From 6d8468f5348a86b12e60a1c6a3339bc875cab857 Mon Sep 17 00:00:00 2001
From: Dmytro Trotsenko <trohae7@gmail.com>
Date: Sat, 6 Jan 2024 16:24:06 +0200
Subject: [PATCH 1/2] bugfix: added forbidden symbols and cyrillic letters to
 password validation

---
 .../annotation/validator/PasswordValidator.java  | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/chat/yourway/annotation/validator/PasswordValidator.java b/src/main/java/com/chat/yourway/annotation/validator/PasswordValidator.java
index 4ba1e9f2..3096d422 100644
--- a/src/main/java/com/chat/yourway/annotation/validator/PasswordValidator.java
+++ b/src/main/java/com/chat/yourway/annotation/validator/PasswordValidator.java
@@ -15,6 +15,10 @@ public class PasswordValidator implements ConstraintValidator<PasswordValidation
       Pattern.compile(".*[!@#$%^&*_\\-+=~?].*");
   private static final Pattern PASSWORD_UPPER_CASE_PATTERN = Pattern.compile(".*[A-Z].*");
   private static final Pattern PASSWORD_DIGIT_PATTERN = Pattern.compile(".*\\d.*");
+  private static final Pattern PASSWORD_FORBIDEN_SYMBOLS_PATTERN =
+      Pattern.compile(".*[<>;/.:'(),\\[\\]\"].*");
+  private static final Pattern PASSWORD_FORBIDEN_CYRILLIC_LETTERS_PATTERN =
+      Pattern.compile(".*[а-яА-ЯІіЇї].*");
 
   @Override
   public boolean isValid(String value, ConstraintValidatorContext context) {
@@ -35,7 +39,17 @@ public boolean isValid(String value, ConstraintValidatorContext context) {
               .buildConstraintViolationWithTemplate("The password must not be longer than 12 characters.")
               .addConstraintViolation();
       return false;
-    } else if (!PASSWORD_SPECIAL_SYMBOLS_PATTERN.matcher(value).matches()) {
+    }  else if (PASSWORD_FORBIDEN_SYMBOLS_PATTERN.matcher(value).matches()) {
+      context
+          .buildConstraintViolationWithTemplate("Password should not include symbols [< > ; / . : ' [ ] ( ) , ]")
+          .addConstraintViolation();
+      return false;
+    } else if (PASSWORD_FORBIDEN_CYRILLIC_LETTERS_PATTERN.matcher(value).matches()) {
+      context
+          .buildConstraintViolationWithTemplate("Password should not include cyrillic letters")
+          .addConstraintViolation();
+      return false;
+    }else if (!PASSWORD_SPECIAL_SYMBOLS_PATTERN.matcher(value).matches()) {
       context
               .buildConstraintViolationWithTemplate("Password must include at least 1 special symbol: [! @ # $ % ^ & * _ - + = ~ ?]")
               .addConstraintViolation();

From ec4b6b6c4ca9a6cd73e936eb53e97bc2ea111f8e Mon Sep 17 00:00:00 2001
From: Dmytro Trotsenko <trohae7@gmail.com>
Date: Sat, 6 Jan 2024 16:25:15 +0200
Subject: [PATCH 2/2] bugfix: added unit tests to password validation

---
 .../PasswordValidationValidatorTest.java      | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/test/java/com/chat/yourway/unit/annotation/validator/PasswordValidationValidatorTest.java b/src/test/java/com/chat/yourway/unit/annotation/validator/PasswordValidationValidatorTest.java
index b392935e..b5800f2d 100644
--- a/src/test/java/com/chat/yourway/unit/annotation/validator/PasswordValidationValidatorTest.java
+++ b/src/test/java/com/chat/yourway/unit/annotation/validator/PasswordValidationValidatorTest.java
@@ -142,7 +142,24 @@ public void shouldFailValidator_whenUserInputPasswordWithSpace() {
   @Test
   public void shouldFailValidator_whenUserInputPasswordWithForbiddenSymbols() {
     // Given
-    var password = "<Password!";
+    var password1 = "<Password!";
+    var password2 = "hjj;^33N";
+
+    // When
+    var isValid1 = passwordValidator.isValid(password1, context);
+    var isValid2 = passwordValidator.isValid(password2, context);
+
+    // Then
+    assertFalse(isValid1);
+    assertFalse(isValid2);
+  }
+
+  @DisplayName(
+      "PasswordValidator should fail validator when user input password with cyrillic letters")
+  @Test
+  public void shouldFailValidator_whenUserInputPasswordWithCyrillicLetters() {
+    // Given
+    var password = "Ася_77";
 
     // When
     var isValid = passwordValidator.isValid(password, context);