diff options
Diffstat (limited to 'perllib/FixMyStreet/App/Controller')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 58 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Phone.pm | 8 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Profile.pm | 1 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/New.pm | 6 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Report/Update.pm | 7 |
5 files changed, 72 insertions, 8 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index fe980af0d..95f8bb9a2 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -5,6 +5,7 @@ use namespace::autoclean; BEGIN { extends 'Catalyst::Controller'; } use Email::Valid; +use Data::Password::Common 'found'; use Digest::HMAC_SHA1 qw(hmac_sha1); use JSON::MaybeXS; use MIME::Base64; @@ -149,6 +150,11 @@ sub email_sign_in : Private { return; } + my $password = $c->get_param('password_register'); + if ($password) { + return unless $c->forward('/auth/test_password', [ $password ]); + } + # If user registration is disabled then bail out at this point # if there's not already a user with this email address. # NB this uses the same template as a successful sign in to stop @@ -162,8 +168,7 @@ sub email_sign_in : Private { } my $user_params = {}; - $user_params->{password} = $c->get_param('password_register') - if $c->get_param('password_register'); + $user_params->{password} = $password if $password; my $user = $c->model('DB::User')->new( $user_params ); my $token_data = { @@ -354,6 +359,55 @@ sub no_csrf_token : Private { $c->detach('/page_error_400_bad_request', []); } +=item common_password + +Returns 1/0 depending on if password is common or not. + +=cut + +sub common_password : Local : Args(0) { + my ($self, $c) = @_; + + my $password = $c->get_param('password_register'); + + my $return = JSON->true; + if (!$c->cobrand->call_hook('bypass_password_checks') && found($password)) { + $return = _('Please choose a less commonly-used password'); + } + + my $body = JSON->new->utf8->allow_nonref->encode($return); + $c->res->content_type('application/json; charset=utf-8'); + $c->res->body($body); +} + +=item test_password + +Checks a password is not too weak; returns true if okay, +false if weak (and sets stash error). + +=cut + +sub test_password : Private { + my ($self, $c, $password) = @_; + + return 1 if $c->cobrand->call_hook('bypass_password_checks'); + + my @errors; + + my $min_length = $c->cobrand->password_minimum_length; + push @errors, sprintf(_('Please make sure your password is at least %d characters long'), $min_length) + if length($password) < $min_length; + + push @errors, _('Please choose a less commonly-used password') + if found($password); + + if (@errors) { + $c->stash->{field_errors}->{password_register} = join('<br>', @errors); + return 0; + } + return 1; +} + =head2 sign_out Log the user out. Tell them we've done so. diff --git a/perllib/FixMyStreet/App/Controller/Auth/Phone.pm b/perllib/FixMyStreet/App/Controller/Auth/Phone.pm index 8387b9d64..8e3150df9 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Phone.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Phone.pm @@ -59,6 +59,11 @@ sub sign_in : Private { return; } + my $password = $c->get_param('password_register'); + if ($password) { + return unless $c->forward('/auth/test_password', [ $password ]); + } + (my $number = $parsed->{phone}->format) =~ s/\s+//g; if ( FixMyStreet->config('SIGNUPS_DISABLED') @@ -70,8 +75,7 @@ sub sign_in : Private { } my $user_params = {}; - $user_params->{password} = $c->get_param('password_register') - if $c->get_param('password_register'); + $user_params->{password} = $password if $password; my $user = $c->model('DB::User')->new( $user_params ); my $token_data = { diff --git a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm index 441f222d1..2d8ae081e 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Profile.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Profile.pm @@ -62,6 +62,7 @@ sub change_password : Path('/auth/change_password') { $password_error ||= !$new && !$confirm ? 'missing' : $new ne $confirm ? 'mismatch' + : !$c->forward('/auth/test_password', [ $new ]) ? 'failed' : ''; if ($password_error) { diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm index 166c0614d..05d082e45 100644 --- a/perllib/FixMyStreet/App/Controller/Report/New.pm +++ b/perllib/FixMyStreet/App/Controller/Report/New.pm @@ -813,8 +813,10 @@ sub process_user : Private { } $c->forward('update_user', [ \%params ]); - $report->user->password( Utils::trim_text( $params{password_register} ) ) - if $params{password_register}; + if ($params{password_register}) { + $c->forward('/auth/test_password', [ $params{password_register} ]); + $report->user->password(Utils::trim_text($params{password_register})); + } return 1; } diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm index c28039808..c684e46ad 100644 --- a/perllib/FixMyStreet/App/Controller/Report/Update.pm +++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm @@ -144,11 +144,14 @@ sub process_user : Private { $update->user->name( Utils::trim_text( $params{name} ) ) if $params{name}; - $update->user->password( Utils::trim_text( $params{password_register} ) ) - if $params{password_register}; $update->user->title( Utils::trim_text( $params{fms_extra_title} ) ) if $params{fms_extra_title}; + if ($params{password_register}) { + $c->forward('/auth/test_password', [ $params{password_register} ]); + $update->user->password(Utils::trim_text($params{password_register})); + } + return 1; } |