adding password validations for user provided password (#7)

raviten · web-flow · commit d653e2e22279 · 2019-11-05T07:55:43.000+05:30
diff --git a/src/DataBoxEdge/DataBoxEdge/Az.DataBoxEdge.psd1 b/src/DataBoxEdge/DataBoxEdge/Az.DataBoxEdge.psd1
@@ -12,7 +12,7 @@
 # RootModule = ''
 
 # Version number of this module.
-ModuleVersion = '0.2.1'
+ModuleVersion = '0.1.1'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'
diff --git a/src/DataBoxEdge/DataBoxEdge/Common/Cmdlets/Users/DataBoxEdgeUserNewCmdletBase.cs b/src/DataBoxEdge/DataBoxEdge/Common/Cmdlets/Users/DataBoxEdgeUserNewCmdletBase.cs
@@ -19,6 +19,7 @@
 using System.Security;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.EdgeGateway;
+using Microsoft.Azure.PowerShell.Cmdlets.DataBoxEdge.Common.Utils;
 using Microsoft.Azure.PowerShell.Cmdlets.DataBoxEdge.Models;
 using Microsoft.Rest.Azure;
 using Microsoft.WindowsAzure.Commands.Common;
@@ -108,11 +109,13 @@ private bool DoesResourceExists()
 
         private PSResourceModel CreateResourceModel()
         {
+            var password = this.Password.ConvertToString();
+            PasswordUtility.ValidateUserPasswordPattern(nameof(this.Password), password);
             var encryptedSecret =
                 DataBoxEdgeManagementClient.Devices.GetAsymmetricEncryptedSecret(
                     this.DeviceName,
                     this.ResourceGroupName,
-                    this.Password.ConvertToString(),
+                    password,
                     this.GetKeyForEncryption()
                 );
             return new PSResourceModel(
diff --git a/src/DataBoxEdge/DataBoxEdge/Common/Cmdlets/Users/DataBoxEdgeUserSetCmdletBase.cs b/src/DataBoxEdge/DataBoxEdge/Common/Cmdlets/Users/DataBoxEdgeUserSetCmdletBase.cs
@@ -17,6 +17,7 @@
 using System.Security;
 using Microsoft.Azure.Commands.ResourceManager.Common.ArgumentCompleters;
 using Microsoft.Azure.Management.EdgeGateway;
+using Microsoft.Azure.PowerShell.Cmdlets.DataBoxEdge.Common.Utils;
 using Microsoft.WindowsAzure.Commands.Utilities.Common;
 using Microsoft.WindowsAzure.Commands.Common;
 using PSResourceModel = Microsoft.Azure.PowerShell.Cmdlets.DataBoxEdge.Models.PSDataBoxEdgeUser;
@@ -87,11 +88,14 @@ private string GetKeyForEncryption()
 
         private PSResourceModel SetResourceModel()
         {
+            var password = this.Password.ConvertToString();
+            PasswordUtility.ValidateUserPasswordPattern(nameof(this.Password), password);
+
             var encryptedSecret =
                 DataBoxEdgeManagementClient.Devices.GetAsymmetricEncryptedSecret(
                     this.DeviceName,
                     this.ResourceGroupName,
-                    this.Password.ConvertToString(),
+                    password,
                     this.GetKeyForEncryption()
                 );
 
diff --git a/src/DataBoxEdge/DataBoxEdge/Common/Utils/Utility.cs b/src/DataBoxEdge/DataBoxEdge/Common/Utils/Utility.cs
@@ -0,0 +1,71 @@
+﻿using System;
+using System.Linq;
+using System.Management.Automation;
+using System.Text.RegularExpressions;
+using System.Security.Cryptography;
+
+namespace Microsoft.Azure.PowerShell.Cmdlets.DataBoxEdge.Common.Utils
+{
+    public class PasswordUtility
+    {
+        private static int PasswordMinLength = 8;
+        private static int PasswordMaxLength = 15;
+
+        private const string OneCapital = @"^.*(?=[A-Z]+).*$";
+        private const string OneNumber = @"^.*(?=[0-9]+).*$";
+
+        public static string UnAllowedChars { get; } = @"[^a-zA-Z0-9@#\-$%^!+=;:_()]";
+        private const string AllowedSymbolsString = "[`@`,`#`,`-`,`$`,`%`,`^`,`!`,`+`,`=`,`;`,`:`,`_`,`(`,`)`]";
+
+        private static readonly Regex OneCapitalRegex = new Regex(
+            OneCapital, RegexOptions.Singleline
+        );
+        private static readonly Regex OneNumberRegex = new Regex(
+            OneNumber, RegexOptions.Singleline
+        );
+
+        private static readonly Regex UnAllowedCharsRegex = new Regex(UnAllowedChars,
+            RegexOptions.Singleline);
+
+
+
+        /// <summary>
+        /// Validates password strength with set of rules for password provided by user
+        /// </summary>
+        /// <paramref name="password">Password provided by user</param>
+        /// <returns>true if valid pattern is provided.</returns>
+        public static bool ValidateUserPasswordPattern(string argumentName, string password)
+        {
+            string error = null;
+            if (string.IsNullOrEmpty(password))
+            {
+                error = "Password cannot be empty";
+            }
+            else if (password.Length < PasswordMinLength)
+            {
+                error = "Minimum length of the password can not be less than " + PasswordMinLength + " chars";
+            }
+            else if (password.Length > PasswordMaxLength)
+            {
+                error = "Maximum length of the password can not be greater than " + PasswordMaxLength + " chars";
+            }
+            else if (!(OneNumberRegex.IsMatch(password) && OneCapitalRegex.IsMatch(password)))
+            {
+                error = "Should Contain at least 1 uppercase and 1 number";
+            }
+            else if (UnAllowedCharsRegex.IsMatch(password))
+            {
+                error = "Should not contain characters outside of the set [a-z, A-Z, 0-9] and symbols" + AllowedSymbolsString;
+            }
+
+            if (string.IsNullOrEmpty(error))
+            {
+                return true;
+            }
+            else
+            {
+                throw new PSArgumentException(argumentName + " " + error);
+            }
+        }
+    }
+}
