NIST Password Rules (#432)

realodix · Sep 12, 2019 · c35c5d5 · c35c5d5
1 parent 961e90a
commit c35c5d5
Show file tree

Hide file tree

Showing 8 changed files with 973 additions and 154 deletions.
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
@@ -6,6 +6,7 @@
 use Illuminate\Foundation\Auth\AuthenticatesUsers;
 use Illuminate\Http\Request;
 use Illuminate\Validation\ValidationException;
+use LangleyFoxall\LaravelNISTPasswordRules\PasswordRules;
 
 class LoginController extends Controller
 {
@@ -80,23 +81,17 @@ public function username()
     // }
 
     /**
-     * Validate the user login.
+     * Validate the user login request.
      *
-     * @param Request $request
+     * @param  \Illuminate\Http\Request  $request
+     * @return void
      */
     protected function validateLogin(Request $request)
     {
-        $this->validate(
-            $request,
-            [
-                'identity' => 'required|string',
-                'password' => 'required|string',
-            ],
-            [
-                'identity.required' => 'Username or email is required',
-                'password.required' => 'Password is required',
-            ]
-        );
+        $request->validate([
+            'identity' => 'required|string',
+            'password' => PasswordRules::login(),
+        ]);
     }
 
     /**

diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
@@ -7,6 +7,7 @@
 use Illuminate\Foundation\Auth\RegistersUsers;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use LangleyFoxall\LaravelNISTPasswordRules\PasswordRules;
 
 class RegisterController extends Controller
 {
@@ -62,7 +63,7 @@ protected function validator(array $data)
         return Validator::make($data, [
             'name'     => ['required', 'string', 'max:50'],
             'email'    => ['required', 'string', 'email', 'max:255', 'unique:users'],
-            'password' => ['required', 'string', 'min:8', 'confirmed'],
+            'password' => PasswordRules::register('email'),
         ]);
     }
 

diff --git a/app/Http/Middleware/Authenticate.php b/app/Http/Middleware/Authenticate.php
@@ -7,6 +7,7 @@
 class Authenticate extends Middleware
 {
     /**
+     * @codeCoverageIgnore
      * Get the path the user should be redirected to when they are not authenticated.
      *
      * @param \Illuminate\Http\Request $request

diff --git a/app/Http/Requests/UpdateUserPassword.php b/app/Http/Requests/UpdateUserPassword.php
@@ -5,6 +5,7 @@
 use App\Rules\Auth\CurrentPassword;
 use App\User;
 use Illuminate\Foundation\Http\FormRequest;
+use LangleyFoxall\LaravelNISTPasswordRules\PasswordRules;
 
 class UpdateUserPassword extends FormRequest
 {
@@ -27,7 +28,7 @@ public function rules()
     {
         return [
             'current-password' => [new CurrentPassword],
-            'new-password'     => ['required', 'different:current-password', 'string', 'min:6', 'confirmed'],
+            'new-password'     => PasswordRules::changePassword('current-password'),
         ];
     }
 }
diff --git a/composer.json b/composer.json
@@ -18,6 +18,7 @@
         "geoip2/geoip2": "~2.0",
         "hidehalo/nanoid-php": "^1.1",
         "jenssegers/agent": "^2.6",
+        "langleyfoxall/laravel-nist-password-rules": "^4.1",
         "laravel/framework": "^6.0",
         "laravel/tinker": "^1.0",
         "laravolt/avatar": "^3.0",