Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(ui): enhanced email and password length constraint in basic authentication #4261

Merged
merged 3 commits into from
Jul 22, 2024
Merged

fix(ui): enhanced email and password length constraint in basic authentication #4261

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
53fba20
add email/password constraints for backend and frontend
frankzengjj Jul 8, 2024
16fe5eb
typo fix
frankzengjj Jul 8, 2024
95511d5
use translation json for warnings
frankzengjj Jul 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions ui/src/components/admin/stats/BasicAuthPrompt.vue
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@
<el-form-item
:label="$t('password')"
required
prop="password"
>
<el-input v-model="form.password" type="password" show-password />
</el-form-item>
Expand Down Expand Up @@ -62,6 +63,28 @@
trigger: ["blur"],
pattern: "^$|^[a-zA-Z0-9_!#$%&’*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$"
},
{
validator: (rule, value, callback) => {
if (value && value.length > 256) {
callback(new Error(this.$t("Email must not exceed 256 characters")));
frankzengjj marked this conversation as resolved.
Show resolved Hide resolved
} else {
callback();
}
},
trigger: ["blur", "change"]
}
],
password: [
{
validator: (rule, value, callback) => {
if (value && value.length > 256) {
callback(new Error(this.$t("Password must not exceed 256 characters")));
} else {
callback();
}
},
trigger: ["blur", "change"]
}
],
confirmPassword: [
{
Expand Down
7 changes: 7 additions & 0 deletions webserver/src/main/java/io/kestra/webserver/services/BasicAuthService.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
public class BasicAuthService {
public static final String BASIC_AUTH_SETTINGS_KEY = "kestra.server.basic-auth";
private static final Pattern EMAIL_PATTERN = Pattern.compile("^[a-zA-Z0-9_!#$%&’*+/=?`{|}~^.-]+@[a-zA-Z0-9.-]+$");
private static final int EMAIL_PASSWORD_MAX_LEN = 256;

@Inject
private SettingRepositoryInterface settingRepository;
Expand Down Expand Up @@ -75,6 +76,12 @@ public void save(String uid, BasicAuthConfiguration basicAuthConfiguration) {
throw new IllegalArgumentException("No password set for Basic Authentication. Please provide a password.");
}

if (basicAuthConfiguration.getUsername().length() > EMAIL_PASSWORD_MAX_LEN ||
basicAuthConfiguration.password.length() > EMAIL_PASSWORD_MAX_LEN) {
throw new IllegalArgumentException("The length of email or password should not exceed 256.");
frankzengjj marked this conversation as resolved.
Show resolved Hide resolved
}


SaltedBasicAuthConfiguration previousConfiguration = this.configuration();
String salt = previousConfiguration == null
? null
Expand Down
Loading