fix: [passwords] several fixes
- complexity requirements added - validation rules added - added confirm password rules - as reported by cert.plpull/32/head
parent
1e0f5930dc
commit
df02343448
|
@ -99,7 +99,12 @@ class CRUDComponent extends Component
|
||||||
$this->Controller->redirect(['action' => 'view', $data->id]);
|
$this->Controller->redirect(['action' => 'view', $data->id]);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$message = __('{0} could not be added.', $this->ObjectAlias);
|
$validationMessage = $this->prepareValidationError($data);
|
||||||
|
$message = __(
|
||||||
|
'{0} could not be added.{1}',
|
||||||
|
$this->ObjectAlias,
|
||||||
|
empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
|
||||||
|
);
|
||||||
if ($this->Controller->ParamHandler->isRest()) {
|
if ($this->Controller->ParamHandler->isRest()) {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -110,6 +115,21 @@ class CRUDComponent extends Component
|
||||||
$this->Controller->set('entity', $data);
|
$this->Controller->set('entity', $data);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private function prepareValidationError($data)
|
||||||
|
{
|
||||||
|
$validationMessage = '';
|
||||||
|
if (!empty($data->getErrors())) {
|
||||||
|
foreach ($data->getErrors() as $field => $errorData) {
|
||||||
|
$errorMessages = [];
|
||||||
|
foreach ($errorData as $key => $value) {
|
||||||
|
$errorMessages[] = $value;
|
||||||
|
}
|
||||||
|
$validationMessage .= __(' {1}', $field, implode(',', $errorMessages));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $validationMessage;
|
||||||
|
}
|
||||||
|
|
||||||
private function saveMetaFields($id, $input)
|
private function saveMetaFields($id, $input)
|
||||||
{
|
{
|
||||||
foreach ($input['metaFields'] as $metaField => $values) {
|
foreach ($input['metaFields'] as $metaField => $values) {
|
||||||
|
@ -163,7 +183,9 @@ class CRUDComponent extends Component
|
||||||
if (!empty($params['fields'])) {
|
if (!empty($params['fields'])) {
|
||||||
$patchEntityParams['fields'] = $params['fields'];
|
$patchEntityParams['fields'] = $params['fields'];
|
||||||
}
|
}
|
||||||
$this->Table->patchEntity($data, $input, $patchEntityParams);
|
$data = $this->Table->patchEntity($data, $input, $patchEntityParams);
|
||||||
|
Debugger::log($data);
|
||||||
|
throw new Exception();
|
||||||
if ($this->Table->save($data)) {
|
if ($this->Table->save($data)) {
|
||||||
$message = __('{0} updated.', $this->ObjectAlias);
|
$message = __('{0} updated.', $this->ObjectAlias);
|
||||||
if (!empty($input['metaFields'])) {
|
if (!empty($input['metaFields'])) {
|
||||||
|
@ -177,8 +199,16 @@ class CRUDComponent extends Component
|
||||||
$this->Controller->redirect(['action' => 'view', $id]);
|
$this->Controller->redirect(['action' => 'view', $id]);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
$validationMessage = $this->prepareValidationError($data);
|
||||||
|
$message = __(
|
||||||
|
'{0} could not be modified.{1}',
|
||||||
|
$this->ObjectAlias,
|
||||||
|
empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
|
||||||
|
);
|
||||||
if ($this->Controller->ParamHandler->isRest()) {
|
if ($this->Controller->ParamHandler->isRest()) {
|
||||||
|
|
||||||
|
} else {
|
||||||
|
$this->Controller->Flash->error($message);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,7 +34,29 @@ class UsersTable extends AppTable
|
||||||
public function validationDefault(Validator $validator): Validator
|
public function validationDefault(Validator $validator): Validator
|
||||||
{
|
{
|
||||||
$validator
|
$validator
|
||||||
->requirePresence(['password'], 'create');
|
->requirePresence(['password'], 'create')
|
||||||
|
->add('password', [
|
||||||
|
'password_complexity' => [
|
||||||
|
'rule' => function($value, $context) {
|
||||||
|
if (!preg_match('/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/', $value) || strlen($value) < 12) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
},
|
||||||
|
'message' => __('Invalid password. Passwords have to be either 16 character long or 12 character long with 3/4 special groups.')
|
||||||
|
],
|
||||||
|
'password_confirmation' => [
|
||||||
|
'rule' => function($value, $context) {
|
||||||
|
if (isset($context['data']['confirm_password'])) {
|
||||||
|
if ($context['data']['confirm_password'] !== $value) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
},
|
||||||
|
'message' => __('Password confirmation missing or not matching the password.')
|
||||||
|
]
|
||||||
|
]);
|
||||||
return $validator;
|
return $validator;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue