Consistent in minimum password length

2025-10-13 16:00:13 +00:00 · 2020-04-11 06:42:40 +02:00
parent 6829003f5e
commit db5847b49b
5 changed files with 5 additions and 101 deletions
--- a/app/Http/Requests/ProfileFormRequest.php
+++ b/app/Http/Requests/ProfileFormRequest.php
@@ -50,7 +50,7 @@ class ProfileFormRequest extends Request
        // fixed
        return [
            'current_password'          => 'required',
-            'new_password'              => 'required|confirmed|secure_password',
+            'new_password'              => 'required|confirmed|secure_password|min:16',
            'new_password_confirmation' => 'required',
        ];
    }
--- a/app/Providers/FireflyServiceProvider.php
+++ b/app/Providers/FireflyServiceProvider.php
@@ -48,7 +48,7 @@ use FireflyIII\Services\FireflyIIIOrg\Update\UpdateRequest;
 use FireflyIII\Services\FireflyIIIOrg\Update\UpdateRequestInterface;
 use FireflyIII\Services\IP\IpifyOrg;
 use FireflyIII\Services\IP\IPRetrievalInterface;
-use FireflyIII\Services\Password\PwndVerifierV3;
+use FireflyIII\Services\Password\PwndVerifierV2;
 use FireflyIII\Services\Password\Verifier;
 use FireflyIII\Support\Amount;
 use FireflyIII\Support\ExpandedForm;
@@ -189,7 +189,7 @@ class FireflyServiceProvider extends ServiceProvider
        $this->app->bind(ExchangeRateInterface::class, $class);

        // password verifier thing
-        $this->app->bind(Verifier::class, PwndVerifierV3::class);
+        $this->app->bind(Verifier::class, PwndVerifierV2::class);

        // IP thing:
        $this->app->bind(IPRetrievalInterface::class, IpifyOrg::class);
--- a/app/Services/Password/PwndVerifierV3.php
+++ b/app/Services/Password/PwndVerifierV3.php
@@ -1,96 +0,0 @@
-<?php
-/**
- * PwndVerifierV3.php
- * Copyright (c) 2019 james@firefly-iii.org
- *
- * This file is part of Firefly III (https://github.com/firefly-iii).
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <https://www.gnu.org/licenses/>.
- */
-
-declare(strict_types=1);
-
-namespace FireflyIII\Services\Password;
-
-
-use Exception;
-use GuzzleHttp\Client;
-use GuzzleHttp\Exception\GuzzleException;
-use Log;
-use RuntimeException;
-
-/**
- * Class PwndVerifierV3
- * @codeCoverageIgnore
- * @codeCoverageIgnore
- * @deprecated
- */
-class PwndVerifierV3 implements Verifier
-{
-
-    /**
-     * Verify the given password against (some) service.
-     *
-     * @param string $password
-     *
-     * @return bool
-     */
-    public function validPassword(string $password): bool
-    {
-        Log::debug('Now in API v3.');
-        $hash   = strtoupper(sha1($password));
-        $prefix = substr($hash, 0, 5);
-        $rest   = substr($hash, 5);
-        $uri    = sprintf('https://api.pwnedpasswords.com/%s/%s', 'range', $prefix);
-
-        Log::debug(sprintf('URI is %s', $uri));
-
-        $headers = [
-            'User-Agent'   => sprintf('Firefly III v%s', config('firefly.version')),
-        ];
-        Log::debug('Headers', $headers);
-        $opts    = [
-            'headers' => $headers,
-            'timeout' => 5,
-        ];
-
-        Log::debug(sprintf('hash prefix is %s', $prefix));
-        Log::debug(sprintf('rest is %s', $rest));
-
-        try {
-            $client = new Client;
-            $res    = $client->request('GET', $uri, $opts);
-        } catch (GuzzleException|Exception $e) {
-            Log::error(sprintf('Could not verify password security: %s', $e->getMessage()));
-            return true;
-        }
-        Log::debug(sprintf('Status code returned is %d', $res->getStatusCode()));
-        if (404 === $res->getStatusCode()) {
-            return true;
-        }
-        $body = $res->getBody()->getContents();
-        try {
-            $strpos = stripos($body, $rest);
-        } catch (RuntimeException $e) {
-            Log::error(sprintf('Could not get body from Pwnd result: %s', $e->getMessage()));
-            $strpos = false;
-        }
-        if (false === $strpos) {
-            Log::debug(sprintf('%s was not found in result body. Return true.', $rest));
-            return true;
-        }
-        Log::debug(sprintf('Found %s, so return FALSE.', $rest));
-        return false;
-    }
-}
--- a/app/Support/Http/Controllers/RequestInformation.php
+++ b/app/Support/Http/Controllers/RequestInformation.php
@@ -300,7 +300,7 @@ trait RequestInformation
            $data,
            [
                'email'    => 'required|string|email|max:255|unique:users',
-                'password' => 'required|string|min:6|secure_password|confirmed',
+                'password' => 'required|string|min:16|secure_password|confirmed',
            ]
        );
    }
--- a/resources/views/v1/profile/change-password.twig
+++ b/resources/views/v1/profile/change-password.twig
@@ -52,7 +52,7 @@
                            </div>
                        </div>

-                        {{ ExpandedForm.checkbox('verify_password','1', false) }}
+                        {{ ExpandedForm.checkbox('verify_password','1', true) }}
                        <p>
                            <a data-toggle="modal" data-target="#passwordModal" href="#passwordModal">{{ 'what_is_pw_security'|_ }}</a>
                        </p>