Page MenuHomePhorge
Files F117737101

D5280.1775151943.diff
No OneTemporary
Actions

Authored By
Unknown
Size
10 KB
Referenced Files
None
Subscribers
None

D5280.1775151943.diff
View Options

diff --git a/src/app/Http/Controllers/API/PasswordPolicyController.php b/src/app/Http/Controllers/API/PasswordPolicyController.php
deleted file mode 100644
--- a/src/app/Http/Controllers/API/PasswordPolicyController.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php
-
-namespace App\Http\Controllers\API;
-
-use App\Http\Controllers\Controller;
-use App\Rules\Password;
-use App\User;
-use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
-
-class PasswordPolicyController extends Controller
-{
- /**
- * Validate the password regarding the defined policies.
- *
- * @return JsonResponse
- */
- public function check(Request $request)
- {
- $userId = $request->input('user');
-
- $user = !empty($userId) ? User::find($userId) : null;
-
- // Get the policy
- $policy = new Password($user ? $user->walletOwner() : null, $user);
-
- // Check the password
- $status = $policy->check($request->input('password'));
-
- $passed = array_filter(
- $status,
- static function ($rule) {
- return !empty($rule['status']);
- }
- );
-
- return response()->json([
- 'status' => count($passed) == count($status) ? 'success' : 'error',
- 'list' => array_values($status),
- 'count' => count($status),
- ]);
- }
-}
diff --git a/src/app/Http/Controllers/API/V4/PolicyController.php b/src/app/Http/Controllers/API/V4/PolicyController.php
--- a/src/app/Http/Controllers/API/V4/PolicyController.php
+++ b/src/app/Http/Controllers/API/V4/PolicyController.php
@@ -9,16 +9,48 @@
use App\Policy\SmtpAccess;
use App\Policy\SPF;
use App\Rules\Password;
+use App\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
class PolicyController extends Controller
{
+ /**
+ * Validate the password regarding the defined policies.
+ *
+ * @return JsonResponse
+ */
+ public function checkPassword(Request $request)
+ {
+ $userId = $request->input('user');
+
+ $user = !empty($userId) ? User::find($userId) : null;
+
+ // Get the policy
+ $policy = new Password($user ? $user->walletOwner() : null, $user);
+
+ // Check the password
+ $status = $policy->check($request->input('password'));
+
+ $passed = array_filter(
+ $status,
+ static function ($rule) {
+ return !empty($rule['status']);
+ }
+ );
+
+ return response()->json([
+ 'status' => count($passed) == count($status) ? 'success' : 'error',
+ 'list' => array_values($status),
+ 'count' => count($status),
+ ]);
+ }
+
/**
* Take a greylist policy request
*
- * @return JsonResponse The response
+ * @return JsonResponse
*/
public function greylist()
{
@@ -86,7 +118,7 @@
/*
* Apply a sensible rate limitation to a request.
*
- * @return \Illuminate\Http\JsonResponse
+ * @return JsonResponse
*/
public function ratelimit()
{
@@ -98,7 +130,7 @@
/*
* Apply the sender policy framework to a request.
*
- * @return \Illuminate\Http\JsonResponse
+ * @return JsonResponse
*/
public function senderPolicyFramework()
{
@@ -110,7 +142,7 @@
/*
* Validate sender/recipients in an SMTP submission request.
*
- * @return \Illuminate\Http\JsonResponse
+ * @return JsonResponse
*/
public function submission()
{
diff --git a/src/resources/vue/Widgets/PasswordInput.vue b/src/resources/vue/Widgets/PasswordInput.vue
--- a/src/resources/vue/Widgets/PasswordInput.vue
+++ b/src/resources/vue/Widgets/PasswordInput.vue
@@ -71,7 +71,7 @@
const cancelToken = axios.CancelToken;
this.cancelToken = cancelToken.source();
- axios.post('/api/auth/password-policy/check', post, { cancelToken: this.cancelToken.token })
+ axios.post('/api/auth/password-policy-check', post, { cancelToken: this.cancelToken.token })
.then(response => {
if (response.data.list) {
this.policy = response.data.list
diff --git a/src/routes/api.php b/src/routes/api.php
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -34,7 +34,7 @@
'prefix' => 'auth',
],
static function () {
- Route::post('password-policy/check', [API\PasswordPolicyController::class, 'check']);
+ Route::post('password-policy-check', [API\V4\PolicyController::class, 'checkPassword']);
Route::post('password-reset/init', [API\PasswordResetController::class, 'init']);
Route::post('password-reset/verify', [API\PasswordResetController::class, 'verify']);
diff --git a/src/tests/Feature/Controller/PasswordPolicyTest.php b/src/tests/Feature/Controller/PasswordPolicyTest.php
deleted file mode 100644
--- a/src/tests/Feature/Controller/PasswordPolicyTest.php
+++ /dev/null
@@ -1,67 +0,0 @@
-<?php
-
-namespace Tests\Feature\Controller;
-
-use Tests\TestCase;
-
-class PasswordPolicyTest extends TestCase
-{
- /**
- * Test password policy check
- */
- public function testCheck(): void
- {
- $jack = $this->getTestUser('jack@kolab.org');
- $john = $this->getTestUser('john@kolab.org');
- $john->setSetting('password_policy', 'min:8,max:100,upper,digit');
-
- // Empty password
- $post = ['user' => $john->id];
- $response = $this->post('/api/auth/password-policy/check', $post);
- $response->assertStatus(200);
-
- $json = $response->json();
-
- $this->assertCount(3, $json);
- $this->assertSame('error', $json['status']);
- $this->assertSame(4, $json['count']);
- $this->assertFalse($json['list'][0]['status']);
- $this->assertSame('min', $json['list'][0]['label']);
- $this->assertFalse($json['list'][1]['status']);
- $this->assertSame('max', $json['list'][1]['label']);
- $this->assertFalse($json['list'][2]['status']);
- $this->assertSame('upper', $json['list'][2]['label']);
- $this->assertFalse($json['list'][3]['status']);
- $this->assertSame('digit', $json['list'][3]['label']);
-
- // Test acting as Jack, password non-compliant
- $post = ['password' => '9999999', 'user' => $jack->id];
- $response = $this->post('/api/auth/password-policy/check', $post);
- $response->assertStatus(200);
-
- $json = $response->json();
-
- $this->assertCount(3, $json);
- $this->assertSame('error', $json['status']);
- $this->assertSame(4, $json['count']);
- $this->assertFalse($json['list'][0]['status']); // min
- $this->assertTrue($json['list'][1]['status']); // max
- $this->assertFalse($json['list'][2]['status']); // upper
- $this->assertTrue($json['list'][3]['status']); // digit
-
- // Test with no user context, expect use of the default policy
- $post = ['password' => '9'];
- $response = $this->post('/api/auth/password-policy/check', $post);
- $response->assertStatus(200);
-
- $json = $response->json();
-
- $this->assertCount(3, $json);
- $this->assertSame('error', $json['status']);
- $this->assertSame(2, $json['count']);
- $this->assertFalse($json['list'][0]['status']);
- $this->assertSame('min', $json['list'][0]['label']);
- $this->assertTrue($json['list'][1]['status']);
- $this->assertSame('max', $json['list'][1]['label']);
- }
-}
diff --git a/src/tests/Feature/Controller/PolicyTest.php b/src/tests/Feature/Controller/PolicyTest.php
--- a/src/tests/Feature/Controller/PolicyTest.php
+++ b/src/tests/Feature/Controller/PolicyTest.php
@@ -59,6 +59,67 @@
parent::tearDown();
}
+ /**
+ * Test password policy check
+ */
+ public function testCheckPassword(): void
+ {
+ $this->useRegularUrl();
+
+ $jack = $this->getTestUser('jack@kolab.org');
+ $john = $this->getTestUser('john@kolab.org');
+ $john->setSetting('password_policy', 'min:8,max:100,upper,digit');
+
+ // Empty password
+ $post = ['user' => $john->id];
+ $response = $this->post('/api/auth/password-policy-check', $post);
+ $response->assertStatus(200);
+
+ $json = $response->json();
+
+ $this->assertCount(3, $json);
+ $this->assertSame('error', $json['status']);
+ $this->assertSame(4, $json['count']);
+ $this->assertFalse($json['list'][0]['status']);
+ $this->assertSame('min', $json['list'][0]['label']);
+ $this->assertFalse($json['list'][1]['status']);
+ $this->assertSame('max', $json['list'][1]['label']);
+ $this->assertFalse($json['list'][2]['status']);
+ $this->assertSame('upper', $json['list'][2]['label']);
+ $this->assertFalse($json['list'][3]['status']);
+ $this->assertSame('digit', $json['list'][3]['label']);
+
+ // Test acting as Jack, password non-compliant
+ $post = ['password' => '9999999', 'user' => $jack->id];
+ $response = $this->post('/api/auth/password-policy-check', $post);
+ $response->assertStatus(200);
+
+ $json = $response->json();
+
+ $this->assertCount(3, $json);
+ $this->assertSame('error', $json['status']);
+ $this->assertSame(4, $json['count']);
+ $this->assertFalse($json['list'][0]['status']); // min
+ $this->assertTrue($json['list'][1]['status']); // max
+ $this->assertFalse($json['list'][2]['status']); // upper
+ $this->assertTrue($json['list'][3]['status']); // digit
+
+ // Test with no user context, expect use of the default policy
+ $post = ['password' => '9'];
+ $response = $this->post('/api/auth/password-policy-check', $post);
+ $response->assertStatus(200);
+
+ $json = $response->json();
+
+ $this->assertCount(3, $json);
+ $this->assertSame('error', $json['status']);
+ $this->assertSame(2, $json['count']);
+ $this->assertFalse($json['list'][0]['status']);
+ $this->assertSame('min', $json['list'][0]['label']);
+ $this->assertTrue($json['list'][1]['status']);
+ $this->assertSame('max', $json['list'][1]['label']);
+ }
+
/**
* Test greylist policy webhook
*/

File Metadata

Mime Type
text/plain
Expires
Thu, Apr 2, 5:45 PM (2 d, 7 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
18820091
Default Alt Text
D5280.1775151943.diff (10 KB)

Event Timeline