CodeMirror/appwrite
1
0
Fork 0
mirror of synced 2024-06-28 19:20:25 +12:00
Code Issues Projects Releases Wiki Activity

check dictionary is enabled before checking password

Browse source
This commit is contained in:
Damodar Lohani 2022-12-26 05:52:49 +00:00
parent e9710bdb76
commit 574ffa4d4b
2 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
app/controllers/api/account.php
View file

@ -99,7 +99,8 @@ App::post('/v1/account')
}
}
if (str_contains($passwordsDB, $password)) {
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
throw new Exception(
Exception::USER_PASSWORD_IN_DICTIONARY,
'The password is among the common passwords in dictionary.',
@ -108,7 +109,6 @@ App::post('/v1/account')
}
$passwordHistory = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
$password = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
try {
$userId = $userId == 'unique()' ? ID::unique() : $userId;
@ -1535,7 +1535,11 @@ App::patch('/v1/account/password')
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
}
if (str_contains($passwordsDB, $password)) {
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
throw new Exception(
Exception::USER_PASSWORD_IN_DICTIONARY,
'The password is among the common passwords in dictionary.',
@ -1543,8 +1547,6 @@ App::patch('/v1/account/password')
);
}
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
$history = [];
if ($historyLimit > 0) {

10
app/controllers/api/users.php
View file

@ -114,7 +114,8 @@ App::post('/v1/users')
->inject('events')
->action(function (string $userId, ?string $email, ?string $phone, ?string $password, string $name, string $passwordsDB, Response $response, Document $project, Database $dbForProject, Event $events) {
if (str_contains($passwordsDB, $password)) {
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
throw new Exception(
Exception::USER_PASSWORD_IN_DICTIONARY,
'The password is among the common passwords in dictionary.',
@ -815,7 +816,10 @@ App::patch('/v1/users/:userId/password')
throw new Exception(Exception::USER_NOT_FOUND);
}
if (str_contains($passwordsDB, $password)) {
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
throw new Exception(
Exception::USER_PASSWORD_IN_DICTIONARY,
'The password is among the common passwords in dictionary.',
@ -823,8 +827,6 @@ App::patch('/v1/users/:userId/password')
);
}
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
$history = [];
if ($historyLimit > 0) {