Config settings for password min/max length (#993)

Created config settings for password min/max length and updated all references to use those values.

Author: avsdev-cw

app/sprinkles/account/config/default.php

@@ -122,7 +122,8 @@
     * Account Site Settings
     * ----------------------------------------------------------------------
     * "Site" settings that are automatically passed to Twig. Use theses
-    * settings to control the login and registration process
+    * settings to control the login, password (re)set and registration
+    * processes
     */
     'site' => [
         'login' => [
@@ -141,6 +142,12 @@
                 ],
             ],
         ],
+        'password' => [
+            'length' => [
+                'min' => 8,
+                'max' => 25,
+            ],
+        ],
     ],
 
     /*

app/sprinkles/account/locale/es_ES/messages.php

@@ -99,7 +99,7 @@
     'PASSWORD' => [
         '@TRANSLATION' => 'Contraseña',
 
-        'BETWEEN' => 'Entre {{min}} - {{max}} (recomendado 12)',
+        'BETWEEN' => 'Entre {{min}} - {{max}}',
 
         'CONFIRM'             => 'Confirmar contraseña',
         'CONFIRM_CURRENT'     => 'Por favor, confirma tu contraseña actual',

app/sprinkles/account/src/Bakery/CreateAdminUser.php

@@ -298,8 +298,11 @@ protected function validateLastName($lastName)
      */
     protected function askPassword($password = '', $requireConfirmation = true)
     {
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
         while (!isset($password) || !$this->validatePassword($password) || !$this->confirmPassword($password, $requireConfirmation)) {
-            $password = $this->io->askHidden('Enter password (12-255 characters)');
+            $password = $this->io->askHidden('Enter password (' . $passwordMin . '-' . $passwordMax . ' characters)');
         }
 
         return $password;
@@ -314,9 +317,11 @@ protected function askPassword($password = '', $requireConfirmation = true)
      */
     protected function validatePassword($password)
     {
-        //TODO Config for this ??
-        if (strlen($password) < 12 || strlen($password) > 255) {
-            $this->io->error('Password must be between 12-255 characters');
+        $passwordMin = $this->ci->config['site.password.length.min'];
+        $passwordMax = $this->ci->config['site.password.length.max'];
+
+        if (strlen($password) < $passwordMin || strlen($password) > $passwordMax) {
+            $this->io->error('Password must be between ' . $passwordMin . ' and ' . $passwordMax . ' characters');
 
             return false;
         }

app/sprinkles/account/src/Controller/AccountController.php

@@ -519,6 +519,10 @@ public function pageRegister(Request $request, Response $response, $args)
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/register.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validatorRegister = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         // Get locale information
@@ -593,11 +597,18 @@ public function pageResendVerification(Request $request, Response $response, $ar
      */
     public function pageResetPassword(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Insert the user's secret token from the link into the password reset form
         $params = $request->getQueryParams();
 
         // Load validation rules - note this uses the same schema as "set password"
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'pages/reset-password.html.twig', [
@@ -627,11 +638,18 @@ public function pageResetPassword(Request $request, Response $response, $args)
      */
     public function pageSetPassword(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Insert the user's secret token from the link into the password set form
         $params = $request->getQueryParams();
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'pages/set-password.html.twig', [
@@ -664,6 +682,9 @@ public function pageSetPassword(Request $request, Response $response, $args)
      */
     public function pageSettings(Request $request, Response $response, $args)
     {
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         /** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager */
         $authorizer = $this->ci->authorizer;
 
@@ -677,14 +698,15 @@ public function pageSettings(Request $request, Response $response, $args)
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/account-settings.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validatorAccountSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         $schema = new RequestSchema('schema://requests/profile-settings.yaml');
         $validatorProfileSettings = new JqueryValidationAdapter($schema, $this->ci->translator);
 
-        /** @var \UserFrosting\Support\Repository\Repository $config */
-        $config = $this->ci->config;
-
         // Get a list of all locales
         $locales = $config->getDefined('site.locales.available');
 
@@ -919,6 +941,10 @@ public function register(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/register.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);
@@ -1117,6 +1143,10 @@ public function setPassword(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/set-password.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);
@@ -1210,6 +1240,10 @@ public function settings(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/account-settings.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);

app/sprinkles/account/templates/forms/settings-account.html.twig

@@ -16,7 +16,7 @@
             {% if page.visibility != "disabled" %}
                 <div class="form-group">
                     <label for="input-password" class="control-label">{{translate("PASSWORD.NEW")}}</label>
-                    <input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}} ({{translate("OPTIONAL")}})">
+                    <input type="password" id="input-password" class="form-control" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}} ({{translate("OPTIONAL")}})">
                 </div>
                 <div class="form-group">
                     <label for="input-passwordc" class="control-label">{{translate("PASSWORD.CONFIRM_NEW")}}</label>

app/sprinkles/account/templates/pages/register.html.twig

@@ -47,7 +47,7 @@
             </div>
             <div class="form-group">
                 <label for="r-form-password">{{translate('PASSWORD')}}</label>
-                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="r-form-password">
+                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="r-form-password">
             </div>
             <div class="form-group">
                 <label class="sr-only" for="r-form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>

app/sprinkles/account/templates/pages/reset-password.html.twig

@@ -30,7 +30,7 @@
 
             <div class="form-group">
                 <label class="sr-only" for="form-password">{{translate("PASSWORD.NEW")}}</label>
-                <input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: 12, max: 100})}}" class="form-control" id="form-password">
+                <input type="password" name="password" placeholder="{{translate("PASSWORD.BETWEEN", {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
             </div>
 
             <div class="form-group">

app/sprinkles/account/templates/pages/set-password.html.twig

@@ -30,7 +30,7 @@
 
             <div class="form-group">
                 <label class="sr-only" for="form-password">{{translate('PASSWORD')}}</label>
-                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: 12, max: 100})}}" class="form-control" id="form-password">
+                <input type="password" name="password" placeholder="{{translate('PASSWORD.BETWEEN', {min: site.password.length.min, max: site.password.length.max})}}" class="form-control" id="form-password">
             </div>
             <div class="form-group">
                 <label class="sr-only" for="form-passwordc">{{translate('PASSWORD.CONFIRM')}}</label>

app/sprinkles/admin/src/Controller/RoleController.php

@@ -957,6 +957,8 @@ public function updateField(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/role/edit-field.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);

app/sprinkles/admin/src/Controller/UserController.php

@@ -765,6 +765,9 @@ public function getModalEditPassword(Request $request, Response $response, $args
         /** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
         $currentUser = $this->ci->currentUser;
 
+        /** @var \UserFrosting\Support\Repository\Repository $config */
+        $config = $this->ci->config;
+
         // Access-controlled resource - check that currentUser has permission to edit "password" field for this user
         if (!$authorizer->checkAccess($currentUser, 'update_user_field', [
             'user' => $user,
@@ -775,6 +778,10 @@ public function getModalEditPassword(Request $request, Response $response, $args
 
         // Load validation rules
         $schema = new RequestSchema('schema://requests/user/edit-password.yaml');
+        $schema->set('value.validators.length.min', $config['site.password.length.min']);
+        $schema->set('value.validators.length.max', $config['site.password.length.max']);
+        $schema->set('passwordc.validators.length.min', $config['site.password.length.min']);
+        $schema->set('passwordc.validators.length.max', $config['site.password.length.max']);
         $validator = new JqueryValidationAdapter($schema, $this->ci->translator);
 
         return $this->ci->view->render($response, 'modals/user-set-password.html.twig', [
@@ -1307,6 +1314,8 @@ public function updateField(Request $request, Response $response, $args)
 
         // Load the request schema
         $schema = new RequestSchema('schema://requests/user/edit-field.yaml');
+        $schema->set('password.validators.length.min', $config['site.password.length.min']);
+        $schema->set('password.validators.length.max', $config['site.password.length.max']);
 
         // Whitelist and set parameter defaults
         $transformer = new RequestDataTransformer($schema);