Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed fields validation bypass #3527

Merged
merged 2 commits into from
Mar 11, 2022
Merged

Fixed fields validation bypass #3527

merged 2 commits into from
Mar 11, 2022

Conversation

MDeLuise
Copy link
Contributor

Brief description of the PR
While editing an existing user account or creating a new children account, it is possible to bypass the length and composition policies enforced by the application frontend to, respectively, the password and account name fields.
This PR fixes this problems adding the validation of the fields even in the service backend.

@codecov
Copy link

codecov bot commented Mar 10, 2022
edited
Loading

Codecov Report

Merging #3527 (cfcc196) into develop (80972c3) will decrease coverage by 5.70%.
The diff coverage is 33.33%.

❗ Current head cfcc196 differs from pull request most recent head 7957123. Consider uploading reports for the commit 7957123 to get more accurate results

Impacted file tree graph

@@              Coverage Diff              @@
##             develop    #3527      +/-   ##
=============================================
- Coverage      50.25%   44.55%   -5.71%     
+ Complexity       259      184      -75     
=============================================
  Files           1647     1647              
  Lines          31666    31675       +9     
  Branches        2621     2624       +3     
=============================================
- Hits           15913    14112    -1801     
- Misses         14823    16738    +1915     
+ Partials         930      825     -105
Impacted Files Coverage Δ
...cation/credential/shiro/CredentialServiceImpl.java 30.98% <28.57%> (-5.43%) ⬇️
...a/service/account/internal/AccountServiceImpl.java 37.85% <50.00%> (-39.68%) ⬇️
...pse/kapua/kura/simulator/GatewayConfiguration.java 0.00% <0.00%> (-100.00%) ⬇️
...a/kura/simulator/birth/BirthCertificateModule.java 0.00% <0.00%> (-100.00%) ⬇️
.../kapua/service/tag/internal/TagListResultImpl.java 0.00% <0.00%> (-100.00%) ⬇️
...rvice/endpoint/internal/EndpointInfoQueryImpl.java 0.00% <0.00%> (-100.00%) ⬇️
.../endpoint/internal/EndpointInfoListResultImpl.java 0.00% <0.00%> (-100.00%) ⬇️
...nnection/internal/DeviceConnectionCreatorImpl.java 0.00% <0.00%> (-100.00%) ⬇️
...ent/packages/message/internal/PackageResource.java 0.00% <0.00%> (-100.00%) ⬇️
...kages/model/internal/DevicePackageOptionsImpl.java 0.00% <0.00%> (-100.00%) ⬇️
... and 116 more

@MDeLuise MDeLuise changed the title [ECED-929] [ECED-929] Fixed fields validation bypass Mar 10, 2022
@MDeLuise MDeLuise changed the title [ECED-929] Fixed fields validation bypass Fixed fields validation bypass Mar 10, 2022
@Coduz Coduz added the Bug This is a bug or an unexpected behaviour. Fix it! label Mar 11, 2022
@Coduz Coduz merged commit a7e814d into eclipse:develop Mar 11, 2022
@MDeLuise MDeLuise deleted the fix-bypassOfChildNameAndPsw branch March 11, 2022 16:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Coduz Coduz Coduz approved these changes

Assignees
No one assigned
Labels
Bug This is a bug or an unexpected behaviour. Fix it!
Projects
Eclipse Kapua 2.0.0
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MDeLuise @Coduz