From 581560792421a53fbb698716be4cd5d73cd57cce Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 25 Mar 2024 17:45:41 -0700
Subject: [PATCH 1/3] Add validation for pwd_secure_complexity

---
 app/Http/Controllers/SettingsController.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/app/Http/Controllers/SettingsController.php b/app/Http/Controllers/SettingsController.php
index b1cb620a83..dbb6f66222 100755
--- a/app/Http/Controllers/SettingsController.php
+++ b/app/Http/Controllers/SettingsController.php
@@ -20,6 +20,7 @@ use DB;
 use enshrined\svgSanitize\Sanitizer;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Storage;
+use Illuminate\Validation\Rule;
 use Image;
 use Input;
 use Redirect;
@@ -499,6 +500,19 @@ class SettingsController extends Controller
      */
     public function postSecurity(Request $request)
     {
+        $this->validate($request, [
+            'pwd_secure_complexity' => 'array',
+            'pwd_secure_complexity.*' => [
+                Rule::in([
+                    'disallow_same_pwd_as_user_fields',
+                    'letters',
+                    'numbers',
+                    'symbols',
+                    'case_diff',
+                ])
+            ]
+        ]);
+
         if (is_null($setting = Setting::getSettings())) {
             return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
         }

From bd506820b7144da54cfcc1d1f26221773a602863 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Mon, 25 Mar 2024 17:59:39 -0700
Subject: [PATCH 2/3] Display error message

---
 resources/views/settings/security.blade.php | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php
index a23b8cece9..baacb41440 100644
--- a/resources/views/settings/security.blade.php
+++ b/resources/views/settings/security.blade.php
@@ -74,12 +74,11 @@
 
 
                         <!-- Common Passwords -->
-                        <div class="form-group">
+                        <div class="form-group {{ $errors->has('pwd_secure_complexity.*') ? 'error' : '' }}">
                             <div class="col-md-3">
                                 {{ Form::label('pwd_secure_complexity', trans('admin/settings/general.pwd_secure_complexity')) }}
                             </div>
                             <div class="col-md-9">
-
                                 <label class="form-control">
                                     <span class="sr-only">{{ trans('admin/settings/general.pwd_secure_uncommon') }}</span>
                                     {{ Form::checkbox('pwd_secure_uncommon', '1', old('pwd_secure_uncommon', $setting->pwd_secure_uncommon),array( 'aria-label'=>'pwd_secure_uncommon')) }}
@@ -106,6 +105,9 @@
                                     {{ trans('admin/settings/general.pwd_secure_complexity_case_diff') }}
                                 </label>
 
+                                @if ($errors->has('pwd_secure_complexity.*'))
+                                    <span class="alert-msg">Invalid value included in this field</span>
+                                @endif
                                 <p class="help-block">
                                     {{ trans('admin/settings/general.pwd_secure_complexity_help') }}
                                 </p>

From b5b8777c9486d86832035b8c5d283d62121f0499 Mon Sep 17 00:00:00 2001
From: Marcus Moore <contact@marcusmoore.io>
Date: Tue, 26 Mar 2024 12:23:57 -0700
Subject: [PATCH 3/3] Extract translation string

---
 resources/lang/en-US/validation.php         | 6 ++++++
 resources/views/settings/security.blade.php | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/resources/lang/en-US/validation.php b/resources/lang/en-US/validation.php
index 1c6ad8a148..9298bc106f 100644
--- a/resources/lang/en-US/validation.php
+++ b/resources/lang/en-US/validation.php
@@ -151,4 +151,10 @@ return [
 
     'attributes' => [],
 
+    /*
+    |--------------------------------------------------------------------------
+    | Generic Validation Messages
+    |--------------------------------------------------------------------------
+    */
+    'invalid_value_in_field' => 'Invalid value included in this field',
 ];
diff --git a/resources/views/settings/security.blade.php b/resources/views/settings/security.blade.php
index baacb41440..f108683dc3 100644
--- a/resources/views/settings/security.blade.php
+++ b/resources/views/settings/security.blade.php
@@ -106,7 +106,7 @@
                                 </label>
 
                                 @if ($errors->has('pwd_secure_complexity.*'))
-                                    <span class="alert-msg">Invalid value included in this field</span>
+                                    <span class="alert-msg">{{ trans('validation.invalid_value_in_field') }}</span>
                                 @endif
                                 <p class="help-block">
                                     {{ trans('admin/settings/general.pwd_secure_complexity_help') }}