# Valid values are plain, md5 or crypt (unix style). Default is md5. \r
realm.passwordStorage = md5\r
\r
+# Minimum valid length for a plain text password.\r
+# Default value is 5. Absolute minimum is 4. \r
+realm.minPasswordLength = 5\r
+\r
#\r
# Git:Blit Web Settings\r
#\r
\r
@Override\r
public UserModel getUserModel(String username) {\r
- UserModel model = new UserModel(username);\r
UserIdentity identity = _users.get(username);\r
+ if (identity == null) {\r
+ return null;\r
+ }\r
+ UserModel model = new UserModel(username);\r
Subject subject = identity.getSubject();\r
for (Principal principal : subject.getPrincipals()) {\r
if (principal instanceof RolePrincipal) {\r
package com.gitblit.wicket.pages;\r
\r
+import java.text.MessageFormat;\r
import java.util.ArrayList;\r
import java.util.Iterator;\r
import java.util.List;\r
\r
private static final long serialVersionUID = 1L;\r
\r
+ /*\r
+ * (non-Javadoc)\r
+ * \r
+ * @see org.apache.wicket.markup.html.form.Form#onSubmit()\r
+ */\r
@Override\r
protected void onSubmit() {\r
+ String username = userModel.getUsername();\r
+ if (StringUtils.isEmpty(username)) {\r
+ error("Please enter a username!");\r
+ return;\r
+ }\r
+ if (isCreate) {\r
+ UserModel model = GitBlit.self().getUserModel(username);\r
+ if (model != null) {\r
+ error(MessageFormat.format("Username {0} is unavailable.", username));\r
+ return;\r
+ }\r
+ }\r
if (!userModel.getPassword().equals(confirmPassword.getObject())) {\r
error("Passwords do not match!");\r
return;\r
String password = userModel.getPassword();\r
if (!password.toUpperCase().startsWith(Crypt.__TYPE) && !password.toUpperCase().startsWith(MD5.__TYPE)) {\r
// This is a plain text password.\r
+ // Check length.\r
+ int minLength = GitBlit.self().settings().getInteger(Keys.realm.minPasswordLength, 5);\r
+ if (minLength < 4) {\r
+ minLength = 4;\r
+ }\r
+ if (password.trim().length() < minLength) {\r
+ error(MessageFormat.format("Password is too short. Minimum length is {0} characters.", minLength));\r
+ return;\r
+ }\r
+ \r
// Optionally encrypt/obfuscate the password.\r
String type = GitBlit.self().settings().getString(Keys.realm.passwordStorage, "md5");\r
if (type.equalsIgnoreCase("md5")) {\r
error(e.getMessage());\r
return;\r
}\r
- setRedirect(true);\r
+ setRedirect(false);\r
if (isCreate) {\r
// create another user\r
+ info(MessageFormat.format("New user {0} successfully created.", userModel.getUsername()));\r
setResponsePage(EditUserPage.class);\r
} else {\r
// back to home\r
projects / gitblit.git / commitdiff