use password history on account create and update password
This commit is contained in:
parent
5d61ff5fab
commit
2603f91a6a
1 changed files with 16 additions and 2 deletions
|
@ -67,12 +67,13 @@ App::post('/v1/account')
|
|||
->param('email', '', new Email(), 'User email.')
|
||||
->param('password', '', new Password(), 'User password. Must be at least 8 chars.')
|
||||
->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true)
|
||||
->inject('passwordsdb')
|
||||
->inject('request')
|
||||
->inject('response')
|
||||
->inject('project')
|
||||
->inject('dbForProject')
|
||||
->inject('events')
|
||||
->action(function (string $userId, string $email, string $password, string $name, Request $request, Response $response, Document $project, Database $dbForProject, Event $events) {
|
||||
->action(function (string $userId, string $email, string $password, string $name, string $passwordsdb, Request $request, Response $response, Document $project, Database $dbForProject, Event $events) {
|
||||
|
||||
$email = \strtolower($email);
|
||||
if ('console' === $project->getId()) {
|
||||
|
@ -98,6 +99,12 @@ App::post('/v1/account')
|
|||
}
|
||||
}
|
||||
|
||||
if(str_contains($passwordsdb, $password)) {
|
||||
throw new Exception(Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||
'The password is among the common passwords in dictionary.',
|
||||
403);
|
||||
}
|
||||
|
||||
$passwordHistory = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||
|
||||
$password = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||
|
@ -1513,18 +1520,25 @@ App::patch('/v1/account/password')
|
|||
->label('sdk.response.model', Response::MODEL_ACCOUNT)
|
||||
->param('password', '', new Password(), 'New user password. Must be at least 8 chars.')
|
||||
->param('oldPassword', '', new Password(), 'Current user password. Must be at least 8 chars.', true)
|
||||
->inject('passwordsdb')
|
||||
->inject('response')
|
||||
->inject('user')
|
||||
->inject('project')
|
||||
->inject('dbForProject')
|
||||
->inject('events')
|
||||
->action(function (string $password, string $oldPassword, Response $response, Document $user, Document $project, Database $dbForProject, Event $events) {
|
||||
->action(function (string $password, string $oldPassword, string $passwordsdb, Response $response, Document $user, Document $project, Database $dbForProject, Event $events) {
|
||||
|
||||
// Check old password only if its an existing user.
|
||||
if (!empty($user->getAttribute('passwordUpdate')) && !Auth::passwordVerify($oldPassword, $user->getAttribute('password'), $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) { // Double check user password
|
||||
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
|
||||
}
|
||||
|
||||
if(str_contains($passwordsdb, $password)) {
|
||||
throw new Exception(Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||
'The password is among the common passwords in dictionary.',
|
||||
403);
|
||||
}
|
||||
|
||||
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||
|
||||
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||
|
|
Loading…
Reference in a new issue