FINERACT-2081: Update password policy

apache · Nov 7, 2024 · 3728a13 · 3728a13
1 parent 492ec44
commit 3728a13
Show file tree

Hide file tree

Showing 19 changed files with 191 additions and 25 deletions.
diff --git a/.github/workflows/build-tests.yml b/.github/workflows/build-tests.yml
@@ -37,6 +37,7 @@ jobs:
           BASE_URL: https://localhost:8443
           TEST_USERNAME: mifos
           TEST_PASSWORD: password
+          TEST_STRONG_PASSWORD: A1b2c3d4e5f$
           TEST_TENANT_ID: default
           INITIALIZATION_ENABLED: true
           EVENT_VERIFICATION_ENABLED: false

diff --git a/fineract-e2e-tests-core/src/test/java/org/apache/fineract/test/api/ApiProperties.java b/fineract-e2e-tests-core/src/test/java/org/apache/fineract/test/api/ApiProperties.java
@@ -32,6 +32,8 @@ public class ApiProperties {
     private String username;
     @Value("${fineract-test.api.password}")
     private String password;
+    @Value("${fineract-test.api.strong-password}")
+    private String strongPassword;
     @Value("${fineract-test.api.tenant-id}")
     private String tenantId;
 }
diff --git a/...e2e-tests-core/src/test/java/org/apache/fineract/test/stepdef/common/BatchApiStepDef.java b/...e2e-tests-core/src/test/java/org/apache/fineract/test/stepdef/common/BatchApiStepDef.java
@@ -473,7 +473,7 @@ public void runBatchApiCreateAndApproveLoanRescheduleWithGivenUser(String fromDa
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
@@ -533,7 +533,7 @@ public void runBatchApiCreateAndApproveLoanRescheduleWithGivenUserLockedByCobErr
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));

diff --git a/...act-e2e-tests-core/src/test/java/org/apache/fineract/test/stepdef/common/UserStepDef.java b/...act-e2e-tests-core/src/test/java/org/apache/fineract/test/stepdef/common/UserStepDef.java
@@ -76,8 +76,8 @@ public void createUserWithUsernameAndRoles(String username, String roleName, Lis
                 .lastname(username) //
                 .sendPasswordToEmail(Boolean.FALSE) //
                 .officeId(1L) //
-                .password(apiProperties.getPassword()) //
-                .repeatPassword(apiProperties.getPassword()) //
+                .password(apiProperties.getStrongPassword()) //
+                .repeatPassword(apiProperties.getStrongPassword()) //
                 .roles(List.of(roleId));
 
         Response<PostUsersResponse> createUserResponse = usersApi.create15(postUsersRequest).execute();

diff --git a/...ests-core/src/test/java/org/apache/fineract/test/stepdef/loan/LoanDelinquencyStepDef.java b/...ests-core/src/test/java/org/apache/fineract/test/stepdef/loan/LoanDelinquencyStepDef.java
@@ -226,7 +226,7 @@ public void delinquencyPauseWithCreatedUser(String startDate, String endDate) th
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
@@ -258,7 +258,7 @@ public void delinquencyPauseWithCreatedUserNOPermissionError(String startDate, S
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));

diff --git a/...-tests-core/src/test/java/org/apache/fineract/test/stepdef/loan/LoanRepaymentStepDef.java b/...-tests-core/src/test/java/org/apache/fineract/test/stepdef/loan/LoanRepaymentStepDef.java
@@ -155,7 +155,7 @@ public void makeRepaymentWithGivenUser(String repaymentType, String transactionD
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));
@@ -214,7 +214,7 @@ public void makeRepaymentWithGivenUserByExternalId(String repaymentType, String
         Long createdUserId = createUserResponse.body().getResourceId();
         Response<GetUsersUserIdResponse> user = usersApi.retrieveOne31(createdUserId).execute();
         ErrorHelper.checkSuccessfulApiCall(user);
-        String authorizationString = user.body().getUsername() + ":" + apiProperties.getPassword();
+        String authorizationString = user.body().getUsername() + ":" + apiProperties.getStrongPassword();
         Base64 base64 = new Base64();
         headerMap.put("Authorization",
                 "Basic " + new String(base64.encode(authorizationString.getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8));

diff --git a/fineract-e2e-tests-core/src/test/resources/fineract-test-application.properties b/fineract-e2e-tests-core/src/test/resources/fineract-test-application.properties
@@ -20,6 +20,7 @@
 fineract-test.api.base-url=${BASE_URL:https://localhost:8443}
 fineract-test.api.username=${TEST_USERNAME:mifos}
 fineract-test.api.password=${TEST_PASSWORD:password}
+fineract-test.api.strong-password=${TEST_STRONG_PASSWORD:A1b2c3d4e5f$}
 fineract-test.api.tenant-id=${TEST_TENANT_ID:default}
 
 fineract-test.initialization.enabled=${INITIALIZATION_ENABLED:false}

diff --git a/fineract-provider/src/main/resources/db/changelog/tenant/changelog-tenant.xml b/fineract-provider/src/main/resources/db/changelog/tenant/changelog-tenant.xml
@@ -170,4 +170,5 @@
     <include file="parts/0149_update_global_configuration_names.xml" relativeToChangelogFile="true" />
     <include file="parts/0150_transaction_summary_with_asset_owner_report_interest_waiver_interest_refund_added.xml" relativeToChangelogFile="true" />
     <include file="parts/0151_interest_refund_business_events.xml" relativeToChangelogFile="true" />
+    <include file="parts/0152_update_password_validation_policy.xml" relativeToChangelogFile="true" />
 </databaseChangeLog>
diff --git a/...r/src/main/resources/db/changelog/tenant/parts/0152_update_password_validation_policy.xml b/...r/src/main/resources/db/changelog/tenant/parts/0152_update_password_validation_policy.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+                   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+                   xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-4.3.xsd">
+    <changeSet author="fineract" id="1" context="mysql">
+        <preConditions onFail="MARK_RAN">
+            <sqlCheck expectedResult="0">
+                SELECT COUNT(*) FROM m_password_validation_policy WHERE `key` = 'strong'
+            </sqlCheck>
+        </preConditions>
+
+        <insert tableName="m_password_validation_policy">
+            <column name="regex" value="^(?!.*(.)\1)(?!.*\s)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^\w\s]).{12,50}$"/>
+            <column name="description" value="Password must be 12 to 50 characters long, containing at least one uppercase letter, one lowercase letter, one numeric digit, and one special character, with no spaces or consecutive repeating characters"/>
+            <column name="active" valueBoolean="false"/>
+            <column name="key" value="strong"/>
+        </insert>
+    </changeSet>
+    <changeSet author="fineract" id="1" context="postgresql">
+        <preConditions onFail="MARK_RAN">
+            <sqlCheck expectedResult="0">
+                SELECT COUNT(*) FROM m_password_validation_policy WHERE key = 'strong'
+            </sqlCheck>
+        </preConditions>
+
+        <insert tableName="m_password_validation_policy">
+            <column name="regex" value="^(?!.*(.)\1)(?!.*\s)(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[^\w\s]).{12,50}$"/>
+            <column name="description" value="Password must be 12 to 50 characters long, containing at least one uppercase letter, one lowercase letter, one numeric digit, and one special character, with no spaces or consecutive repeating characters"/>
+            <column name="active" valueBoolean="false"/>
+            <column name="key" value="strong"/>
+        </insert>
+    </changeSet>
+
+    <changeSet author="fineract" id="2" context="mysql">
+        <preConditions onFail="MARK_RAN">
+            <and>
+                <sqlCheck expectedResult="1">
+                    SELECT COUNT(*) FROM m_password_validation_policy WHERE `key` = 'simple' AND active = 1;
+                </sqlCheck>
+                <sqlCheck expectedResult="0">
+                    SELECT COUNT(*) FROM m_password_validation_policy WHERE `key` = 'strong' AND active = 1;
+                </sqlCheck>
+            </and>
+        </preConditions>
+
+        <update tableName="m_password_validation_policy">
+            <column name="active" valueBoolean="false"/>
+            <where>`key` = 'simple' AND active = true</where>
+        </update>
+        <update tableName="m_password_validation_policy">
+            <column name="active" valueBoolean="true"/>
+            <where>`key` = 'strong' AND active = false</where>
+        </update>
+    </changeSet>
+    <changeSet author="fineract" id="2" context="postgresql">
+        <preConditions onFail="MARK_RAN">
+            <and>
+                <sqlCheck expectedResult="1">
+                    SELECT COUNT(*) FROM m_password_validation_policy WHERE key = 'simple' AND active = TRUE;
+                </sqlCheck>
+                <sqlCheck expectedResult="0">
+                    SELECT COUNT(*) FROM m_password_validation_policy WHERE key = 'strong' AND active = TRUE;
+                </sqlCheck>
+            </and>
+        </preConditions>
+
+        <update tableName="m_password_validation_policy">
+            <column name="active" valueBoolean="false"/>
+            <where>key = 'simple' AND active = TRUE</where>
+        </update>
+        <update tableName="m_password_validation_policy">
+            <column name="active" valueBoolean="true"/>
+            <where>key = 'strong' AND active = FALSE</where>
+        </update>
+    </changeSet>
+</databaseChangeLog>
diff --git a/...sts/src/test/java/org/apache/fineract/integrationtests/AuthenticationIntegrationTest.java b/...sts/src/test/java/org/apache/fineract/integrationtests/AuthenticationIntegrationTest.java
@@ -64,7 +64,7 @@ public void setup() {
         AccountHelper accountHelper = new AccountHelper(this.requestSpec, this.responseSpec);
         Integer staffId = StaffHelper.createStaff(this.requestSpec, this.responseSpec);
         String username = Utils.uniqueRandomStringGenerator("user", 8);
-        UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "P4ssw0rd", "resourceId");
+        UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "A1b2c3d4e5f$", "resourceId");
         Integer clientID = ClientHelper.createClient(requestSpec, responseSpec);
 
         Integer loanProductID = setupLoanProduct(accountHelper);

diff --git a/...sts/src/test/java/org/apache/fineract/integrationtests/ClientAuditingIntegrationTest.java b/...sts/src/test/java/org/apache/fineract/integrationtests/ClientAuditingIntegrationTest.java
@@ -65,7 +65,7 @@ public void setup() {
     public void checkAuditDates() throws InterruptedException {
         final Integer staffId = StaffHelper.createStaff(this.requestSpec, this.responseSpec);
         String username = Utils.uniqueRandomStringGenerator("user", 8);
-        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "password",
+        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "A1b2c3d4e5f$",
                 "resourceId");
         OffsetDateTime now = Utils.getAuditDateTimeToCompare();
         LOG.info("-------------------------Creating Client---------------------------");
@@ -88,7 +88,7 @@ public void checkAuditDates() throws InterruptedException {
         LOG.info("-------------------------Modify Client with System user---------------------------");
         this.requestSpec = new RequestSpecBuilder().setContentType(ContentType.JSON).build();
         this.requestSpec.header("Authorization",
-                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "password"));
+                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "A1b2c3d4e5f$"));
         this.clientHelper = new ClientHelper(this.requestSpec, this.responseSpec);
 
         OffsetDateTime now2 = Utils.getAuditDateTimeToCompare();

diff --git a/...tests/src/test/java/org/apache/fineract/integrationtests/LoanAuditingIntegrationTest.java b/...tests/src/test/java/org/apache/fineract/integrationtests/LoanAuditingIntegrationTest.java
@@ -79,7 +79,7 @@ public void setup() {
     public void checkAuditDates() throws InterruptedException {
         final Integer staffId = StaffHelper.createStaff(this.requestSpec, this.responseSpec);
         String username = Utils.uniqueRandomStringGenerator("user", 8);
-        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "P4ssw0rd",
+        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "A1b2c3d4e5f$",
                 "resourceId");
 
         LOG.info("-------------------------Creating Client---------------------------");
@@ -119,7 +119,7 @@ public void checkAuditDates() throws InterruptedException {
 
         this.requestSpec = new RequestSpecBuilder().setContentType(ContentType.JSON).build();
         this.requestSpec.header("Authorization",
-                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "P4ssw0rd"));
+                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "A1b2c3d4e5f$"));
         this.loanTransactionHelper = new LoanTransactionHelper(this.requestSpec, this.responseSpec);
 
         OffsetDateTime now2 = Utils.getAuditDateTimeToCompare();

diff --git a/...est/java/org/apache/fineract/integrationtests/LoanTransactionAuditingIntegrationTest.java b/...est/java/org/apache/fineract/integrationtests/LoanTransactionAuditingIntegrationTest.java
@@ -79,7 +79,7 @@ public void setup() {
     public void checkAuditDates() throws InterruptedException {
         final Integer staffId = StaffHelper.createStaff(this.requestSpec, this.responseSpec);
         String username = Utils.uniqueRandomStringGenerator("user", 8);
-        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "P4ssw0rd",
+        final Integer userId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "A1b2c3d4e5f$",
                 "resourceId");
 
         LOG.info("-------------------------Creating Client---------------------------");
@@ -128,7 +128,7 @@ public void checkAuditDates() throws InterruptedException {
 
         this.requestSpec = new RequestSpecBuilder().setContentType(ContentType.JSON).build();
         this.requestSpec.header("Authorization",
-                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "P4ssw0rd"));
+                "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(username, "A1b2c3d4e5f$"));
         this.loanTransactionHelper = new LoanTransactionHelper(this.requestSpec, this.responseSpec);
 
         OffsetDateTime now2 = Utils.getAuditDateTimeToCompare();

diff --git a/...sts/src/test/java/org/apache/fineract/integrationtests/LoanValidationIntegrationTest.java b/...sts/src/test/java/org/apache/fineract/integrationtests/LoanValidationIntegrationTest.java
@@ -69,7 +69,7 @@ public void setup() {
     public void checkPrincipalErrors() {
         final Integer staffId = StaffHelper.createStaff(this.requestSpec, this.responseSpec);
         String username = Utils.uniqueRandomStringGenerator("user", 8);
-        UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "P4ssw0rd", "resourceId");
+        UserHelper.createUser(this.requestSpec, this.responseSpec, 1, staffId, username, "A1b2c3d4e5f$", "resourceId");
 
         LOG.info("-------------------------Creating Client---------------------------");
         final Integer clientID = ClientHelper.createClient(requestSpec, responseSpec);

diff --git a/integration-tests/src/test/java/org/apache/fineract/integrationtests/MakercheckerTest.java b/integration-tests/src/test/java/org/apache/fineract/integrationtests/MakercheckerTest.java
@@ -106,11 +106,11 @@ public void testMakerCheckerOn() {
             // create maker user
             String maker = Utils.uniqueRandomStringGenerator("user", 8);
             final Integer makerUserId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, roleId, staffId, maker,
-                    "P4ssw0rd", "resourceId");
+                    "A1b2c3d4e5f$", "resourceId");
 
             // create client - maker-checker disabled
             RequestSpecification makerRequestSpec = new RequestSpecBuilder().setContentType(ContentType.JSON).build()
-                    .header("Authorization", "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(maker, "P4ssw0rd"));
+                    .header("Authorization", "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(maker, "A1b2c3d4e5f$"));
             Integer clientId = ClientHelper.createClient(makerRequestSpec, this.responseSpec);
             assertNotNull(clientId);
             ClientHelper.verifyClientCreatedOnServer(requestSpec, this.responseSpec, clientId);
@@ -155,9 +155,9 @@ public void testMakerCheckerOn() {
             // create checker user
             String checker = Utils.uniqueRandomStringGenerator("user", 8);
             final Integer checkerUserId = (Integer) UserHelper.createUser(this.requestSpec, this.responseSpec, roleId, staffId, checker,
-                    "P4ssw0rd", "resourceId");
+                    "A1b2c3d4e5f$", "resourceId");
             RequestSpecification checkerRequestSpec = new RequestSpecBuilder().setContentType(ContentType.JSON).build()
-                    .header("Authorization", "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(checker, "P4ssw0rd"));
+                    .header("Authorization", "Basic " + Utils.loginIntoServerAndGetBase64EncodedAuthenticationKey(checker, "A1b2c3d4e5f$"));
 
             // check by another checker user should succeed
             HashMap<?, ?> response = MakercheckersHelper.approveMakerCheckerEntry(checkerRequestSpec, responseSpec, clientCommandId);

diff --git a/...gration-tests/src/test/java/org/apache/fineract/integrationtests/NotificationApiTest.java b/...gration-tests/src/test/java/org/apache/fineract/integrationtests/NotificationApiTest.java
@@ -61,7 +61,8 @@ public void setUp() {
 
         GetOfficesResponse headOffice = OfficeHelper.getHeadOffice(requestSpec, responseSpec);
         String username = Utils.uniqueRandomStringGenerator("NotificationUser", 4);
-        String password = Utils.randomStringGenerator("aA1", 10); // prefix is to conform with the password rules
+        String password = Utils.randomStringGenerator("A1b2c3d4e5f$", 1); // prefix is to conform with the password
+                                                                          // rules
         PostUsersRequest createUserRequest = new PostUsersRequest().username(username)
                 .firstname(Utils.randomStringGenerator("NotificationFN", 4)).lastname(Utils.randomStringGenerator("NotificationLN", 4))
                 .email("[email protected]").password(password).repeatPassword(password).sendPasswordToEmail(false)