check dictionary is enabled before checking password
This commit is contained in:
parent
e9710bdb76
commit
574ffa4d4b
2 changed files with 13 additions and 9 deletions
|
@ -99,7 +99,8 @@ App::post('/v1/account')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (str_contains($passwordsDB, $password)) {
|
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
|
||||||
|
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
Exception::USER_PASSWORD_IN_DICTIONARY,
|
Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||||
'The password is among the common passwords in dictionary.',
|
'The password is among the common passwords in dictionary.',
|
||||||
|
@ -108,7 +109,6 @@ App::post('/v1/account')
|
||||||
}
|
}
|
||||||
|
|
||||||
$passwordHistory = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
$passwordHistory = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||||
|
|
||||||
$password = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
$password = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||||
try {
|
try {
|
||||||
$userId = $userId == 'unique()' ? ID::unique() : $userId;
|
$userId = $userId == 'unique()' ? ID::unique() : $userId;
|
||||||
|
@ -1535,7 +1535,11 @@ App::patch('/v1/account/password')
|
||||||
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
|
throw new Exception(Exception::USER_INVALID_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (str_contains($passwordsDB, $password)) {
|
|
||||||
|
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||||
|
|
||||||
|
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
|
||||||
|
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
Exception::USER_PASSWORD_IN_DICTIONARY,
|
Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||||
'The password is among the common passwords in dictionary.',
|
'The password is among the common passwords in dictionary.',
|
||||||
|
@ -1543,8 +1547,6 @@ App::patch('/v1/account/password')
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
|
||||||
|
|
||||||
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||||
$history = [];
|
$history = [];
|
||||||
if ($historyLimit > 0) {
|
if ($historyLimit > 0) {
|
||||||
|
|
|
@ -114,7 +114,8 @@ App::post('/v1/users')
|
||||||
->inject('events')
|
->inject('events')
|
||||||
->action(function (string $userId, ?string $email, ?string $phone, ?string $password, string $name, string $passwordsDB, Response $response, Document $project, Database $dbForProject, Event $events) {
|
->action(function (string $userId, ?string $email, ?string $phone, ?string $password, string $name, string $passwordsDB, Response $response, Document $project, Database $dbForProject, Event $events) {
|
||||||
|
|
||||||
if (str_contains($passwordsDB, $password)) {
|
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
|
||||||
|
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
Exception::USER_PASSWORD_IN_DICTIONARY,
|
Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||||
'The password is among the common passwords in dictionary.',
|
'The password is among the common passwords in dictionary.',
|
||||||
|
@ -815,7 +816,10 @@ App::patch('/v1/users/:userId/password')
|
||||||
throw new Exception(Exception::USER_NOT_FOUND);
|
throw new Exception(Exception::USER_NOT_FOUND);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (str_contains($passwordsDB, $password)) {
|
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
||||||
|
|
||||||
|
$passwordDictionary = $project->getAttribute('auths', []['passwordDictionary']) ?? false;
|
||||||
|
if ($passwordDictionary && str_contains($passwordsDB, $password)) {
|
||||||
throw new Exception(
|
throw new Exception(
|
||||||
Exception::USER_PASSWORD_IN_DICTIONARY,
|
Exception::USER_PASSWORD_IN_DICTIONARY,
|
||||||
'The password is among the common passwords in dictionary.',
|
'The password is among the common passwords in dictionary.',
|
||||||
|
@ -823,8 +827,6 @@ App::patch('/v1/users/:userId/password')
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
$newPassword = Auth::passwordHash($password, Auth::DEFAULT_ALGO, Auth::DEFAULT_ALGO_OPTIONS);
|
|
||||||
|
|
||||||
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
$historyLimit = $project->getAttribute('auths', [])['passwordHistory'] ?? 0;
|
||||||
$history = [];
|
$history = [];
|
||||||
if ($historyLimit > 0) {
|
if ($historyLimit > 0) {
|
||||||
|
|
Loading…
Reference in a new issue