CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-03 11:24:48 +12:00
Code Issues Projects Releases Wiki Activity

Implement max password length

Browse source
This commit is contained in:
Matej Bačo 2024-01-02 10:59:35 +00:00
parent 91e3ea4bae
commit 554e9f93b6
6 changed files with 110 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
app/controllers/api/account.php
View file

@ -69,7 +69,7 @@ App::post('/v1/account')
->label('abuse-limit', 10)
->param('userId', '', new CustomId(), 'Unique Id. Choose a custom ID or generate a random ID with `ID.unique()`. Valid chars are a-z, A-Z, 0-9, period, hyphen, and underscore. Can\'t start with a special char. Max length is 36 chars.')
->param('email', '', new Email(), 'User email.')
->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths', [])['passwordDictionary'] ?? false), 'New user password. Must be at least 8 chars.', false, ['project', 'passwordsDictionary'])
->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths', [])['passwordDictionary'] ?? false), 'New user password. Must be between 8 and 256 chars.', false, ['project', 'passwordsDictionary'])
->param('name', '', new Text(128), 'User name. Max length: 128 chars.', true)
->inject('request')
->inject('response')
@ -2724,8 +2724,8 @@ App::put('/v1/account/recovery')
->label('abuse-key', 'url:{url},userId:{param-userId}')
->param('userId', '', new UID(), 'User ID.')
->param('secret', '', new Text(256), 'Valid reset token.')
->param('password', '', new Password(), 'New user password. Must be at least 8 chars.')
->param('passwordAgain', '', new Password(), 'Repeat new user password. Must be at least 8 chars.')
->param('password', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths', [])['passwordDictionary'] ?? false), 'New user password. Must be between 8 and 256 chars.', false, ['project', 'passwordsDictionary'])
->param('passwordAgain', '', fn ($project, $passwordsDictionary) => new PasswordDictionary($passwordsDictionary, $project->getAttribute('auths', [])['passwordDictionary'] ?? false), 'Repeat new user password. Must be between 8 and 256 chars.', false, ['project', 'passwordsDictionary'])
->inject('response')
->inject('user')
->inject('dbForProject')

120
composer.lock generated
View file

@ -1906,16 +1906,16 @@
},
{
"name": "utopia-php/database",
"version": "0.45.2",
"version": "0.45.3",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/database.git",
"reference": "dc789f2c1fd8b5ee07ff883e11c9ad7970824788"
"reference": "33b4e9a4a6c29f6bb7e108e134b283d585955789"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/database/zipball/dc789f2c1fd8b5ee07ff883e11c9ad7970824788",
"reference": "dc789f2c1fd8b5ee07ff883e11c9ad7970824788",
"url": "https://api.github.com/repos/utopia-php/database/zipball/33b4e9a4a6c29f6bb7e108e134b283d585955789",
"reference": "33b4e9a4a6c29f6bb7e108e134b283d585955789",
"shasum": ""
},
"require": {
@ -1956,9 +1956,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/database/issues",
"source": "https://github.com/utopia-php/database/tree/0.45.2"
"source": "https://github.com/utopia-php/database/tree/0.45.3"
},
"time": "2023-11-15T03:38:47+00:00"
"time": "2023-12-28T11:12:26+00:00"
},
{
"name": "utopia-php/domains",
@ -2476,16 +2476,16 @@
},
{
"name": "utopia-php/platform",
"version": "0.5.0",
"version": "0.5.1",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/platform.git",
"reference": "229a7b1fa1f39afd1532f7a515326a6afc222a26"
"reference": "3eceef0b6593fe0f7d2efd36d40402a395a4c285"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/platform/zipball/229a7b1fa1f39afd1532f7a515326a6afc222a26",
"reference": "229a7b1fa1f39afd1532f7a515326a6afc222a26",
"url": "https://api.github.com/repos/utopia-php/platform/zipball/3eceef0b6593fe0f7d2efd36d40402a395a4c285",
"reference": "3eceef0b6593fe0f7d2efd36d40402a395a4c285",
"shasum": ""
},
"require": {
@ -2493,7 +2493,7 @@
"ext-redis": "*",
"php": ">=8.0",
"utopia-php/cli": "0.15.*",
"utopia-php/framework": "0.31.*"
"utopia-php/framework": "0.*.*"
},
"require-dev": {
"laravel/pint": "1.2.*",
@ -2519,9 +2519,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/platform/issues",
"source": "https://github.com/utopia-php/platform/tree/0.5.0"
"source": "https://github.com/utopia-php/platform/tree/0.5.1"
},
"time": "2023-10-16T20:28:49+00:00"
"time": "2023-12-26T16:14:41+00:00"
},
{
"name": "utopia-php/pools",
@ -2742,16 +2742,16 @@
},
{
"name": "utopia-php/storage",
"version": "0.18.1",
"version": "0.18.3",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/storage.git",
"reference": "983e6dee137012f9f57f126d3c79aab54e4e8824"
"reference": "faa0279519ac14f3501e8b138e0865ad9d12bff6"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/storage/zipball/983e6dee137012f9f57f126d3c79aab54e4e8824",
"reference": "983e6dee137012f9f57f126d3c79aab54e4e8824",
"url": "https://api.github.com/repos/utopia-php/storage/zipball/faa0279519ac14f3501e8b138e0865ad9d12bff6",
"reference": "faa0279519ac14f3501e8b138e0865ad9d12bff6",
"shasum": ""
},
"require": {
@ -2791,9 +2791,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/storage/issues",
"source": "https://github.com/utopia-php/storage/tree/0.18.1"
"source": "https://github.com/utopia-php/storage/tree/0.18.3"
},
"time": "2023-10-24T14:44:19+00:00"
"time": "2023-12-31T11:45:12+00:00"
},
{
"name": "utopia-php/swoole",
@ -2904,23 +2904,23 @@
},
{
"name": "utopia-php/vcs",
"version": "0.6.2",
"version": "0.6.4",
"source": {
"type": "git",
"url": "https://github.com/utopia-php/vcs.git",
"reference": "f135291b87cb45335fc6608722e7f89894bc33ee"
"reference": "b2595a50a4897a8c88319240810055b7a96efd6d"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/utopia-php/vcs/zipball/f135291b87cb45335fc6608722e7f89894bc33ee",
"reference": "f135291b87cb45335fc6608722e7f89894bc33ee",
"url": "https://api.github.com/repos/utopia-php/vcs/zipball/b2595a50a4897a8c88319240810055b7a96efd6d",
"reference": "b2595a50a4897a8c88319240810055b7a96efd6d",
"shasum": ""
},
"require": {
"adhocore/jwt": "^1.1",
"php": ">=8.0",
"utopia-php/cache": "^0.8.0",
"utopia-php/framework": "0.31.*"
"utopia-php/framework": "0.*.*"
},
"require-dev": {
"laravel/pint": "1.2.*",
@ -2947,9 +2947,9 @@
],
"support": {
"issues": "https://github.com/utopia-php/vcs/issues",
"source": "https://github.com/utopia-php/vcs/tree/0.6.2"
"source": "https://github.com/utopia-php/vcs/tree/0.6.4"
},
"time": "2023-11-08T15:36:03+00:00"
"time": "2023-12-26T15:38:19+00:00"
},
{
"name": "utopia-php/websocket",
@ -3487,16 +3487,16 @@
},
{
"name": "nikic/php-parser",
"version": "v4.17.1",
"version": "v4.18.0",
"source": {
"type": "git",
"url": "https://github.com/nikic/PHP-Parser.git",
"reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d"
"reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d",
"reference": "a6303e50c90c355c7eeee2c4a8b27fe8dc8fef1d",
"url": "https://api.github.com/repos/nikic/PHP-Parser/zipball/1bcbb2179f97633e98bbbc87044ee2611c7d7999",
"reference": "1bcbb2179f97633e98bbbc87044ee2611c7d7999",
"shasum": ""
},
"require": {
@ -3537,9 +3537,9 @@
],
"support": {
"issues": "https://github.com/nikic/PHP-Parser/issues",
"source": "https://github.com/nikic/PHP-Parser/tree/v4.17.1"
"source": "https://github.com/nikic/PHP-Parser/tree/v4.18.0"
},
"time": "2023-08-13T19:53:39+00:00"
"time": "2023-12-10T21:03:43+00:00"
},
{
"name": "phar-io/manifest",
@ -3891,16 +3891,16 @@
},
{
"name": "phpstan/phpdoc-parser",
"version": "1.24.4",
"version": "1.24.5",
"source": {
"type": "git",
"url": "https://github.com/phpstan/phpdoc-parser.git",
"reference": "6bd0c26f3786cd9b7c359675cb789e35a8e07496"
"reference": "fedf211ff14ec8381c9bf5714e33a7a552dd1acc"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/6bd0c26f3786cd9b7c359675cb789e35a8e07496",
"reference": "6bd0c26f3786cd9b7c359675cb789e35a8e07496",
"url": "https://api.github.com/repos/phpstan/phpdoc-parser/zipball/fedf211ff14ec8381c9bf5714e33a7a552dd1acc",
"reference": "fedf211ff14ec8381c9bf5714e33a7a552dd1acc",
"shasum": ""
},
"require": {
@ -3932,29 +3932,29 @@
"description": "PHPDoc parser with support for nullable, intersection and generic types",
"support": {
"issues": "https://github.com/phpstan/phpdoc-parser/issues",
"source": "https://github.com/phpstan/phpdoc-parser/tree/1.24.4"
"source": "https://github.com/phpstan/phpdoc-parser/tree/1.24.5"
},
"time": "2023-11-26T18:29:22+00:00"
"time": "2023-12-16T09:33:33+00:00"
},
{
"name": "phpunit/php-code-coverage",
"version": "9.2.29",
"version": "9.2.30",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/php-code-coverage.git",
"reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76"
"reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/6a3a87ac2bbe33b25042753df8195ba4aa534c76",
"reference": "6a3a87ac2bbe33b25042753df8195ba4aa534c76",
"url": "https://api.github.com/repos/sebastianbergmann/php-code-coverage/zipball/ca2bd87d2f9215904682a9cb9bb37dda98e76089",
"reference": "ca2bd87d2f9215904682a9cb9bb37dda98e76089",
"shasum": ""
},
"require": {
"ext-dom": "*",
"ext-libxml": "*",
"ext-xmlwriter": "*",
"nikic/php-parser": "^4.15",
"nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3",
"phpunit/php-file-iterator": "^3.0.3",
"phpunit/php-text-template": "^2.0.2",
@ -4004,7 +4004,7 @@
"support": {
"issues": "https://github.com/sebastianbergmann/php-code-coverage/issues",
"security": "https://github.com/sebastianbergmann/php-code-coverage/security/policy",
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.29"
"source": "https://github.com/sebastianbergmann/php-code-coverage/tree/9.2.30"
},
"funding": [
{
@ -4012,7 +4012,7 @@
"type": "github"
}
],
"time": "2023-09-19T04:57:46+00:00"
"time": "2023-12-22T06:47:57+00:00"
},
{
"name": "phpunit/php-file-iterator",
@ -4651,20 +4651,20 @@
},
{
"name": "sebastian/complexity",
"version": "2.0.2",
"version": "2.0.3",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/complexity.git",
"reference": "739b35e53379900cc9ac327b2147867b8b6efd88"
"reference": "25f207c40d62b8b7aa32f5ab026c53561964053a"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/complexity/zipball/739b35e53379900cc9ac327b2147867b8b6efd88",
"reference": "739b35e53379900cc9ac327b2147867b8b6efd88",
"url": "https://api.github.com/repos/sebastianbergmann/complexity/zipball/25f207c40d62b8b7aa32f5ab026c53561964053a",
"reference": "25f207c40d62b8b7aa32f5ab026c53561964053a",
"shasum": ""
},
"require": {
"nikic/php-parser": "^4.7",
"nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3"
},
"require-dev": {
@ -4696,7 +4696,7 @@
"homepage": "https://github.com/sebastianbergmann/complexity",
"support": {
"issues": "https://github.com/sebastianbergmann/complexity/issues",
"source": "https://github.com/sebastianbergmann/complexity/tree/2.0.2"
"source": "https://github.com/sebastianbergmann/complexity/tree/2.0.3"
},
"funding": [
{
@ -4704,7 +4704,7 @@
"type": "github"
}
],
"time": "2020-10-26T15:52:27+00:00"
"time": "2023-12-22T06:19:30+00:00"
},
{
"name": "sebastian/diff",
@ -4978,20 +4978,20 @@
},
{
"name": "sebastian/lines-of-code",
"version": "1.0.3",
"version": "1.0.4",
"source": {
"type": "git",
"url": "https://github.com/sebastianbergmann/lines-of-code.git",
"reference": "c1c2e997aa3146983ed888ad08b15470a2e22ecc"
"reference": "e1e4a170560925c26d424b6a03aed157e7dcc5c5"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/c1c2e997aa3146983ed888ad08b15470a2e22ecc",
"reference": "c1c2e997aa3146983ed888ad08b15470a2e22ecc",
"url": "https://api.github.com/repos/sebastianbergmann/lines-of-code/zipball/e1e4a170560925c26d424b6a03aed157e7dcc5c5",
"reference": "e1e4a170560925c26d424b6a03aed157e7dcc5c5",
"shasum": ""
},
"require": {
"nikic/php-parser": "^4.6",
"nikic/php-parser": "^4.18 || ^5.0",
"php": ">=7.3"
},
"require-dev": {
@ -5023,7 +5023,7 @@
"homepage": "https://github.com/sebastianbergmann/lines-of-code",
"support": {
"issues": "https://github.com/sebastianbergmann/lines-of-code/issues",
"source": "https://github.com/sebastianbergmann/lines-of-code/tree/1.0.3"
"source": "https://github.com/sebastianbergmann/lines-of-code/tree/1.0.4"
},
"funding": [
{
@ -5031,7 +5031,7 @@
"type": "github"
}
],
"time": "2020-11-28T06:42:11+00:00"
"time": "2023-12-22T06:20:34+00:00"
},
{
"name": "sebastian/object-enumerator",
@ -5847,5 +5847,5 @@
"platform-overrides": {
"php": "8.0"
},
"plugin-api-version": "2.3.0"
"plugin-api-version": "2.6.0"
}

6
src/Appwrite/Auth/Validator/Password.php
View file

@ -20,7 +20,7 @@ class Password extends Validator
*/
public function getDescription(): string
{
return 'Password must be at least 8 characters';
return 'Password must be between 8 and 256 characters long.';
}
/**
@ -40,6 +40,10 @@ class Password extends Validator
return false;
}
if (\strlen($value) > 256) {
return false;
}
return true;
}

2
src/Appwrite/Auth/Validator/PasswordDictionary.php
View file

@ -27,7 +27,7 @@ class PasswordDictionary extends Password
*/
public function getDescription(): string
{
return 'Password must be at least 8 characters and should not be one of the commonly used password.';
return 'Password must be between 8 and 265 characters long, and should not be one of the commonly used password.';
}
/**

30
tests/e2e/Services/Account/AccountBase.php
View file

@ -94,6 +94,36 @@ trait AccountBase
$this->assertEquals($response['headers']['status-code'], 400);
$shortPassword = 'short';
$response = $this->client->call(Client::METHOD_POST, '/account', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'userId' => ID::unique(),
'email' => 'shortpass@appwrite.io',
'password' => $shortPassword
]);
$this->assertEquals($response['headers']['status-code'], 400);
$longPassword = '';
for ($i = 0; $i < 257; $i++) { // 256 is the limit
$longPassword .= 'p';
}
$response = $this->client->call(Client::METHOD_POST, '/account', array_merge([
'origin' => 'http://localhost',
'content-type' => 'application/json',
'x-appwrite-project' => $this->getProject()['$id'],
]), [
'userId' => ID::unique(),
'email' => 'longpass@appwrite.io',
'password' => $longPassword,
]);
$this->assertEquals($response['headers']['status-code'], 400);
return [
'id' => $id,
'email' => $email,

11
tests/unit/Auth/Validator/PasswordDictionaryTest.php
View file

@ -24,5 +24,16 @@ class PasswordDictionaryTest extends TestCase
$this->assertEquals($this->object->isValid('123456'), false);
$this->assertEquals($this->object->isValid('password'), false);
$this->assertEquals($this->object->isValid('myPasswordIsRight'), true);
$pass = ''; // 256 chars
for ($i = 0; $i < 256; $i++) {
$pass .= 'p';
}
$this->assertEquals($this->object->isValid($pass), true);
$pass .= 'p'; // 257 chars
$this->assertEquals($this->object->isValid($pass), false);
}
}