fix: [passwords] several fixes

- complexity requirements added - validation rules added - added confirm password rules - as reported by cert.pl
2020-11-06 10:07:25 +01:00 · 2020-11-06 10:07:25 +01:00 · df02343448
parent 1e0f5930dc
commit df02343448
2 changed files with 55 additions and 3 deletions
--- a/src/Controller/Component/CRUDComponent.php
+++ b/src/Controller/Component/CRUDComponent.php
@ -99,7 +99,12 @@ class CRUDComponent extends Component
                    $this->Controller->redirect(['action' => 'view', $data->id]);
                }
            } else {
-                $message = __('{0} could not be added.', $this->ObjectAlias);
+                $validationMessage = $this->prepareValidationError($data);
+                $message = __(
+                    '{0} could not be added.{1}',
+                    $this->ObjectAlias,
+                    empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
+                );
                if ($this->Controller->ParamHandler->isRest()) {

                } else {
@ -110,6 +115,21 @@ class CRUDComponent extends Component
        $this->Controller->set('entity', $data);
    }

+    private function prepareValidationError($data)
+    {
+        $validationMessage = '';
+        if (!empty($data->getErrors())) {
+            foreach ($data->getErrors() as $field => $errorData) {
+                $errorMessages = [];
+                foreach ($errorData as $key => $value) {
+                    $errorMessages[] = $value;
+                }
+                $validationMessage .= __(' {1}', $field, implode(',', $errorMessages));
+            }
+        }
+        return $validationMessage;
+    }
+
    private function saveMetaFields($id, $input)
    {
        foreach ($input['metaFields'] as $metaField => $values) {
@ -163,7 +183,9 @@ class CRUDComponent extends Component
            if (!empty($params['fields'])) {
                $patchEntityParams['fields'] = $params['fields'];
            }
-            $this->Table->patchEntity($data, $input, $patchEntityParams);
+            $data = $this->Table->patchEntity($data, $input, $patchEntityParams);
+            Debugger::log($data);
+            throw new Exception();
            if ($this->Table->save($data)) {
                $message = __('{0} updated.', $this->ObjectAlias);
                if (!empty($input['metaFields'])) {
@ -177,8 +199,16 @@ class CRUDComponent extends Component
                    $this->Controller->redirect(['action' => 'view', $id]);
                }
            } else {
+                $validationMessage = $this->prepareValidationError($data);
+                $message = __(
+                    '{0} could not be modified.{1}',
+                    $this->ObjectAlias,
+                    empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
+                );
                if ($this->Controller->ParamHandler->isRest()) {

+                } else {
+                    $this->Controller->Flash->error($message);
                }
            }
        }
--- a/src/Model/Table/UsersTable.php
+++ b/src/Model/Table/UsersTable.php
@ -34,7 +34,29 @@ class UsersTable extends AppTable
    public function validationDefault(Validator $validator): Validator
    {
        $validator
-            ->requirePresence(['password'], 'create');
+            ->requirePresence(['password'], 'create')
+            ->add('password', [
+                'password_complexity' => [
+                    'rule' => function($value, $context) {
+                        if (!preg_match('/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/', $value) || strlen($value) < 12) {
+                            return false;
+                        }
+                        return true;
+                    },
+                    'message' => __('Invalid password. Passwords have to be either 16 character long or 12 character long with 3/4 special groups.')
+                ],
+                'password_confirmation' => [
+                    'rule' => function($value, $context) {
+                        if (isset($context['data']['confirm_password'])) {
+                            if ($context['data']['confirm_password'] !== $value) {
+                                return false;
+                            }
+                        }
+                        return true;
+                    },
+                    'message' => __('Password confirmation missing or not matching the password.')
+                ]
+            ]);
        return $validator;
    }