Skip to content

Commit

Permalink
Config settings for password min/max length (#993)
Browse files Browse the repository at this point in the history 
Created config settings for password min/max length and updated all references to use those values.
  • Loading branch information
@avsdev-cw @lcharette
avsdev-cw authored and lcharette committed Jun 13, 2019
1 parent 1b2f828 commit 1044eef
Show file tree
Hide file tree
Showing 11 changed files with 71 additions and 14 deletions.
9 changes: 8 additions & 1 deletion app/sprinkles/account/config/default.php
View file
Expand Up @@ -122,7 +122,8 @@
* Account Site Settings
* ----------------------------------------------------------------------
* "Site" settings that are automatically passed to Twig. Use theses
* settings to control the login and registration process
* settings to control the login, password (re)set and registration
* processes
*/
'site' => [
'login' => [
Expand All @@ -141,6 +142,12 @@
],
],
],
'password' => [
'length' => [
'min' => 8,
'max' => 25,
],
],
],

/*
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/locale/es_ES/messages.php
View file
Expand Up @@ -99,7 +99,7 @@
'PASSWORD' => [
'@TRANSLATION' => 'Contraseña',

'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
'BETWEEN' => 'Entre {{min}} - {{max}}',

'CONFIRM' => 'Confirmar contraseña',
'CONFIRM_CURRENT' => 'Por favor, confirma tu contraseña actual',
Expand Down
13 changes: 9 additions & 4 deletions app/sprinkles/account/src/Bakery/CreateAdminUser.php
View file
Expand Up @@ -298,8 +298,11 @@ protected function validateLastName($lastName)
*/
protected function askPassword($password = '', $requireConfirmation = true)
{
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];

while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
$password = $this->io->askHidden('Enter password (12-255 characters)');
$password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
}

return $password;
Expand All @@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
*/
protected function validatePassword($password)
{
//TODO Config for this ??
if (strlen($password) < 12 || strlen($password) > 255) {
$this->io->error('Password must be between 12-255 characters');
$passwordMin = $this->ci->config['site.password.length.min'];
$passwordMax = $this->ci->config['site.password.length.max'];

if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
$this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');

return false;
}
Expand Down
40 changes: 37 additions & 3 deletions app/sprinkles/account/src/Controller/AccountController.php
View file
Expand Up @@ -519,6 +519,10 @@ public function pageRegister(Request $request, Response $response, $args)

// Load validation rules
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorRegister = new JqueryValidationAdapter($schema, $this->ci->translator);

// Get locale information
Expand Down Expand Up @@ -593,11 +597,18 @@ public function pageResendVerification(Request $request, Response $response, $ar
*/
public function pageResetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Insert the user's secret token from the link into the password reset form
$params = $request->getQueryParams();

// Load validation rules - note this uses the same schema as "set password"
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'pages/reset-password.html.twig', [
Expand Down Expand Up @@ -627,11 +638,18 @@ public function pageResetPassword(Request $request, Response $response, $args)
*/
public function pageSetPassword(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Insert the user's secret token from the link into the password set form
$params = $request->getQueryParams();

// Load validation rules
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'pages/set-password.html.twig', [
Expand Down Expand Up @@ -664,6 +682,9 @@ public function pageSetPassword(Request $request, Response $response, $args)
*/
public function pageSettings(Request $request, Response $response, $args)
{
/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
$authorizer = $this->ci->authorizer;

Expand All @@ -677,14 +698,15 @@ public function pageSettings(Request $request, Response $response, $args)

// Load validation rules
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validatorAccountSettings = new JqueryValidationAdapter($schema, $this->ci->translator);

$schema = new RequestSchema('schema://requests/profile-settings.yaml');
$validatorProfileSettings = new JqueryValidationAdapter($schema, $this->ci->translator);

/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Get a list of all locales
$locales = $config->getDefined('site.locales.available');

Expand Down Expand Up @@ -919,6 +941,10 @@ public function register(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/register.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down Expand Up @@ -1117,6 +1143,10 @@ public function setPassword(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/set-password.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down Expand Up @@ -1210,6 +1240,10 @@ public function settings(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/account-settings.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/templates/forms/settings-account.html.twig
View file
Expand Up @@ -16,7 +16,7 @@
{% if page.visibility != "disabled" %}
<div class="form-group">
<label for="input-password" class="control-label">{{translate("PASSWORD.NEW")}}</label>
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}} ({{translate("OPTIONAL")}})">
<input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}} ({{translate("OPTIONAL")}})">
</div>
<div class="form-group">
<label for="input-passwordc" class="control-label">{{translate("PASSWORD.CONFIRM_NEW")}}</label>
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/templates/pages/register.html.twig
View file
Expand Up @@ -47,7 +47,7 @@
</div>
<div class="form-group">
<label for="r-form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="r-form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="r-form-password">
</div>
<div class="form-group">
<label class="sr-only" for="r-form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/templates/pages/reset-password.html.twig
View file
Expand Up @@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate("PASSWORD.NEW")}}</label>
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>

<div class="form-group">
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/account/templates/pages/set-password.html.twig
View file
Expand Up @@ -30,7 +30,7 @@

<div class="form-group">
<label class="sr-only" for="form-password">{{translate('PASSWORD')}}</label>
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="form-password">
<input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
</div>
<div class="form-group">
<label class="sr-only" for="form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>
Expand Down
2 changes: 2 additions & 0 deletions app/sprinkles/admin/src/Controller/RoleController.php
View file
Expand Up @@ -957,6 +957,8 @@ public function updateField(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/role/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
9 changes: 9 additions & 0 deletions app/sprinkles/admin/src/Controller/UserController.php
View file
Expand Up @@ -765,6 +765,9 @@ public function getModalEditPassword(Request $request, Response $response, $args
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;

/** @var \UserFrosting\Support\Repository\Repository $config */
$config = $this->ci->config;

// Access-controlled resource - check that currentUser has permission to edit "password" field for this user
if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
'user' => $user,
Expand All @@ -775,6 +778,10 @@ public function getModalEditPassword(Request $request, Response $response, $args

// Load validation rules
$schema = new RequestSchema('schema://requests/user/edit-password.yaml');
$schema->set('value.validators.length.min', $config['site.password.length.min']);
$schema->set('value.validators.length.max', $config['site.password.length.max']);
$schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
$schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
$validator = new JqueryValidationAdapter($schema, $this->ci->translator);

return $this->ci->view->render($response, 'modals/user-set-password.html.twig', [
Expand Down Expand Up @@ -1307,6 +1314,8 @@ public function updateField(Request $request, Response $response, $args)

// Load the request schema
$schema = new RequestSchema('schema://requests/user/edit-field.yaml');
$schema->set('password.validators.length.min', $config['site.password.length.min']);
$schema->set('password.validators.length.max', $config['site.password.length.max']);

// Whitelist and set parameter defaults
$transformer = new RequestDataTransformer($schema);
Expand Down
2 changes: 1 addition & 1 deletion app/sprinkles/admin/templates/modals/user-set-password.html.twig
View file
Expand Up @@ -32,7 +32,7 @@
<label>{{translate('PASSWORD')}}</label>
<div class="input-group">
<span class="input-group-addon"><i class="fa fa-key"></i></span>
<input type="password" class="form-control" name="value" autocomplete="off" value="" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 50})}}">
<input type="password" class="form-control" name="value" autocomplete="off" value="" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}">
</div>
</div>
<div class="form-group">
Expand Down

0 comments on commit 1044eef

Please sign in to comment.