hardened password validation, added tests

2025-03-03 12:33:07 +01:00
parent f5df70fba8
commit 8ec9fb247f
8 changed files with 122 additions and 25 deletions
--- a/go-backend/internal/validation/user_validation.go
+++ b/go-backend/internal/validation/user_validation.go
@@ -5,27 +5,27 @@ import (
 	"GoMembership/internal/models"
 	"GoMembership/internal/repositories"
 	"GoMembership/pkg/logger"
+	"strings"
 	"time"

 	"github.com/go-playground/validator/v10"
+	passwordvalidator "github.com/wagslane/go-password-validator"
 )

-func validateUser(sl validator.StructLevel) {
+var passwordErrorTranslations = map[string]string{
+	"insecure password, try ":           "",
+	"or using a longer password":        "server.validation.longer",
+	"including more special characters": "server.validation.special",
+	"using lowercase letters":           "server.validation.lowercase",
+	"using uppercase letters":           "server.validation.uppercase",
+	"using numbers":                     "server.validation.numbers",
+}
+
+func ValidateUser(sl validator.StructLevel) {
 	user := sl.Current().Interface().(models.User)

 	isSuper := user.RoleID >= constants.Roles.Admin
-
-	if user.RoleID > constants.Roles.Member && user.Password == "" {
-		passwordExists, err := repositories.PasswordExists(&user.ID)
-		if err != nil || !passwordExists {
-			logger.Error.Printf("Error checking password exists for user %v: %v", user.Email, err)
-			sl.ReportError(user.Password, "Password", "password", "required", "")
-		}
-	}
-	// Validate User > 18 years old
-	if user.RoleID > constants.Roles.Supporter && user.DateOfBirth.After(time.Now().AddDate(-18, 0, 0)) {
-		sl.ReportError(user.DateOfBirth, "user.user", "user.dateofbirth", "age", "")
-	}
+	isSupporter := user.RoleID == constants.Roles.Supporter
 	// validate subscriptionModel
 	if user.Membership.SubscriptionModel.Name == "" {
 		sl.ReportError(user.Membership.SubscriptionModel.Name, "subscription.name", "name", "required", "")
@@ -38,12 +38,41 @@ func validateUser(sl validator.StructLevel) {
 			user.Membership.SubscriptionModel = *selectedModel
 		}
 	}
+	if isSupporter {
+		if user.BankAccount.IBAN != "" {
+			validateBankAccount(sl)
+		}
+		return
+	}

-	validateMembership(sl)
-	if !isSuper {
-		validateBankAccount(sl)
-		if user.Licence != nil && user.RoleID > constants.Roles.Supporter {
-			validateDriverslicence(sl)
+	if user.Password != "" {
+		if err := passwordvalidator.Validate(user.Password, 60); err != nil {
+			sl.ReportError(user.Password, translatePasswordError(err), "password", "insecure", "")
 		}
 	}
+	// Validate User > 18 years old
+	if user.DateOfBirth.After(time.Now().AddDate(-18, 0, 0)) {
+		sl.ReportError(user.DateOfBirth, "user.user", "user.dateofbirth", "age", "")
+	}
+	validateMembership(sl)
+
+	if isSuper {
+		return
+	}
+
+	validateBankAccount(sl)
+	if user.Licence != nil {
+		validateDriverslicence(sl)
+	}
+}
+
+func translatePasswordError(err error) string {
+	errMsg := err.Error()
+	// Translate each part of the error message
+	translatedMsg := errMsg
+	for eng, translated := range passwordErrorTranslations {
+		translatedMsg = strings.Replace(translatedMsg, eng, translated, -1)
+	}
+
+	return strings.Replace(translatedMsg, ",", "", -1)
 }