feat: check history limit
This commit is contained in:
parent
cfd5a91c43
commit
0b1b7b8170
3 changed files with 33 additions and 15 deletions
|
@ -1509,15 +1509,20 @@ App::patch('/v1/account/password')
|
||||||
->param('oldPassword', '', new Password(), 'Current user password. Must be at least 8 chars.', true)
|
->param('oldPassword', '', new Password(), 'Current user password. Must be at least 8 chars.', true)
|
||||||
->inject('response')
|
->inject('response')
|
||||||
->inject('user')
|
->inject('user')
|
||||||
|
->inject('project')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('events')
|
->inject('events')
|
||||||
->action(function (string $password, string $oldPassword, Response $response, Document $user, Database $dbForProject, Event $events) {
|
->action(function (string $password, string $oldPassword, Response $response, Document $user, Document $project, Database $dbForProject, Event $events) {
|
||||||
|
|
||||||
// Check old password only if its an existing user.
|
// Check old password only if its an existing user.
|
||||||
if (!empty($user->getAttribute('passwordUpdate')) && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'), $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) { // Double check user password
|
if (!empty($user->getAttribute('passwordUpdate')) && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'), $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) { // Double check user password
|
||||||
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
|
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||||
|
|
||||||
|
$history = [];
|
||||||
|
if($historyLimit > 0) {
|
||||||
$history = $user->getAttribute('passwordHistory', []);
|
$history = $user->getAttribute('passwordHistory', []);
|
||||||
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||||
|
|
||||||
|
@ -1526,6 +1531,10 @@ App::patch('/v1/account/password')
|
||||||
}
|
}
|
||||||
|
|
||||||
$history[] = $newPassword;
|
$history[] = $newPassword;
|
||||||
|
while(count($history) > $historyLimit) {
|
||||||
|
array_pop($history);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$user = $dbForProject->updateDocument('users', $user->getId(), $user
|
$user = $dbForProject->updateDocument('users', $user->getId(), $user
|
||||||
->setAttribute('passwordHistory', $history)
|
->setAttribute('passwordHistory', $history)
|
||||||
|
|
|
@ -81,7 +81,7 @@ App::post('/v1/projects')
|
||||||
}
|
}
|
||||||
|
|
||||||
$auth = Config::getParam('auth', []);
|
$auth = Config::getParam('auth', []);
|
||||||
$auths = ['limit' => 0, 'maxSessions' => APP_LIMIT_USER_SESSIONS_DEFAULT, 'duration' => Auth::TOKEN_EXPIRATION_LOGIN_LONG];
|
$auths = ['limit' => 0, 'maxSessions' => APP_LIMIT_USER_SESSIONS_DEFAULT, 'passwordHistory' => 0, 'duration' => Auth::TOKEN_EXPIRATION_LOGIN_LONG];
|
||||||
foreach ($auth as $index => $method) {
|
foreach ($auth as $index => $method) {
|
||||||
$auths[$method['key'] ?? ''] = true;
|
$auths[$method['key'] ?? ''] = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -783,9 +783,10 @@ App::patch('/v1/users/:userId/password')
|
||||||
->param('userId', '', new UID(), 'User ID.')
|
->param('userId', '', new UID(), 'User ID.')
|
||||||
->param('password', '', new Password(), 'New user password. Must be at least 8 chars.')
|
->param('password', '', new Password(), 'New user password. Must be at least 8 chars.')
|
||||||
->inject('response')
|
->inject('response')
|
||||||
|
->inject('project')
|
||||||
->inject('dbForProject')
|
->inject('dbForProject')
|
||||||
->inject('events')
|
->inject('events')
|
||||||
->action(function (string $userId, string $password, Response $response, Database $dbForProject, Event $events) {
|
->action(function (string $userId, string $password, Response $response, Document $project, Database $dbForProject, Event $events) {
|
||||||
|
|
||||||
$user = $dbForProject->getDocument('users', $userId);
|
$user = $dbForProject->getDocument('users', $userId);
|
||||||
|
|
||||||
|
@ -793,6 +794,10 @@ App::patch('/v1/users/:userId/password')
|
||||||
throw new Exception(Exception::USER_NOT_FOUND);
|
throw new Exception(Exception::USER_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||||
|
|
||||||
|
$history = [];
|
||||||
|
if($historyLimit > 0) {
|
||||||
$history = $user->getAttribute('passwordHistory', []);
|
$history = $user->getAttribute('passwordHistory', []);
|
||||||
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||||
|
|
||||||
|
@ -801,6 +806,10 @@ App::patch('/v1/users/:userId/password')
|
||||||
}
|
}
|
||||||
|
|
||||||
$history[] = $newPassword;
|
$history[] = $newPassword;
|
||||||
|
while(count($history) > $historyLimit) {
|
||||||
|
array_pop($history);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$user
|
$user
|
||||||
->setAttribute('passwordHistory', $history)
|
->setAttribute('passwordHistory', $history)
|
||||||
|
|
Loading…
Reference in a new issue