CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-09-28 23:41:23 +12:00
Code Issues Projects Releases Wiki Activity

validator for password history

Browse source
This commit is contained in:
Damodar Lohani 2022-12-18 09:08:51 +00:00
parent f7dd37a9d1
commit 30ece2d36a
3 changed files with 82 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
app/controllers/api/account.php
View file

@ -40,6 +40,7 @@ use Utopia\Validator\ArrayList;
use Utopia\Validator\Assoc;
use Utopia\Validator\Text;
use Utopia\Validator\WhiteList;
use Appwrite\Auth\Validator\PasswordHistory;
$oauthDefaultSuccess = '/auth/oauth2/success';
$oauthDefaultFailure = '/auth/oauth2/failure';
@ -1530,11 +1531,9 @@ App::patch('/v1/account/password')
$history = [];
if ($historyLimit > 0) {
$history = $user->getAttribute('passwordHistory', []);
foreach ($history as $hash) {
if (Auth::passwordVerify($password, $hash, $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) {
throw new Exception(Exception::USER_PASSWORD_RECENTLY_USED, 'The password was recently used', 409);
}
$validator = new PasswordHistory($history, $user->getAttribute('hash'), $user->getAttribute('hashOptions'));
if (!$validator->isValid($password)) {
throw new Exception(Exception::USER_PASSWORD_RECENTLY_USED, 'The password was recently used', 409);
}
$history[] = $newPassword;
@ -1544,7 +1543,7 @@ App::patch('/v1/account/password')
}
$user = $dbForProject->updateDocument('users', $user->getId(), $user
->setAttribute('passwordHistory', $history)
->setAttribute('a', $history)
->setAttribute('password', $newPassword)
->setAttribute('hash', Auth::DEFAULT_ALGO)
->setAttribute('hashOptions', Auth::DEFAULT_ALGO_OPTIONS)

9
app/controllers/api/users.php
View file

@ -34,6 +34,7 @@ use Utopia\Validator\Text;
use Utopia\Validator\Boolean;
use MaxMind\Db\Reader;
use Utopia\Validator\Integer;
use Appwrite\Auth\Validator\PasswordHistory;
/** TODO: Remove function when we move to using utopia/platform */
function createUser(string $hash, mixed $hashOptions, string $userId, ?string $email, ?string $password, ?string $phone, string $name, Document $project, Database $dbForProject, Event $events): Document
@ -809,11 +810,9 @@ App::patch('/v1/users/:userId/password')
$history = [];
if ($historyLimit > 0) {
$history = $user->getAttribute('passwordHistory', []);
foreach ($history as $hash) {
if (Auth::passwordVerify($password, $hash, $user->getAttribute('hash'), $user->getAttribute('hashOptions'))) {
throw new Exception(Exception::USER_PASSWORD_RECENTLY_USED, 'The password was recently used', 409);
}
$validator = new PasswordHistory($history, $user->getAttribute('hash'), $user->getAttribute('hashOptions'));
if (!$validator->isValid($password)) {
throw new Exception(Exception::USER_PASSWORD_RECENTLY_USED, 'The password was recently used', 409);
}
$history[] = $newPassword;

73
src/Appwrite/Auth/Validator/PasswordHistory.php Normal file
View file

@ -0,0 +1,73 @@
<?php
namespace Appwrite\Auth\Validator;
use Appwrite\Auth\Auth;
/**
* Password.
*
* Validates user password string
*/
class PasswordHistory extends Password
{
protected array $history;
public function __construct(array $history)
{
$this->history = $history;
}
/**
* Get Description.
*
* Returns validator description
*
* @return string
*/
public function getDescription(): string
{
return 'Password shouldn\'t be in the history.';
}
/**
* Is valid.
*
* @param mixed $value
*
* @return bool
*/
public function isValid($value): bool
{
foreach ($this->history as $hash) {
if (Auth::passwordVerify($value, $hash, $this->algo, $this->algoOptions)) {
return false;
}
}
return true;
}
/**
* Is array
*
* Function will return true if object is array.
*
* @return bool
*/
public function isArray(): bool
{
return false;
}
/**
* Get Type
*
* Returns validator type.
*
* @return string
*/
public function getType(): string
{
return self::TYPE_STRING;
}
}