DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2024-11-09 23:24:06 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Added validation to disallow password to be the same as username, email, etc

Browse source
This commit is contained in:
snipe 2020-11-02 20:03:26 -08:00
parent 33bda9b6d1
commit a55694da2f
4 changed files with 54 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
app/Http/Controllers/ProfileController.php
View file

@ -156,6 +156,16 @@ class ProfileController extends Controller
if (!Hash::check($request->input('current_password'), $user->password)) {
$validator->errors()->add('current_password', trans('validation.hashed_pass'));
}
if (($request->input('password') == $user->username) ||
($request->input('password') == $user->email) ||
($request->input('password') == $user->first_name) ||
($request->input('password') == $user->last_name))
{
$validator->errors()->add('password', trans('validation.disallow_same_pwd_as_user_fields'));
}
});

42
app/Providers/ValidationServiceProvider.php
View file

@ -91,6 +91,48 @@ class ValidationServiceProvider extends ServiceProvider
});
// This ONLY works for create/update user forms, since the Update Profile Password form doesn't
// include any of these additional validator fields
Validator::extend('disallow_same_pwd_as_user_fields', function ($attribute, $value, $parameters, $validator) {
$data = $validator->getData();
\Log::debug('Attribute: '.$attribute);
\Log::debug('Value: '. $value);
\Log::debug('Parameters: '.print_r($parameters, true));
\Log::debug('Data: '.print_r($data, true));
if (array_key_exists("username", $data)) {
if ($data['username'] == $data['password']) {
return false;
}
}
if (array_key_exists("email", $data)) {
if ($data['email'] == $data['password']) {
return false;
}
}
if (array_key_exists("first_name", $data)) {
if ($data['first_name'] == $data['password']) {
return false;
}
}
if (array_key_exists("last_name", $data)) {
if ($data['last_name'] == $data['password']) {
return false;
}
}
return true;
});
Validator::extend('letters', function ($attribute, $value, $parameters) {
return preg_match('/\pL/', $value);
});

2
resources/lang/en/validation.php
View file

@ -99,7 +99,7 @@ return array(
'url' => 'The :attribute format is invalid.',
"unique_undeleted" => "The :attribute must be unique.",
"import_field_empty" => "The value of the Import Field shouldn't be empty",
"same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
"disallow_same_pwd_as_user_fields" => 'The password cannot be the same as the username, email address, or first or last name.',
/*
|--------------------------------------------------------------------------

2
resources/views/settings/security.blade.php
View file

@ -99,7 +99,7 @@
</div>
<div class="col-md-9">
{{ Form::checkbox("pwd_secure_complexity['same_pwd_as_user_fields']", 'same_pwd_as_user_fields', old('same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
{{ Form::checkbox("pwd_secure_complexity['disallow_same_pwd_as_user_fields']", 'disallow_same_pwd_as_user_fields', old('disallow_same_pwd_as_user_fields', strpos($setting->pwd_secure_complexity, 'disallow_same_pwd_as_user_fields')!==false), array('class' => 'minimal', 'aria-label'=>'pwd_secure_complexity')) }}
Password cannot be the same as first name, last name, email, or username<br>