zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-05-13 16:16:59 +02:00
Code Issues Projects Releases Packages Wiki Activity

Added ability to have password policy and password expiration

Browse source
This commit is contained in:
Pinga 2025-02-11 15:50:29 +02:00
parent e0eeaed83c
commit 2620dfd7f3
5 changed files with 51 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

17
cp/app/Controllers/Auth/PasswordController.php
View file

@ -69,7 +69,13 @@ class PasswordController extends Controller
* @throws \Pinga\Auth\AuthError
*/
public function updatePassword(Request $request, Response $response){
global $container;
$data = $request->getParsedBody();
$db = $container->get('db');
$userId = $db->selectValue(
'SELECT user_id FROM users_resets WHERE selector = ? AND expires > ? ORDER BY expires DESC LIMIT 1',
[ $data['selector'], time() ]
);
$validation = $this->validator->validate($request, [
'password' => v::notEmpty()->stringType()->length(8),
'password2' => v::notEmpty(),
@ -78,10 +84,13 @@ class PasswordController extends Controller
if ($validation->failed()) {
redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])]);
}
elseif (!v::equals($data['password'])->validate($data['password2'])) {
redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])])->with('error','The password do not match.');
}
if (!checkPasswordComplexity($data['password2'])) {
redirect()->route('update.password',[],['selector'=>urlencode($data['selector']),'token'=>urlencode($data['token'])])->with('error','Password too weak. Use a stronger password.');
}
$_SESSION['password_last_changed'][$userId] = time();
Auth::resetPasswordUpdate($data['selector'], $data['token'], $data['password']);
}
@ -91,6 +100,7 @@ class PasswordController extends Controller
* @throws \Pinga\Auth\AuthError
*/
public function changePassword(Request $request, Response $response){
global $container;
$data = $request->getParsedBody();
$validation = $this->validator->validate($request, [
'old_password' => v::notEmpty(),
@ -99,6 +109,11 @@ class PasswordController extends Controller
if ($validation->failed()) {
redirect()->route('profile');
}
if (!checkPasswordComplexity($data['new_password'])) {
redirect()->route('profile')->with('error','Password too weak. Use a stronger password.');
}
$userId = $container->get('auth')->user()['id'];
$_SESSION['password_last_changed'][$userId] = time();
Auth::changeCurrentPassword($data['old_password'], $data['new_password']);
}
}