Merge pull request #14502 from marcusmoore/bug/sc-25004/pwd_secure_complexity-validation

Added validation around `pwd_secure_complexity`
This commit is contained in:
snipe 2024-03-26 20:05:04 +00:00 committed by GitHub
commit ae403da8c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 24 additions and 2 deletions

View file

@ -20,6 +20,7 @@ use DB;
use enshrined\svgSanitize\Sanitizer; use enshrined\svgSanitize\Sanitizer;
use Illuminate\Http\Request; use Illuminate\Http\Request;
use Illuminate\Support\Facades\Storage; use Illuminate\Support\Facades\Storage;
use Illuminate\Validation\Rule;
use Image; use Image;
use Input; use Input;
use Redirect; use Redirect;
@ -499,6 +500,19 @@ class SettingsController extends Controller
*/ */
public function postSecurity(Request $request) public function postSecurity(Request $request)
{ {
$this->validate($request, [
'pwd_secure_complexity' => 'array',
'pwd_secure_complexity.*' => [
Rule::in([
'disallow_same_pwd_as_user_fields',
'letters',
'numbers',
'symbols',
'case_diff',
])
]
]);
if (is_null($setting = Setting::getSettings())) { if (is_null($setting = Setting::getSettings())) {
return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error')); return redirect()->to('admin')->with('error', trans('admin/settings/message.update.error'));
} }

View file

@ -153,4 +153,10 @@ return [
'attributes' => [], 'attributes' => [],
/*
|--------------------------------------------------------------------------
| Generic Validation Messages
|--------------------------------------------------------------------------
*/
'invalid_value_in_field' => 'Invalid value included in this field',
]; ];

View file

@ -74,12 +74,11 @@
<!-- Common Passwords --> <!-- Common Passwords -->
<div class="form-group"> <div class="form-group {{ $errors->has('pwd_secure_complexity.*') ? 'error' : '' }}">
<div class="col-md-3"> <div class="col-md-3">
{{ Form::label('pwd_secure_complexity', trans('admin/settings/general.pwd_secure_complexity')) }} {{ Form::label('pwd_secure_complexity', trans('admin/settings/general.pwd_secure_complexity')) }}
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
<label class="form-control"> <label class="form-control">
<span class="sr-only">{{ trans('admin/settings/general.pwd_secure_uncommon') }}</span> <span class="sr-only">{{ trans('admin/settings/general.pwd_secure_uncommon') }}</span>
{{ Form::checkbox('pwd_secure_uncommon', '1', old('pwd_secure_uncommon', $setting->pwd_secure_uncommon),array( 'aria-label'=>'pwd_secure_uncommon')) }} {{ Form::checkbox('pwd_secure_uncommon', '1', old('pwd_secure_uncommon', $setting->pwd_secure_uncommon),array( 'aria-label'=>'pwd_secure_uncommon')) }}
@ -106,6 +105,9 @@
{{ trans('admin/settings/general.pwd_secure_complexity_case_diff') }} {{ trans('admin/settings/general.pwd_secure_complexity_case_diff') }}
</label> </label>
@if ($errors->has('pwd_secure_complexity.*'))
<span class="alert-msg">{{ trans('validation.invalid_value_in_field') }}</span>
@endif
<p class="help-block"> <p class="help-block">
{{ trans('admin/settings/general.pwd_secure_complexity_help') }} {{ trans('admin/settings/general.pwd_secure_complexity_help') }}
</p> </p>