From a9d85b04ebc7c7d51f24ae8e06ecd7676c441b00 Mon Sep 17 00:00:00 2001 From: Alex James Bishop Date: Thu, 10 Jun 2021 17:25:23 +0930 Subject: [PATCH 1/5] Add support for Laravel 8.x's Default Password Rules An update version of #3732 utilising the suggestions from @jasonvarga Props to @rrelmy for much of the code / work on this one. - Opens up support for utilising Laravel's Password::defaults() function - Checks for the minimum framework version (8.43.0) - Behaviour is exactly the same for users on older versions - Behaviour is exactly the same for users who do not utilise this feature --- src/Auth/Passwords/PasswordDefaults.php | 20 +++++++++++++++++++ src/Auth/ResetsPasswords.php | 5 +++-- src/Console/Commands/MakeUser.php | 18 +++++++++++++++++ .../CP/Users/PasswordController.php | 3 ++- src/Http/Controllers/UserController.php | 5 +++-- 5 files changed, 46 insertions(+), 5 deletions(-) create mode 100644 src/Auth/Passwords/PasswordDefaults.php diff --git a/src/Auth/Passwords/PasswordDefaults.php b/src/Auth/Passwords/PasswordDefaults.php new file mode 100644 index 0000000000..7f8b9a2d56 --- /dev/null +++ b/src/Auth/Passwords/PasswordDefaults.php @@ -0,0 +1,20 @@ +version(), '8.43.0', '<') ) { + // Return the old password rules + return 'min:8'; + } + + return Password::default(); + } +} diff --git a/src/Auth/ResetsPasswords.php b/src/Auth/ResetsPasswords.php index e0eb49ce4b..1e7767b945 100644 --- a/src/Auth/ResetsPasswords.php +++ b/src/Auth/ResetsPasswords.php @@ -10,6 +10,7 @@ use Illuminate\Support\Facades\Password; use Illuminate\Support\Str; use Illuminate\Validation\ValidationException; +use Statamic\Auth\Passwords\PasswordDefaults; /** * A copy of Illuminate\Auth\ResetsPasswords. @@ -74,8 +75,8 @@ protected function rules() { return [ 'token' => 'required', - 'email' => 'required|email', - 'password' => 'required|confirmed|min:8', + 'email' => ['required','email'], + 'password' => ['required', 'confirmed', PasswordDefaults::rules()], ]; } diff --git a/src/Console/Commands/MakeUser.php b/src/Console/Commands/MakeUser.php index 2d95874646..2391f136d3 100644 --- a/src/Console/Commands/MakeUser.php +++ b/src/Console/Commands/MakeUser.php @@ -3,6 +3,7 @@ namespace Statamic\Console\Commands; use Illuminate\Console\Command; +use Statamic\Auth\Passwords\PasswordDefaults; use Statamic\Console\RunsInPlease; use Statamic\Console\ValidatesInput; use Statamic\Facades\User; @@ -121,6 +122,10 @@ protected function promptPassword() { $this->data['password'] = $this->secret('Password (Your input will be hidden)'); + if ($this->passwordValidationFails()) { + return $this->promptPassword(); + } + return $this; } @@ -164,6 +169,19 @@ protected function emailValidationFails() return $this->validationFails($this->email, ['required', new EmailAvailable, 'email']); } + /** + * Check if password validation fails. + * + * @return bool + */ + protected function passwordValidationFails() + { + return $this->validationFails( + $this->data['password'], + ['required', PasswordDefaults::rules()], + ); + } + /** * Check if the user fieldset contains separate first_name and last_name fields. * Note: Though this isn't true by default, it's a common modification, and/or diff --git a/src/Http/Controllers/CP/Users/PasswordController.php b/src/Http/Controllers/CP/Users/PasswordController.php index 846d24b3ea..2478a407cb 100644 --- a/src/Http/Controllers/CP/Users/PasswordController.php +++ b/src/Http/Controllers/CP/Users/PasswordController.php @@ -3,6 +3,7 @@ namespace Statamic\Http\Controllers\CP\Users; use Illuminate\Http\Request; +use Statamic\Auth\Passwords\PasswordDefaults; use Statamic\Exceptions\NotFoundHttpException; use Statamic\Facades\User; use Statamic\Http\Controllers\CP\CpController; @@ -16,7 +17,7 @@ public function update(Request $request, $user) $this->authorize('editPassword', $user); $request->validate([ - 'password' => 'required|confirmed', + 'password' => ['required','confirmed', PasswordDefaults::rules()], ]); $user->password($request->password)->save(); diff --git a/src/Http/Controllers/UserController.php b/src/Http/Controllers/UserController.php index 4d8c273fb7..6db8bab6e3 100644 --- a/src/Http/Controllers/UserController.php +++ b/src/Http/Controllers/UserController.php @@ -6,6 +6,7 @@ use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Validator; use Illuminate\Validation\ValidationException; +use Statamic\Auth\Passwords\PasswordDefaults; use Statamic\Events\UserRegistered; use Statamic\Events\UserRegistering; use Statamic\Exceptions\SilentFormFailureException; @@ -48,8 +49,8 @@ public function register(Request $request) $fields = $blueprint->fields()->addValues($request->all()); $fieldRules = $fields->validator()->withRules([ - 'email' => 'required|email|unique_user_value', - 'password' => 'required|confirmed', + 'email' => ['required','email','unique_user_value'], + 'password' => ['required','confirmed', PasswordDefaults::rules()], ])->rules(); $validator = Validator::make($request->all(), $fieldRules); From 9c5cd16fd309e9c00f34152e98893a9caab48647 Mon Sep 17 00:00:00 2001 From: Alex James Bishop Date: Thu, 10 Jun 2021 17:43:40 +0930 Subject: [PATCH 2/5] style fixes --- src/Auth/Passwords/PasswordDefaults.php | 5 +++-- src/Auth/ResetsPasswords.php | 2 +- src/Http/Controllers/CP/Users/PasswordController.php | 2 +- src/Http/Controllers/UserController.php | 4 ++-- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/src/Auth/Passwords/PasswordDefaults.php b/src/Auth/Passwords/PasswordDefaults.php index 7f8b9a2d56..9998a83c7d 100644 --- a/src/Auth/Passwords/PasswordDefaults.php +++ b/src/Auth/Passwords/PasswordDefaults.php @@ -9,8 +9,9 @@ class PasswordDefaults /** * @return Password|string */ - public static function rules() { - if (version_compare(app()->version(), '8.43.0', '<') ) { + public static function rules() + { + if (version_compare(app()->version(), '8.43.0', '<')) { // Return the old password rules return 'min:8'; } diff --git a/src/Auth/ResetsPasswords.php b/src/Auth/ResetsPasswords.php index 1e7767b945..f4c468b67c 100644 --- a/src/Auth/ResetsPasswords.php +++ b/src/Auth/ResetsPasswords.php @@ -75,7 +75,7 @@ protected function rules() { return [ 'token' => 'required', - 'email' => ['required','email'], + 'email' => ['required', 'email'], 'password' => ['required', 'confirmed', PasswordDefaults::rules()], ]; } diff --git a/src/Http/Controllers/CP/Users/PasswordController.php b/src/Http/Controllers/CP/Users/PasswordController.php index 2478a407cb..e62062568a 100644 --- a/src/Http/Controllers/CP/Users/PasswordController.php +++ b/src/Http/Controllers/CP/Users/PasswordController.php @@ -17,7 +17,7 @@ public function update(Request $request, $user) $this->authorize('editPassword', $user); $request->validate([ - 'password' => ['required','confirmed', PasswordDefaults::rules()], + 'password' => ['required', 'confirmed', PasswordDefaults::rules()], ]); $user->password($request->password)->save(); diff --git a/src/Http/Controllers/UserController.php b/src/Http/Controllers/UserController.php index 6db8bab6e3..c476d02cb7 100644 --- a/src/Http/Controllers/UserController.php +++ b/src/Http/Controllers/UserController.php @@ -49,8 +49,8 @@ public function register(Request $request) $fields = $blueprint->fields()->addValues($request->all()); $fieldRules = $fields->validator()->withRules([ - 'email' => ['required','email','unique_user_value'], - 'password' => ['required','confirmed', PasswordDefaults::rules()], + 'email' => ['required', 'email', 'unique_user_value'], + 'password' => ['required', 'confirmed', PasswordDefaults::rules()], ])->rules(); $validator = Validator::make($request->all(), $fieldRules); From 50e1a888c8f00e4038374846b401ea89ce9323c9 Mon Sep 17 00:00:00 2001 From: Alex James Bishop Date: Fri, 11 Jun 2021 23:15:04 +0930 Subject: [PATCH 3/5] Change the test passwords to >8 characters --- tests/Tags/User/RegisterFormTest.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Tags/User/RegisterFormTest.php b/tests/Tags/User/RegisterFormTest.php index 83ccff3294..25a242c60d 100644 --- a/tests/Tags/User/RegisterFormTest.php +++ b/tests/Tags/User/RegisterFormTest.php @@ -210,8 +210,8 @@ public function it_will_register_user_and_render_success() $this ->post('/!/auth/register', [ 'email' => 'san@holo.com', - 'password' => 'chewy', - 'password_confirmation' => 'chewy', + 'password' => 'chewbacca', + 'password_confirmation' => 'chewbacca', ]) ->assertSessionHasNoErrors() ->assertLocation('/'); @@ -251,8 +251,8 @@ public function it_will_register_user_and_follow_custom_redirect_with_success() $this ->post('/!/auth/register', [ 'email' => 'san@holo.com', - 'password' => 'chewy', - 'password_confirmation' => 'chewy', + 'password' => 'chewbacca', + 'password_confirmation' => 'chewbacca', '_redirect' => '/registration-successful', ]) ->assertSessionHasNoErrors() From 14a8239404cf0594a09b10bd70a1a9d9e035c411 Mon Sep 17 00:00:00 2001 From: Alex James Bishop Date: Fri, 11 Jun 2021 23:22:00 +0930 Subject: [PATCH 4/5] proper formatting for new PasswordDefaults class --- src/Auth/Passwords/PasswordDefaults.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Auth/Passwords/PasswordDefaults.php b/src/Auth/Passwords/PasswordDefaults.php index 9998a83c7d..6b220651a6 100644 --- a/src/Auth/Passwords/PasswordDefaults.php +++ b/src/Auth/Passwords/PasswordDefaults.php @@ -1,7 +1,7 @@ Date: Tue, 15 Jun 2021 10:39:22 +0930 Subject: [PATCH 5/5] remove trailing comma from MakeUser::passwordValidationFails --- src/Console/Commands/MakeUser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Console/Commands/MakeUser.php b/src/Console/Commands/MakeUser.php index 2391f136d3..abf8adc35f 100644 --- a/src/Console/Commands/MakeUser.php +++ b/src/Console/Commands/MakeUser.php @@ -178,7 +178,7 @@ protected function passwordValidationFails() { return $this->validationFails( $this->data['password'], - ['required', PasswordDefaults::rules()], + ['required', PasswordDefaults::rules()] ); }