Fixed #6703 - fixes password confirmation (#6711)

* Fixed #6703 - fixes password confirmation

* Removed debugging

* Fixed tests

* I guess we use 10 as the settings for password min in tests

* One more try to fix tests - confirmation won’t validate until password validates
This commit is contained in:
snipe 2019-02-13 23:01:19 -08:00 committed by GitHub
parent 9035707bd6
commit 35ebe33e4e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 21 additions and 25 deletions

View file

@ -125,8 +125,7 @@ class ProfileController extends Controller
$rules = array( $rules = array(
'current_password' => 'required', 'current_password' => 'required',
'password' => Setting::passwordComplexityRulesSaving('store'), 'password' => Setting::passwordComplexityRulesSaving('store').'|confirmed',
'password_confirm' => 'required|same:password',
); );
$validator = \Validator::make($request->all(), $rules); $validator = \Validator::make($request->all(), $rules);

View file

@ -37,7 +37,7 @@ class SaveUserRequest extends Request
$rules['username'] = 'required_unless:ldap_import,1|string|min:1'; $rules['username'] = 'required_unless:ldap_import,1|string|min:1';
if ($this->request->get('ldap_import') == false) if ($this->request->get('ldap_import') == false)
{ {
$rules['password'] = Setting::passwordComplexityRulesSaving('store'); $rules['password'] = Setting::passwordComplexityRulesSaving('store').'|confirmed';
} }
break; break;
} }
@ -46,7 +46,7 @@ class SaveUserRequest extends Request
case 'PUT': case 'PUT':
$rules['first_name'] = 'required|string|min:1'; $rules['first_name'] = 'required|string|min:1';
$rules['username'] = 'required_unless:ldap_import,1|string|min:1'; $rules['username'] = 'required_unless:ldap_import,1|string|min:1';
$rules['password'] = Setting::passwordComplexityRulesSaving('update'); $rules['password'] = Setting::passwordComplexityRulesSaving('update').'|confirmed';
break; break;
// Save only what's passed // Save only what's passed
@ -59,8 +59,6 @@ class SaveUserRequest extends Request
default:break; default:break;
} }
$rules['password_confirm'] = 'sometimes|required_with:password';
return $rules; return $rules;
} }

View file

@ -29,8 +29,7 @@ class SetupUserRequest extends Request
'last_name' => 'required|string|min:1', 'last_name' => 'required|string|min:1',
'username' => 'required|string|min:2|unique:users,username,NULL,deleted_at', 'username' => 'required|string|min:2|unique:users,username,NULL,deleted_at',
'email' => 'email|unique:users,email', 'email' => 'email|unique:users,email',
'password' => 'required|min:6', 'password' => 'required|min:6|confirmed',
'password_confirm' => 'required|min:6|same:password',
'email_domain' => 'required|min:4', 'email_domain' => 'required|min:4',
]; ];
} }

View file

@ -42,6 +42,7 @@ return array(
'exists' => 'The selected :attribute is invalid.', 'exists' => 'The selected :attribute is invalid.',
'file' => 'The :attribute must be a file.', 'file' => 'The :attribute must be a file.',
'filled' => 'The :attribute field must have a value.', 'filled' => 'The :attribute field must have a value.',
'hashed_pass' => 'Your password is incorrect.',
'image' => 'The :attribute must be an image.', 'image' => 'The :attribute must be an image.',
'in' => 'The selected :attribute is invalid.', 'in' => 'The selected :attribute is invalid.',
'in_array' => 'The :attribute field does not exist in :other.', 'in_array' => 'The :attribute field does not exist in :other.',

View file

@ -37,11 +37,11 @@
</div> </div>
<div class="form-group {{ $errors->has('password_confirm') ? ' has-error' : '' }}"> <div class="form-group {{ $errors->has('password_confirmation') ? ' has-error' : '' }}">
<label for="password_confirm" class="col-md-3 control-label">New Password</label> <label for="password_confirm" class="col-md-3 control-label">New Password</label>
<div class="col-md-5 required"> <div class="col-md-5 required">
<input class="form-control" type="password" name="password_confirm" id="password_confirm" {{ (config('app.lock_passwords') ? ' disabled' : '') }}> <input class="form-control" type="password" name="password_confirmation" id="password_confirmation" {{ (config('app.lock_passwords') ? ' disabled' : '') }}>
{!! $errors->first('password_confirm', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!} {!! $errors->first('password_confirmation', '<span class="alert-msg"><i class="fa fa-times"></i> :message</span>') !!}
@if (config('app.lock_passwords')) @if (config('app.lock_passwords'))
<p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p> <p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p>
@endif @endif

View file

@ -14,7 +14,7 @@
'numbers': true, 'numbers': true,
'specialChars': true, 'specialChars': true,
'onPasswordGenerated': function (generatedPassword) { 'onPasswordGenerated': function (generatedPassword) {
$('#modal-password_confirm').val($('#modal-password').val()); $('#modal-password_confirmation').val($('#modal-password').val());
} }
}); });
}); });
@ -52,8 +52,8 @@
</div> </div>
<div class="dynamic-form-row"> <div class="dynamic-form-row">
<div class="col-md-4 col-xs-12"><label for="modal-password_confirm">{{ trans('admin/users/table.password_confirm') }}:</label></div> <div class="col-md-4 col-xs-12"><label for="modal-password_confirmation">{{ trans('admin/users/table.password_confirm') }}:</label></div>
<div class="col-md-8 col-xs-12 required"><input type='password' name="password_confirm" id='modal-password_confirm' class="form-control"> <div class="col-md-8 col-xs-12 required"><input type='password' name="password_confirmation" id='modal-password_confirmation' class="form-control">
<div id="generated-password"></div> <div id="generated-password"></div>
</div> </div>
</div> </div>

View file

@ -150,7 +150,7 @@ Create a User ::
<!-- password confirm --> <!-- password confirm -->
<div class="form-group col-lg-6{{ (\App\Helpers\Helper::checkIfRequired(\App\Models\User::class, 'password')) ? ' required' : '' }} {{ $errors->has('password_confirm') ? 'error' : '' }}"> <div class="form-group col-lg-6{{ (\App\Helpers\Helper::checkIfRequired(\App\Models\User::class, 'password')) ? ' required' : '' }} {{ $errors->has('password_confirm') ? 'error' : '' }}">
{{ Form::label('password_confirmation', trans('admin/users/table.password_confirm')) }} {{ Form::label('password_confirmation', trans('admin/users/table.password_confirm')) }}
{{ Form::password('password_confirm', array('class' => 'form-control')) }} {{ Form::password('password_confirmation', array('class' => 'form-control')) }}
{!! $errors->first('password_confirmation', '<span class="alert-msg">:message</span>') !!} {!! $errors->first('password_confirmation', '<span class="alert-msg">:message</span>') !!}
</div> </div>
</div> </div>

View file

@ -163,14 +163,14 @@
@if ($user->ldap_import!='1') @if ($user->ldap_import!='1')
<!-- Password Confirm --> <!-- Password Confirm -->
<div class="form-group {{ $errors->has('password_confirm') ? 'has-error' : '' }}"> <div class="form-group {{ $errors->has('password_confirmation') ? 'has-error' : '' }}">
<label class="col-md-3 control-label" for="password_confirm"> <label class="col-md-3 control-label" for="password_confirmation">
{{ trans('admin/users/table.password_confirm') }} {{ trans('admin/users/table.password_confirm') }}
</label> </label>
<div class="col-md-5 {{ ((\App\Helpers\Helper::checkIfRequired($user, 'first_name')) && (!$user->id)) ? ' required' : '' }}"> <div class="col-md-5 {{ ((\App\Helpers\Helper::checkIfRequired($user, 'first_name')) && (!$user->id)) ? ' required' : '' }}">
<input <input
type="password" type="password"
name="password_confirm" name="password_confirmation"
id="password_confirm" id="password_confirm"
class="form-control" class="form-control"
value="" value=""
@ -182,7 +182,7 @@
@if (config('app.lock_passwords') && ($user->id)) @if (config('app.lock_passwords') && ($user->id))
<p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p> <p class="help-block">{{ trans('admin/users/table.lock_passwords') }}</p>
@endif @endif
{!! $errors->first('password_confirm', '<span class="alert-msg">:message</span>') !!} {!! $errors->first('password_confirmation', '<span class="alert-msg">:message</span>') !!}
</div> </div>
</div> </div>
@endif @endif

View file

@ -59,8 +59,8 @@ $I->click(['name' => 'username']);
$I->fillField(['name' => 'username'], \App\Helpers\Helper::generateRandomString(15)); $I->fillField(['name' => 'username'], \App\Helpers\Helper::generateRandomString(15));
$I->click(['name' => 'password']); $I->click(['name' => 'password']);
$I->fillField(['name' => 'password'], 'password'); $I->fillField(['name' => 'password'], 'password');
$I->click(['name' => 'password_confirm']); $I->click(['name' => 'password_confirmation']);
$I->fillField(['name' => 'password_confirm'], 'password'); $I->fillField(['name' => 'password_confirmation'], 'password');
$I->click('Save'); $I->click('Save');
$I->seeElement('.alert-success'); $I->seeElement('.alert-success');
$I->dontSeeInSource('&lt;br&gt;&lt;'); $I->dontSeeInSource('&lt;br&gt;&lt;');

View file

@ -39,11 +39,10 @@ class UsersCest
$I->fillField('first_name', 't2'); $I->fillField('first_name', 't2');
$I->fillField('last_name', 't2'); $I->fillField('last_name', 't2');
$I->fillField('username', 'a'); $I->fillField('username', 'a');
$I->fillField('password', '12345'); // Must be 6 chars $I->fillField('password', '12345');
$I->click('Save'); $I->click('Save');
$I->seeElement('.alert-danger'); $I->seeElement('.alert-danger');
$I->see('The password must be at least 10 characters', '.alert-msg'); $I->see('The password must be at least 10 characters', '.alert-msg');
$I->see('The password confirm field is required when password is present', '.alert-msg');
} }
public function passesCorrectValidation(FunctionalTester $I) public function passesCorrectValidation(FunctionalTester $I)
@ -54,7 +53,7 @@ class UsersCest
'last_name' => $user->last_name, 'last_name' => $user->last_name,
'username' => $user->username, 'username' => $user->username,
'password' => $user->password, 'password' => $user->password,
'password_confirm' => $user->password, 'password_confirmation' => $user->password,
'email' => $user->email, 'email' => $user->email,
'company_id' => $user->company_id, 'company_id' => $user->company_id,
'locale' => $user->locale, 'locale' => $user->locale,