Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Config settings for password min/max length #993

Merged
merged 3 commits into from
Jun 13, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion app/sprinkles/account/config/default.php
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,8 @@
* Account Site Settings
* ----------------------------------------------------------------------
* "Site" settings that are automatically passed to Twig. Use theses
* settings to control the login and registration process
* settings to control the login, password (re)set and registration
* processes
*/
'site' => [
'login' => [
Expand All @@ -115,6 +116,12 @@
],
],
],
'password' => [
'length' => [
'min' => 8,
'max' => 25,
],
],
],

/*
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/locale/es_ES/messages.php
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@
'PASSWORD' => [
'@TRANSLATION' => 'Contraseña',

'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
'BETWEEN' => 'Entre {{min}} - {{max}}',

'CONFIRM' => 'Confirmar contraseña',
'CONFIRM_CURRENT' => 'Por favor, confirma tu contraseña actual',
Expand Down
13 changes: 9 additions & 4 deletions app/sprinkles/account/src/Bakery/CreateAdminUser.php
Original file line number Diff line number Diff line change
Expand Up @@ -298,8 +298,11 @@ protected function validateLastName($lastName)
*/
protected function askPassword($password = '', $requireConfirmation = true)
{
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];

while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
$password = $this->io->askHidden('Enter password (12-255 characters)');
$password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
}

return $password;
Expand All @@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
*/
protected function validatePassword($password)
{
//TODO Config for this ??
if (strlen($password) < 12 || strlen($password) > 255) {
$this->io->error('Password must be between 12-255 characters');
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];

if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
$this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');

return false;
}
Expand Down
40 changes: 37 additions & 3 deletions app/sprinkles/account/src/Controller/AccountController.php
Original file line number Diff line number Diff line change
Expand Up @@ -519,6 +519,10 @@ public function pageRegister(Request $request, Response $response, $args)

// Load validation rules
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorRegister = new JqueryValidationAdapter($schema, $this->ci->translator);

// Get locale information
Expand Down Expand Up @@ -593,11 +597,18 @@ public function pageResendVerification(Request $request, Response $response, $ar
*/
public function pageResetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Insert the user's secret token from the link into the password reset form
$params = $request->getQueryParams();

// Load validation rules - note this uses the same schema as "set password"
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'pages/reset-password.html.twig', [
Expand Down Expand Up @@ -627,11 +638,18 @@ public function pageResetPassword(Request $request, Response $response, $args)
*/
public function pageSetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Insert the user's secret token from the link into the password set form
$params = $request->getQueryParams();

// Load validation rules
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'pages/set-password.html.twig', [
Expand Down Expand Up @@ -664,6 +682,9 @@ public function pageSetPassword(Request $request, Response $response, $args)
*/
public function pageSettings(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
$authorizer = $this->ci->authorizer;

Expand All @@ -677,14 +698,15 @@ public function pageSettings(Request $request, Response $response, $args)

// Load validation rules
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorAccountSettings = new JqueryValidationAdapter($schema, $this->ci->translator);

$schema = new RequestSchema('schema://requests/profile-settings.yaml');
$validatorProfileSettings = new JqueryValidationAdapter($schema, $this->ci->translator);

/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Get a list of all locales
$locales = $config->getDefined('site.locales.available');

Expand Down Expand Up @@ -919,6 +941,10 @@ public function register(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down Expand Up @@ -1117,6 +1143,10 @@ public function setPassword(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down Expand Up @@ -1210,6 +1240,10 @@ public function settings(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
{% if page.visibility != "disabled" %}
<div class="form-group">
<label for="input-password" class="control-label">{{translate("PASSWORD.NEW")}}</label>
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}} ({{translate("OPTIONAL")}})">
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}} ({{translate("OPTIONAL")}})">
</div>
<div class="form-group">
<label for="input-passwordc" class="control-label">{{translate("PASSWORD.CONFIRM_NEW")}}</label>
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/templates/pages/register.html.twig
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
</div>
<div class="form-group">
<label for="r-form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="r-form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="r-form-password">
</div>
<div class="form-group">
<label class="sr-only" for="r-form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate("PASSWORD.NEW")}}</label>
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>

<div class="form-group">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>
<div class="form-group">
<label class="sr-only" for="form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
Expand Down
2 changes: 2 additions & 0 deletions app/sprinkles/admin/src/Controller/RoleController.php
Original file line number Diff line number Diff line change
Expand Up @@ -957,6 +957,8 @@ public function updateField(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/role/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
9 changes: 9 additions & 0 deletions app/sprinkles/admin/src/Controller/UserController.php
Original file line number Diff line number Diff line change
Expand Up @@ -765,6 +765,9 @@ public function getModalEditPassword(Request $request, Response $response, $args
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;

/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Access-controlled resource - check that currentUser has permission to edit "password" field for this user
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
Expand All @@ -775,6 +778,10 @@ public function getModalEditPassword(Request $request, Response $response, $args

// Load validation rules
$schema = new RequestSchema('schema://requests/user/edit-password.yaml');
$schema->set('value.validators.length.min', $config['site.password.length.min']);
$schema->set('value.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'modals/user-set-password.html.twig', [
Expand Down Expand Up @@ -1307,6 +1314,8 @@ public function updateField(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/user/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
<label>{{translate('PASSWORD')}}</label>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-key"></i></span>
<input type="password" class="form-control" name="value" autocomplete="off" value="" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 50})}}">
<input type="password" class="form-control" name="value" autocomplete="off" value="" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}">
</div>
</div>
<div class="form-group">
Expand Down