Skip to content

Password policy validation fail for new users #22028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
MoonISO wants to merge 2 commits into from
Closed

Password policy validation fail for new users #22028

MoonISO wants to merge 2 commits into from

Conversation

@MoonISO
Copy link

@MoonISO MoonISO commented Jul 28, 2020

Password policy validation fail for new users #22014

  1. Create a new GenerateSecurePasswordEvent
  2. Dispatch the event
  3. If the passwordEvent is null use fallback

Other option for fallback:
/apps/provisioning_api/lib/Controller/UsersController.php (around line324)

...
$passwordEvent = new GenerateSecurePasswordEvent();
$this->eventDispatcher->dispatchTyped($passwordEvent);
$password .= $passwordEvent->getPassword() ?? $this->secureRandom->generate(21);
...

@MoonISO
Ensure password_policy; create new GenerateSecurePasswordEvent; dispa…
94e54e5 
…tch the event; if even is null use fallback

Signed-off-by: Murielle Lerch <[email protected]>
kesselb
kesselb reviewed Jul 28, 2020
View reviewed changes
Copy link
Contributor

@kesselb kesselb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks 👍

apps/provisioning_api/lib/Controller/UsersController.php Outdated
$passwordEvent->getPassword();
if(isset($passwordEvent)){
$password .= $passwordEvent->getPassword();
} else {
Copy link
Contributor

@kesselb kesselb Jul 28, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

if ($password === null) {
  // fallback logic for password
}

If $password is null the password_policy (or any other listener to GenerateSecurePasswordEvent) is not enabled hence we can use a simpler fallback but using a strong password by default is probably not wrong.

@MoonISO
Copy link
Author

MoonISO commented Jul 28, 2020
edited
Loading

I added your suggested modifications.

Unfortunately, I am a newbie and tried to fix the "php-cs check" failure.
However, this became a terrible commit where the entire file got modified due to tabs and spaces, thus I reverted it.
Thank you very much for your help.

@MoonISO MoonISO force-pushed the new_branch branch 2 times, most recently from 310f1d2 to 94e54e5 Compare July 28, 2020 12:01
@MoonISO
$passpword use direct assignment instaed of appending; check if $pass…
a25e4e7 
…word is null for fallback

Signed-off-by: Murielle Lerch <[email protected]>
@kesselb kesselb mentioned this pull request Aug 9, 2020
Merged
@kesselb
Copy link
Contributor

kesselb commented Aug 9, 2020
edited
Loading

Hi @MoonISO,

thanks again for your pull request 👍 I'm not able to push changes to your branch so I redid the changes and updated the tests: #22145 #22159.

@kesselb kesselb closed this Aug 9, 2020
@MoonISO MoonISO deleted the new_branch branch August 10, 2020 06:10
@MorrisJobke
Copy link
Member

MorrisJobke commented Aug 10, 2020

thanks again for your pull request 👍 I'm not able to push changes to your branch so I redid the changes and updated the tests: #22145.

I guess it should be #22159

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kesselb kesselb kesselb left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MoonISO @kesselb @MorrisJobke