raises error if password length is less than 8 chars

Signed-off-by: Kapil Chouhan <kapil.chouhan@msystechnologies.com>
chef · Dec 16, 2019 · 07eea78 · 07eea78
1 parent 72bc6db
commit 07eea78
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 31 deletions.
diff --git a/lib/chef/knife/ec2_server_create.rb b/lib/chef/knife/ec2_server_create.rb
@@ -717,15 +717,11 @@ def plugin_validate_options!
           exit 1
         end
 
-        if winrm? && config_value(:connection_password).to_s.length > 14
-          ui.warn("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
-          password_promt = STDIN.gets.chomp.upcase
-          if password_promt == "N"
-            raise "Exiting as operation with password greater than 14 characters not accepted"
-          elsif password_promt == "Y"
-            @allow_long_password = "/yes"
-          else
-            raise "The input provided is incorrect."
+        if winrm?
+          reg = /^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-]).{8,40}$/
+          unless config_value(:connection_password) =~ reg
+            ui.error("Complexity requirements are not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit, and 1 special character")
+            exit 1
           end
         end
 
@@ -891,7 +887,6 @@ def server_attributes
         attributes[:placement][:tenancy] = "dedicated" if vpc_mode? && config_value(:dedicated_instance)
         attributes[:iam_instance_profile] = {}
         attributes[:iam_instance_profile][:name] = config_value(:iam_instance_profile)
-
         if config_value(:winrm_ssl)
           if config_value(:aws_user_data)
             begin
@@ -919,7 +914,6 @@ def server_attributes
             end
           end
         end
-
         attributes[:ebs_optimized] = !!config_value(:ebs_optimized)
 
         if ami.root_device_type == "ebs"

diff --git a/spec/unit/ec2_server_create_spec.rb b/spec/unit/ec2_server_create_spec.rb
@@ -164,7 +164,7 @@
       image: "ami-005bdb005fb00e791",
       ssh_key_name: "ssh_key_name",
       connection_user: "user",
-      connection_password: "password",
+      connection_password: "Password@123",
       network_interfaces: %w{eni-12345678 eni-87654321},
     }.each do |key, value|
       Chef::Config[:knife][key] = value
@@ -514,6 +514,15 @@
     end
   end
 
+  shared_examples "invalid password" do
+    it "raises error" do
+      expect(knife_ec2_create.ui).to receive(:error).with(
+        "Complexity requirements are not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit, and 1 special character"
+      )
+      expect { knife_ec2_create.plugin_validate_options! }.to raise_error(SystemExit)
+    end
+  end
+
   describe "S3 secret test cases" do
     before do
       Chef::Config[:knife][:s3_secret] =
@@ -2008,7 +2017,6 @@
       it "appends ssl config to user supplied user_data at the end of <powershell> tag section" do
         encoded_data = Base64.encode64(@server_def_user_data)
         server_def = knife_ec2_create.server_attributes
-
         expect(server_def[:user_data]).to eq(encoded_data)
       end
 
@@ -2671,45 +2679,58 @@
     end
   end
 
-  describe "Handle password greater than 14 characters" do
+  describe "Check Password valid on not" do
     before do
       allow(knife_ec2_create).to receive(:validate_aws_config!)
       allow(knife_ec2_create).to receive(:validate_nics!)
       allow(knife_ec2_create).to receive(:ami).and_return(ami)
       knife_ec2_create.config[:connection_user] = "domain\\ec2"
-      knife_ec2_create.config[:connection_password] = "LongPassword@123"
       knife_ec2_create.config[:connection_protocol] = "winrm"
     end
 
-    context "when user enters Y after prompt" do
+    context "when user enters a valid password" do
       before do
-        allow(STDIN).to receive_message_chain(:gets, chomp: "Y")
+        knife_ec2_create.config[:connection_password] = "Password@123"
       end
-      it "user addition command is executed forcefully" do
-        expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
-        knife_ec2_create.plugin_validate_options!
-        expect(knife_ec2_create.instance_variable_get(:@allow_long_password)).to eq ("/yes")
+
+      it "does not raise an error" do
+        expect(knife_ec2_create.ui).not_to receive(:error).with(
+          "Complexity requirement not met. Password length should be 8-40 characters and include: 1 uppercase, 1 lowercase, 1 digit and 1 special character"
+        )
+        expect { knife_ec2_create.plugin_validate_options! }.not_to raise_error(SystemExit)
       end
     end
 
-    context "when user enters n after prompt" do
+    context "when password does not contain with atleast one uppercase character" do
       before do
-        allow(STDIN).to receive_message_chain(:gets, chomp: "N")
+        knife_ec2_create.config[:connection_password] = "password@123"
       end
-      it "operation exits" do
-        expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
-        expect { knife_ec2_create.plugin_validate_options! }.to raise_error("Exiting as operation with password greater than 14 characters not accepted")
+
+      it_behaves_like "invalid password"
+    end
+
+    context "when password does not contain with atleast one lowercase character" do
+      before do
+        knife_ec2_create.config[:connection_password] = "PASSWORD@123"
       end
+
+      it_behaves_like "invalid password"
     end
 
-    context "when user enters xyz instead of (Y/N) after prompt" do
+    context "when password does not contain with atleast one digit from 0-9" do
       before do
-        allow(STDIN).to receive_message_chain(:gets, chomp: "xyz")
+        knife_ec2_create.config[:connection_password] = "password@"
       end
-      it "operation exits" do
-        expect(knife_ec2_create.ui).to receive(:warn).with("The password provided is longer than 14 characters. Computers with Windows prior to Windows 2000 will not be able to use this account. Do you want to continue this operation? (Y/N):")
-        expect { knife_ec2_create.plugin_validate_options! }.to raise_error("The input provided is incorrect.")
+
+      it_behaves_like "invalid password"
+    end
+
+    context "when password does not contain with atleast one special character" do
+      before do
+        knife_ec2_create.config[:connection_password] = "password123"
       end
+
+      it_behaves_like "invalid password"
     end
   end