, 20 Feb 2018 20:21:39 +0000 (21:21 +0100)]
Merge changes I18f5f27f,I27ec303f,I78009fe3
* changes:
fix: avoid resource leak when generating OCSP requests
fix: prevent possible NPE on failure to list the CA directory
chg: ensure actor, target and support ticket are non-null
Benny Baumann [Tue, 6 Feb 2018 15:03:52 +0000 (16:03 +0100)]
chg: ensure actor, target and support ticket are non-null
This patch is a defense-in-depth in cases of internal inconsistencies:
If e.g. somehow the session used to authenticate a request gets corrupted or
through a race condition a user gets deleted in the DB between validation
of the password and passing on that user to the actual session login this
will provide a safe-guard. This also centralises the check for acceptable
AuthorisationContexts in the class itself.
Result of this patch is any call to AuthorisationContext.getActor() will
return a non-null User object, as AuthorisationContexts with an null actor,
target or support ticket are rejected as invalid.
Felix Dörre [Mon, 29 Jan 2018 10:55:28 +0000 (11:55 +0100)]
chg: jar version to match the version generated for the package
The jar version is displayed on the About page. Changing it to match the
syntax of the package version allows a user to compare two versions and
see which one is newer.
With this formulation of the script, we only need to change one place in
the script to update or add libraries. (However, the separate .gitignore
and checksums.txt files still need to be updated as well.)
(The unquoted $(basename ...) is safe because we know the basenames
cannot contain spaces – at worst, they would be URL-encoded as %20.)
“departement” or “département” is French (or German borrowed from
French); in English one of the ‘e’s is dropped. (Compare to the variable
one line below, which is already spelled correctly.)
chg: don’t use printf with variable format strings
Except in very exceptional cases, the format string to printf should
never be variable (and for maximum clarity, it should always be
single-quoted even if it happens to contain no shell special
characters). This commit changes one format string from double to single
quotes and rewrites two more to use substitution sequences instead of
substituting variables directly into the format (which is dangerous if
they could contain ‘%’ characters).
With this change, the following search finds no results:
Felix Dörre [Wed, 13 Dec 2017 19:34:15 +0000 (20:34 +0100)]
fix: the "generateBrokenKeypair" can sometimes hang indefinitely
The value of "p" can be too small so no value for "q" can be found.
The problem can be resolved by re-choosing both p and q when the result
is too small. The old "swap and only re-generate the smaller prime" does
not work anymore as p and q are not generated with equal length.
Felix Dörre [Tue, 7 Nov 2017 20:06:55 +0000 (21:06 +0100)]
chg: manage more resources explicitly
When a constructor that gets a resource fails, it might prevent the
resource from being closed. By giving the resource explicitly to the
try-with-resources, this is prevented.
Benny Baumann [Tue, 7 Nov 2017 19:55:40 +0000 (20:55 +0100)]
Merge changes I46ae11f8,I6d71e70e,Ie19e3229
* changes:
chg: remove csr_name and crt_name columns from certs
chg: use certificate attachment to store CRT and CSR files
add: text-attachments for certificates
* changes:
add: check for keys using acceptable algorithms
chg: update debian/copyright file based on upstream spec
add: public key check testing for ROCA (Return of Coppersmith Attack) vulnerability
add: public key check searching for small primes (less than 10k)
add: initial class for performing arbitrary checks to validate public keys