refactor: refactoring password validation and password change panel (#46)

* refactor: refactoring password validation and password change panel

Signed-off-by: romanetar <roman_ag@hotmail.com>

* fix: review comments

---------

Signed-off-by: romanetar <roman_ag@hotmail.com>
Change-Id: I535e3b0b75bb439ab560954514686fa5d7a0349a

Author: romanetar

.env.example

@@ -109,4 +109,7 @@ AUTH_ALLOWS_NATIVE_AUTH_CONFIG=1
 MAIL_SEND_WELCOME_EMAIL=1
 DEFAULT_PROFILE_IMAGE=
 
-AUTH_PASSWORD_RESET_LIFETIME=1800
+AUTH_PASSWORD_RESET_LIFETIME=1800
+
+AUTH_PASSWORD_SHAPE_PATTERN="^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-])"
+AUTH_PASSWORD_SHAPE_WARNING="Password must include at least one uppercase letter, one lowercase letter, one number, and one special character."

.gitignore

@@ -48,3 +48,5 @@ model.sql
 /public/assets/*.woff
 /public/assets/*.png
 /public/assets/*.txt
+/.env.local
+/.phpunit.cache/

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -15,7 +15,6 @@
 use App\Http\Controllers\Controller;
 use App\libs\Utils\EmailUtils;
 use App\Services\Auth\IUserService;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Http\Request as LaravelRequest;

app/Http/Controllers/Auth/ResetPasswordController.php

@@ -137,7 +137,7 @@ public function reset(LaravelRequest $request)
 
             $this->user_service->resetPassword($payload['token'], $payload['password']);
 
-            return view("auth.passwords.reset_success");
+            return view("auth.passwords.reset_success", ['email'  => $payload['email']]);
         }
         catch (ValidationException $ex){
             Log::warning($ex);

app/Providers/AppServiceProvider.php

@@ -11,11 +11,14 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  **/
+
+use App\libs\Utils\TextUtils;
 use Illuminate\Support\Facades\App;
 use Illuminate\Support\Facades\Config;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\ServiceProvider;
 use Illuminate\Support\Facades\Validator;
+use models\exceptions\ValidationException;
 use Sokil\IsoCodes\IsoCodesFactory;
 use Validators\CustomValidator;
 use App\Http\Utils\Log\LaravelMailerHandler;
@@ -99,12 +102,28 @@ public function boot()
         });
 
         Validator::extend("password_policy", function($attribute, $value, $parameters, $validator){
-            $min = 8;
-            $validator->addReplacer('password_policy', function($message, $attribute, $rule, $parameters) use ($validator, $min) {
-                return sprintf("The %s must be %s–30 characters, and must include a special character", $attribute, $min);
+            $password = TextUtils::trim($value);
+
+            $min_length = Config::get("auth.password_min_length");
+            if (strlen($password) < $min_length) {
+                return false;
+            }
+
+            $max_length = Config::get("auth.password_max_length");
+            if (strlen($password) > $max_length) {
+                return false;
+            }
+            $warning = Config::get("auth.password_shape_warning");
+            $pattern = Config::get("auth.password_shape_pattern");
+            if (!preg_match("/$pattern/", $password)) {
+                return false;
+            }
+
+            $validator->addReplacer('password_policy', function($message, $attribute, $rule, $parameters) use ($validator, $min_length, $max_length, $warning) {
+                return sprintf("The %s must be %s–%s characters, and %s", $attribute, $min_length, $max_length, $warning);
             });
 
-            return preg_match("/^((?=.*?[#?!@()$%^&*=_{}[\]:;\"'|<>,.\/~`±§+-])).{8,30}$/", $value);
+            return true;
         });
     }
 

app/Strategies/DefaultLoginStrategy.php

@@ -12,8 +12,12 @@
  * limitations under the License.
  **/
 
+use App\libs\Utils\EmailUtils;
+use  Illuminate\Support\Facades\Request;
 use App\libs\Auth\SocialLoginProviders;
 use Illuminate\Support\Facades\Log;
+use Illuminate\Support\Facades\Session;
+use OAuth2\OAuth2Protocol;
 use Utils\IPHelper;
 use Services\IUserActionService;
 use Utils\Services\IAuthService;
@@ -48,6 +52,26 @@ public function getLogin()
     {
         Log::debug(sprintf("DefaultLoginStrategy::getLogin"));
 
+        // login hint processing
+
+        $login_hint = null;
+        if(Request::has(OAuth2Protocol::OAuth2Protocol_LoginHint)){
+            $login_hint = Request::query(OAuth2Protocol::OAuth2Protocol_LoginHint);
+            if(!EmailUtils::isValidEmail($login_hint))
+                $login_hint = null;
+        }
+
+        if(!empty($login_hint)) {
+            $user = $this->auth_service->getUserByUsername($login_hint);
+            if(!is_null($user)) {
+                Session::put('username', $user->getEmail());
+                Session::put('user_fullname', $user->getFullName());
+                Session::put('user_pic', $user->getPic());
+                Session::put('user_verified', true);
+                Session::save();
+            }
+        }
+
         if (Auth::guest())
             return View::make("auth.login", [
                 'supported_providers' => SocialLoginProviders::buildSupportedProviders()
@@ -73,7 +97,7 @@ public function  postLogin(array $params = [])
         return Redirect::intended($default_url);
     }
 
-    public function  cancelLogin()
+    public function cancelLogin()
     {
         return Redirect::action("HomeController@index");
     }

app/libs/Auth/Models/User.php

@@ -1321,12 +1321,28 @@ public function getPassword(): ?string
 
     /**
      * @param string $password
+     * @throws ValidationException
      */
     public function setPassword(string $password): void
     {
         $password = TextUtils::trim($password);
 
-        if(empty($this->password_enc)){
+        $min_length = Config::get("auth.password_min_length");
+        if (strlen($password) < $min_length) {
+            throw new ValidationException("Password must be at least $min_length characters.");
+        }
+
+        $max_length = Config::get("auth.password_max_length");
+        if (strlen($password) > $max_length) {
+            throw new ValidationException("Password must be at most $max_length characters.");
+        }
+
+        $pattern = Config::get("auth.password_shape_pattern");
+        if (!preg_match("/$pattern/", $password)) {
+            throw new ValidationException(Config::get("auth.password_shape_warning"));
+        }
+
+        if (empty($this->password_enc)) {
             $this->password_enc = AuthHelper::AlgNative;
         }
         $this->password_salt = AuthHelper::generateSalt(self::SaltLen, $this->password_enc);

config/auth.php

@@ -102,6 +102,8 @@
     'password_reset_lifetime' => env('AUTH_PASSWORD_RESET_LIFETIME', 1800),
     'password_min_length' => env('AUTH_PASSWORD_MIN_LENGTH', 8),
     'password_max_length' => env('AUTH_PASSWORD_MAX_LENGTH', 30),
+    'password_shape_pattern' => env('AUTH_PASSWORD_SHAPE_PATTERN', '^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-])'),
+    'password_shape_warning' => env('AUTH_PASSWORD_SHAPE_WARNING', 'Password must include at least one uppercase letter, one lowercase letter, one number, and one special character.'),
     'verification_email_lifetime' => env("AUTH_VERIFICATION_EMAIL_LIFETIME", 600),
     'allows_native_auth' => env('AUTH_ALLOWS_NATIVE_AUTH', 1),
     'allows_native_on_config' => env('AUTH_ALLOWS_NATIVE_AUTH_CONFIG', 1),

resources/js/admin/edit_user/components/password_change_panel.js

@@ -1,4 +1,4 @@
-import React, {useEffect, useState} from "react";
+import React, {useState} from "react";
 import ReactDOM from "react-dom";
 import ArrowBack from '@material-ui/icons/ArrowBack';
 import Button from "@material-ui/core/Button";
@@ -25,10 +25,11 @@ import ProfileImageUploader from "./components/profile_image_uploader/profile_im
 import Navbar from "../../components/navbar/navbar";
 import Divider from "@material-ui/core/Divider";
 import Link from "@material-ui/core/Link";
-import PasswordChangePanel from "./components/password_change_panel";
+import PasswordChangePanel from "../../components/password_change_panel";
 import LoadingIndicator from "../../components/loading_indicator";
 import TopLogo from "../../components/top_logo/top_logo";
 import {handleErrorResponse} from "../../utils";
+import {buildPasswordValidationSchema} from "../../validator";
 
 import styles from "./edit_user.module.scss";
 
@@ -65,15 +66,7 @@ const EditUserPage = ({
                 .email("Enter a valid email"),
             third_email: string("Email is required")
                 .email("Enter a valid email"),
-            password: string()
-                .min(passwordPolicy.min_length, `Password must be at least ${passwordPolicy.min_length} characters`)
-                .max(passwordPolicy.max_length, `Password must be at most ${passwordPolicy.max_length} characters`)
-                .matches(
-                    /^(?=.*[a-z])(?=.*[!@#$%^&*])/,
-                    "Password must include a special character"
-                ),
-            password_confirmation: string()
-                .oneOf([ref('password'), null], 'Passwords must match')
+            ...buildPasswordValidationSchema(passwordPolicy)
         });
     }