fix: [passwords] several fixes

- complexity requirements added
- validation rules added
- added confirm password rules

- as reported by cert.pl
pull/32/head
iglocska 2020-11-06 10:07:25 +01:00
parent 1e0f5930dc
commit df02343448
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
2 changed files with 55 additions and 3 deletions

View File

@ -99,7 +99,12 @@ class CRUDComponent extends Component
$this->Controller->redirect(['action' => 'view', $data->id]);
}
} else {
$message = __('{0} could not be added.', $this->ObjectAlias);
$validationMessage = $this->prepareValidationError($data);
$message = __(
'{0} could not be added.{1}',
$this->ObjectAlias,
empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
);
if ($this->Controller->ParamHandler->isRest()) {
} else {
@ -110,6 +115,21 @@ class CRUDComponent extends Component
$this->Controller->set('entity', $data);
}
private function prepareValidationError($data)
{
$validationMessage = '';
if (!empty($data->getErrors())) {
foreach ($data->getErrors() as $field => $errorData) {
$errorMessages = [];
foreach ($errorData as $key => $value) {
$errorMessages[] = $value;
}
$validationMessage .= __(' {1}', $field, implode(',', $errorMessages));
}
}
return $validationMessage;
}
private function saveMetaFields($id, $input)
{
foreach ($input['metaFields'] as $metaField => $values) {
@ -163,7 +183,9 @@ class CRUDComponent extends Component
if (!empty($params['fields'])) {
$patchEntityParams['fields'] = $params['fields'];
}
$this->Table->patchEntity($data, $input, $patchEntityParams);
$data = $this->Table->patchEntity($data, $input, $patchEntityParams);
Debugger::log($data);
throw new Exception();
if ($this->Table->save($data)) {
$message = __('{0} updated.', $this->ObjectAlias);
if (!empty($input['metaFields'])) {
@ -177,8 +199,16 @@ class CRUDComponent extends Component
$this->Controller->redirect(['action' => 'view', $id]);
}
} else {
$validationMessage = $this->prepareValidationError($data);
$message = __(
'{0} could not be modified.{1}',
$this->ObjectAlias,
empty($validationMessage) ? '' : ' ' . __('Reason:{0}', $validationMessage)
);
if ($this->Controller->ParamHandler->isRest()) {
} else {
$this->Controller->Flash->error($message);
}
}
}

View File

@ -34,7 +34,29 @@ class UsersTable extends AppTable
public function validationDefault(Validator $validator): Validator
{
$validator
->requirePresence(['password'], 'create');
->requirePresence(['password'], 'create')
->add('password', [
'password_complexity' => [
'rule' => function($value, $context) {
if (!preg_match('/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/', $value) || strlen($value) < 12) {
return false;
}
return true;
},
'message' => __('Invalid password. Passwords have to be either 16 character long or 12 character long with 3/4 special groups.')
],
'password_confirmation' => [
'rule' => function($value, $context) {
if (isset($context['data']['confirm_password'])) {
if ($context['data']['confirm_password'] !== $value) {
return false;
}
}
return true;
},
'message' => __('Password confirmation missing or not matching the password.')
]
]);
return $validator;
}