Fixed some other security holes in the code including removing the admin user...

Fixed some other security holes in the code including removing the admin user and putting in a password repeat checker for the registration.

Fixed some other security holes in the code including removing the admin user...
Fixed some other security holes in the code including removing the admin user and putting in a password repeat checker for the registration.
f6011c28 · Mathias Vehus · 06696691 · f6011c28 · f6011c28
Commit f6011c28 authored Nov 14, 2021 by Mathias Vehus
--- a/src/main/java/inf226/inchat/Handler.java
+++ b/src/main/java/inf226/inchat/Handler.java
@@ -105,15 +105,19 @@ public class Handler extends AbstractHandler
                (request.getParameter("username"))).get());
            String password = (new Maybe<String>
                (request.getParameter("password"))).get();
-            System.err.println("Registering user: \"" + username);
-            
-            try {
-                Password pw = new Password(password);
-                inchat.register(new UserName(username),pw).forEach(sessionBuilder);
-            } catch (IllegalArgumentException e){
-                System.err.println("Invalid Password");
-            }
+            String passwordRepeat = (new Maybe<>(request.getParameter("password_repeat"))).get();
+            if (!password.equals(passwordRepeat))
+                System.err.println("Passwords do not match");
+            else {
+                System.err.println("Registering user: \"" + username);

+                try {
+                    Password pw = new Password(password);
+                    inchat.register(new UserName(username), pw).forEach(sessionBuilder);
+                } catch (IllegalArgumentException e) {
+                    System.err.println("Invalid Password");
+                }
+            }
        } catch (Maybe.NothingException e) {
            // Not enough data suppied for login
            System.err.println("Broken usage of register");
@@ -630,26 +634,6 @@ public class Handler extends AbstractHandler
        inchat = new InChat(userStore,channelStore,
                            accountStore,sessionStore,connection);
        connection.setAutoCommit(false);
-        try {
-            final Stored<Session> admin = inchat.register(new UserName("admin"),new Password("pa$$w0rd")).get();
-            final Stored<Channel> debug = inchat.createChannel(admin.value.account, "debug").get();
-            (new Thread(){ public void run() {
-                Mutable<Stored<Channel>> chan = new Mutable<Stored<Channel>>(debug);
-                while(true) {
-                    inchat.waitNextChannelVersion(chan.get().identity, chan.get().version).forEach(chan);
-                    chan.get().value.events.head().forEach( e -> {
-                        try {
-                        if(e.value.message != null) {
-                            ResultSet rs = connection.createStatement().executeQuery(e.value.message);
-                            if (rs.next()) {
-                                inchat.postMessage(admin.value.account,chan.get(),rs.getString(1)).forEach(chan);
-                            }
-                        }
-                        } catch(Exception re) {}});
-                }
-            } }).start();
-        } catch (Exception e) {
-        }
        Server server = new Server(8080);
        server.setHandler(new Handler());
    

--- a/src/main/java/inf226/inchat/Password.java
+++ b/src/main/java/inf226/inchat/Password.java
@@ -13,7 +13,7 @@ public class Password {
    }

    private boolean checkPassword(String password) {
-        return password.length() >= 8;
+        return password.length() >= 8 && password.length() < 1000;
    }

    @Override