From ddd65c3d7ebd05a37b6076704dd9d90e7f2b7d80 Mon Sep 17 00:00:00 2001
From: Robert Goldmann <deadlocker@gmx.de>
Date: Sun, 26 Sep 2021 22:14:55 +0200
Subject: [PATCH] Fixed #644 - trim text inputs before save
---
.../advices/GlobalControllerAdvice.java | 17 +++++++++++++++++
.../authentication/WebSecurityConfig.java | 2 ++
src/main/resources/static/js/main.js | 6 ++++++
src/main/resources/templates/login.ftl | 2 +-
4 files changed, 26 insertions(+), 1 deletion(-)
create mode 100644 src/main/java/de/deadlocker8/budgetmaster/advices/GlobalControllerAdvice.java
diff --git a/src/main/java/de/deadlocker8/budgetmaster/advices/GlobalControllerAdvice.java b/src/main/java/de/deadlocker8/budgetmaster/advices/GlobalControllerAdvice.java
new file mode 100644
index 000000000..8bfdbb012
--- /dev/null
+++ b/src/main/java/de/deadlocker8/budgetmaster/advices/GlobalControllerAdvice.java
@@ -0,0 +1,17 @@
+package de.deadlocker8.budgetmaster.advices;
+
+import org.springframework.beans.propertyeditors.StringTrimmerEditor;
+import org.springframework.web.bind.WebDataBinder;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.InitBinder;
+
+@ControllerAdvice
+public class GlobalControllerAdvice
+{
+ @InitBinder
+ public void initBinder(WebDataBinder binder)
+ {
+ StringTrimmerEditor trimmer = new StringTrimmerEditor(false);
+ binder.registerCustomEditor(String.class, trimmer);
+ }
+}
diff --git a/src/main/java/de/deadlocker8/budgetmaster/authentication/WebSecurityConfig.java b/src/main/java/de/deadlocker8/budgetmaster/authentication/WebSecurityConfig.java
index 47af6f107..3d4b19627 100644
--- a/src/main/java/de/deadlocker8/budgetmaster/authentication/WebSecurityConfig.java
+++ b/src/main/java/de/deadlocker8/budgetmaster/authentication/WebSecurityConfig.java
@@ -3,11 +3,13 @@ package de.deadlocker8.budgetmaster.authentication;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.DefaultRedirectStrategy;
diff --git a/src/main/resources/static/js/main.js b/src/main/resources/static/js/main.js
index 69f305f93..34b95cffa 100644
--- a/src/main/resources/static/js/main.js
+++ b/src/main/resources/static/js/main.js
@@ -119,3 +119,9 @@ function rgb2hex(rgb)
return "#" + hex(rgb[1]) + hex(rgb[2]) + hex(rgb[3]);
}
+
+function validateLoginForm()
+{
+ let passwordInput = document.getElementById('login-password');
+ passwordInput.value = passwordInput.value.trim();
+}
diff --git a/src/main/resources/templates/login.ftl b/src/main/resources/templates/login.ftl
index 24f7e24e3..cd5b6f74b 100644
--- a/src/main/resources/templates/login.ftl
+++ b/src/main/resources/templates/login.ftl
@@ -15,7 +15,7 @@
<div class="card-title">
<div id="logo-container" class="center-align"><@header.logo "logo" ""/></div>
</div>
- <form action="<@s.url '/login'/>" method="post">
+ <form action="<@s.url '/login'/>" method="post" onsubmit="return validateLoginForm()">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input type="hidden" name="username" value="Default">
--
GitLab