Fixed #6703 - fixes password confirmation (#6711)

* Fixed #6703 - fixes password confirmation * Removed debugging * Fixed tests * I guess we use 10 as the settings for password min in tests * One more try to fix tests - confirmation won’t validate until password validates
2024-11-09 23:24:06 -08:00 · 2019-02-13 23:01:19 -08:00 · 2019-02-13 23:01:19 -08:00 · 35ebe33e4e
parent 9035707bd6
commit 35ebe33e4e
10 changed files with 21 additions and 25 deletions
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@ -125,8 +125,7 @@ class ProfileController extends Controller

        $rules = array(
            'current_password'     => 'required',
-            'password'         => Setting::passwordComplexityRulesSaving('store'),
-            'password_confirm' => 'required|same:password',
+            'password'         => Setting::passwordComplexityRulesSaving('store').'|confirmed',
        );

        $validator = \Validator::make($request->all(), $rules);
--- a/app/Http/Requests/SaveUserRequest.php
+++ b/app/Http/Requests/SaveUserRequest.php
@ -37,7 +37,7 @@ class SaveUserRequest extends Request
                $rules['username'] = 'required_unless:ldap_import,1|string|min:1';
                if ($this->request->get('ldap_import') == false)
                {
-                    $rules['password'] = Setting::passwordComplexityRulesSaving('store');
+                    $rules['password'] = Setting::passwordComplexityRulesSaving('store').'|confirmed';
                }
                break;
            }
@ -46,7 +46,7 @@ class SaveUserRequest extends Request
            case 'PUT':
                $rules['first_name'] = 'required|string|min:1';
                $rules['username'] = 'required_unless:ldap_import,1|string|min:1';
-                $rules['password'] = Setting::passwordComplexityRulesSaving('update');
+                $rules['password'] = Setting::passwordComplexityRulesSaving('update').'|confirmed';
                break;

            // Save only what's passed
@ -58,9 +58,7 @@ class SaveUserRequest extends Request

            default:break;
        }
-
-        $rules['password_confirm'] = 'sometimes|required_with:password';
-
+        
        return $rules;

    }
--- a/app/Http/Requests/SetupUserRequest.php
+++ b/app/Http/Requests/SetupUserRequest.php
@ -29,8 +29,7 @@ class SetupUserRequest extends Request
          'last_name' => 'required|string|min:1',
          'username' => 'required|string|min:2|unique:users,username,NULL,deleted_at',
          'email' => 'email|unique:users,email',
-          'password' => 'required|min:6',
-          'password_confirm' => 'required|min:6|same:password',
+          'password' => 'required|min:6|confirmed',
          'email_domain' => 'required|min:4',
        ];
    }
--- a/resources/lang/en/validation.php
+++ b/resources/lang/en/validation.php
@ -42,6 +42,7 @@ return array(
    'exists'               => 'The selected :attribute is invalid.',
    'file'                 => 'The :attribute must be a file.',
    'filled'               => 'The :attribute field must have a value.',
+    'hashed_pass'          => 'Your password is incorrect.',
    'image'                => 'The :attribute must be an image.',
    'in'                   => 'The selected :attribute is invalid.',
    'in_array'             => 'The :attribute field does not exist in :other.',
--- a/resources/views/account/change-password.blade.php
+++ b/resources/views/account/change-password.blade.php
@ -37,11 +37,11 @@
    </div>


-    <div class="form-group {{ $errors->has('password_confirm') ? ' has-error' : '' }}">
+    <div class="form-group {{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
        <label for="password_confirm" class="col-md-3 control-label">New Password</label>
        <div class="col-md-5 required">
-            <input class="form-control" type="password" name="password_confirm" id="password_confirm"  {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
-            {!! $errors->first('password_confirm', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
+            <input class="form-control" type="password" name="password_confirmation" id="password_confirmation"  {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
+            {!! $errors->first('password_confirmation', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
            @if (config('app.lock_passwords'))
            	<p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p>
            @endif
--- a/resources/views/modals/user.blade.php
+++ b/resources/views/modals/user.blade.php
@ -14,7 +14,7 @@
            'numbers': true,
            'specialChars': true,
            'onPasswordGenerated': function (generatedPassword) {
-                $('#modal-password_confirm').val($('#modal-password').val());
+                $('#modal-password_confirmation').val($('#modal-password').val());
            }
        });
    });
@ -52,8 +52,8 @@
                    </div>

                    <div class="dynamic-form-row">
-                        <div class="col-md-4 col-xs-12"><label for="modal-password_confirm">{{ trans('admin/users/table.password_confirm') }}:</label></div>
-                        <div class="col-md-8 col-xs-12 required"><input type='password' name="password_confirm" id='modal-password_confirm' class="form-control">
+                        <div class="col-md-4 col-xs-12"><label for="modal-password_confirmation">{{ trans('admin/users/table.password_confirm') }}:</label></div>
+                        <div class="col-md-8 col-xs-12 required"><input type='password' name="password_confirmation" id='modal-password_confirmation' class="form-control">
                            <div id="generated-password"></div>
                        </div>
                    </div>
--- a/resources/views/setup/user.blade.php
+++ b/resources/views/setup/user.blade.php
@ -150,7 +150,7 @@ Create a User ::
      <!-- password confirm -->
      <div class="form-group col-lg-6{{  (\App\Helpers\Helper::checkIfRequired(\App\Models\User::class, 'password')) ? ' required' : '' }} {{ $errors->has('password_confirm') ? 'error' : '' }}">
        {{ Form::label('password_confirmation', trans('admin/users/table.password_confirm')) }}
-        {{ Form::password('password_confirm', array('class' => 'form-control')) }}
+        {{ Form::password('password_confirmation', array('class' => 'form-control')) }}
        {!! $errors->first('password_confirmation', '<span class="alert-msg">:message</span>') !!}
      </div>
    </div>
--- a/resources/views/users/edit.blade.php
+++ b/resources/views/users/edit.blade.php
@ -163,14 +163,14 @@

                @if ($user->ldap_import!='1')
                <!-- Password Confirm -->
-                <div class="form-group {{ $errors->has('password_confirm') ? 'has-error' : '' }}">
-                  <label class="col-md-3 control-label" for="password_confirm">
+                <div class="form-group {{ $errors->has('password_confirmation') ? 'has-error' : '' }}">
+                  <label class="col-md-3 control-label" for="password_confirmation">
                    {{ trans('admin/users/table.password_confirm') }}
                  </label>
                  <div class="col-md-5 {{  ((\App\Helpers\Helper::checkIfRequired($user, 'first_name')) && (!$user->id)) ? ' required' : '' }}">
                    <input
                    type="password"
-                    name="password_confirm"
+                    name="password_confirmation"
                    id="password_confirm"
                    class="form-control"
                    value=""
@ -182,7 +182,7 @@
                    @if (config('app.lock_passwords') && ($user->id))
                    <p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p>
                    @endif
-                    {!! $errors->first('password_confirm', '<span class="alert-msg">:message</span>') !!}
+                    {!! $errors->first('password_confirmation', '<span class="alert-msg">:message</span>') !!}
                  </div>
                </div>
                @endif
--- a/tests/acceptance/UsersCept.php
+++ b/tests/acceptance/UsersCept.php
@ -59,8 +59,8 @@ $I->click(['name' => 'username']);
 $I->fillField(['name' => 'username'], \App\Helpers\Helper::generateRandomString(15));
 $I->click(['name' => 'password']);
 $I->fillField(['name' => 'password'], 'password');
-$I->click(['name' => 'password_confirm']);
-$I->fillField(['name' => 'password_confirm'], 'password');
+$I->click(['name' => 'password_confirmation']);
+$I->fillField(['name' => 'password_confirmation'], 'password');
 $I->click('Save');
 $I->seeElement('.alert-success');
 $I->dontSeeInSource('&lt;br&gt;&lt;');
--- a/tests/functional/UsersCest.php
+++ b/tests/functional/UsersCest.php
@ -39,11 +39,10 @@ class UsersCest
        $I->fillField('first_name', 't2');
        $I->fillField('last_name', 't2');
        $I->fillField('username', 'a');
-        $I->fillField('password', '12345'); // Must be 6 chars
+        $I->fillField('password', '12345');
        $I->click('Save');
        $I->seeElement('.alert-danger');
        $I->see('The password must be at least 10 characters', '.alert-msg');
-        $I->see('The password confirm field is required when password is present', '.alert-msg');

    }
    public function passesCorrectValidation(FunctionalTester $I)
@ -54,7 +53,7 @@ class UsersCest
            'last_name'         => $user->last_name,
            'username'          => $user->username,
            'password'          => $user->password,
-            'password_confirm'  => $user->password,
+            'password_confirmation'  => $user->password,
            'email'             => $user->email,
            'company_id'        => $user->company_id,
            'locale'            => $user->locale,