From 452ee5c0862c182baa880d4577b8e53f546cdc76 Mon Sep 17 00:00:00 2001 From: Damodar Lohani Date: Mon, 20 Feb 2023 01:34:05 +0000 Subject: [PATCH] update dictonary validator --- app/controllers/api/account.php | 4 ++-- app/controllers/api/users.php | 4 ++-- src/Appwrite/Auth/Validator/PasswordDictionary.php | 9 ++++----- tests/unit/Auth/Validator/PasswordDictionaryTest.php | 8 +------- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/app/controllers/api/account.php b/app/controllers/api/account.php index 41db80ecd9..55b77e549b 100644 --- a/app/controllers/api/account.php +++ b/app/controllers/api/account.php @@ -66,7 +66,7 @@ App::post('/v1/account') ->label('abuse-limit', 10) ->param('userId', '', new CustomId(), 'Unique Id. Choose your own unique ID or pass the string `ID.unique()` to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('email', '', new Email(), 'User email.') - ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) + ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths',[])['passwordDictionary']), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) ->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true) ->inject('request') ->inject('response') @@ -1532,7 +1532,7 @@ App::patch('/v1/account/password') ->label('sdk.response.code', Response::STATUS_CODE_OK) ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_ACCOUNT) - ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) + ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths',[])['passwordDictionary']), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) ->param('oldPassword', '', new Password(), 'Current user password. Must be at least 8 chars.', true) ->inject('response') ->inject('user') diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 817d9b92b3..5d92595767 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -106,7 +106,7 @@ App::post('/v1/users') ->param('userId', '', new CustomId(), 'User ID. Choose your own unique ID or pass the string `ID.unique()` to auto generate it. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.') ->param('email', null, new Email(), 'User email.', true) ->param('phone', null, new Phone(), 'Phone number. Format this number with a leading \'+\' and a country code, e.g., +16175551212.', true) - ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project), 'Plain text user password. Must be at least 8 chars.', true, ['project', 'passwordsDictionary']) + ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths',[])['passwordDictionary']), 'Plain text user password. Must be at least 8 chars.', true, ['project', 'passwordsDictionary']) ->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true) ->inject('response') ->inject('project') @@ -793,7 +793,7 @@ App::patch('/v1/users/:userId/password') ->label('sdk.response.type', Response::CONTENT_TYPE_JSON) ->label('sdk.response.model', Response::MODEL_USER) ->param('userId', '', new UID(), 'User ID.') - ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) + ->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths',[])['passwordDictionary']), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary']) ->inject('response') ->inject('project') ->inject('dbForProject') diff --git a/src/Appwrite/Auth/Validator/PasswordDictionary.php b/src/Appwrite/Auth/Validator/PasswordDictionary.php index 5c6a2cba93..269babef37 100644 --- a/src/Appwrite/Auth/Validator/PasswordDictionary.php +++ b/src/Appwrite/Auth/Validator/PasswordDictionary.php @@ -12,12 +12,12 @@ use Utopia\Database\Document; class PasswordDictionary extends Password { protected array $dictionary; - protected Document $project; + protected bool $enabled; - public function __construct(array $dictionary, Document $project) + public function __construct(array $dictionary, bool $enabled = false) { $this->dictionary = $dictionary; - $this->project = $project; + $this->enabled = $enabled; } /** @@ -45,8 +45,7 @@ class PasswordDictionary extends Password return false; } - $dictionaryEnabled = $this->project->getAttribute('auths', [])['passwordDictionary'] ?? false; - if ($dictionaryEnabled && array_key_exists($value, $this->dictionary)) { + if ($this->enabled && array_key_exists($value, $this->dictionary)) { return false; } return true; diff --git a/tests/unit/Auth/Validator/PasswordDictionaryTest.php b/tests/unit/Auth/Validator/PasswordDictionaryTest.php index ab6cd884a3..2ed5ee9636 100644 --- a/tests/unit/Auth/Validator/PasswordDictionaryTest.php +++ b/tests/unit/Auth/Validator/PasswordDictionaryTest.php @@ -13,13 +13,7 @@ class PasswordDictionaryTest extends TestCase public function setUp(): void { $this->object = new PasswordDictionary( - ['password' => true, '123456' => true], - new Document([ - 'auths' => [ - 'passwordDictionary' => true - ] - ]) - ); + ['password' => true, '123456' => true], true); } public function testValues(): void