Loading patches/040-password-length-rules.patch +39 −38 Original line number Diff line number Diff line Loading @@ -41,63 +41,64 @@ password change and lost-password reset flows (frontend and backend). newpassword: this.newPass, --- ./apps/settings/lib/Controller/ChangePasswordController.php +++ ./apps/settings/lib/Controller/ChangePasswordController.php-new @@ -65,8 +65,27 @@ return $response; @@ -66,7 +66,7 @@ } try { - if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { + if ($newpassword === null) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -74,6 +74,31 @@ ], ]); } + $newPasswordLength = strlen($newpassword); + if ($newPasswordLength < 12) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change personal password'), + 'message' => $this->l->t('Password must be at least 12 characters long'), + ], + ]); + } + + $newPasswordLength = strlen($newpassword); + if ($newPasswordLength < 12) { + if ($newPasswordLength > 128) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Password must be at least 12 characters long'), + 'message' => $this->l->t('Password must not exceed 128 characters'), + ], + ]); + } + try { - if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { + if ($newPasswordLength > 128 || $user->setPassword($newpassword) === false) { + if ($user->setPassword($newpassword) === false) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change personal password'), + ], + ]); + } // password policy app throws exception } catch (HintException $e) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -115,15 +134,25 @@ @@ -115,11 +140,14 @@ ]); } - if (strlen($password) > IUserManager::MAX_PASSWORD_LENGTH) { + $passwordLength = strlen($password); + if ($passwordLength < 12) { + if ($passwordLength < 12 || $passwordLength > 128) { return new JSONResponse([ 'status' => 'error', 'data' => [ - 'message' => $this->l->t('Unable to change password. Password too long.'), + 'message' => $this->l->t('Password must be at least 12 characters long'), + 'message' => $passwordLength < 12 + ? $this->l->t('Password must be at least 12 characters long') + : $this->l->t('Password must not exceed 128 characters'), ], ]); } + if ($passwordLength > 128) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Password must not exceed 128 characters'), + ], + ]); + } + $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); if ($currentUser === null || $targetUser === null --- ./core/src/components/login/UpdatePassword.vue +++ ./core/src/components/login/UpdatePassword.vue-new @@ -12,6 +12,8 @@ Loading Loading
patches/040-password-length-rules.patch +39 −38 Original line number Diff line number Diff line Loading @@ -41,63 +41,64 @@ password change and lost-password reset flows (frontend and backend). newpassword: this.newPass, --- ./apps/settings/lib/Controller/ChangePasswordController.php +++ ./apps/settings/lib/Controller/ChangePasswordController.php-new @@ -65,8 +65,27 @@ return $response; @@ -66,7 +66,7 @@ } try { - if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { + if ($newpassword === null) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -74,6 +74,31 @@ ], ]); } + $newPasswordLength = strlen($newpassword); + if ($newPasswordLength < 12) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change personal password'), + 'message' => $this->l->t('Password must be at least 12 characters long'), + ], + ]); + } + + $newPasswordLength = strlen($newpassword); + if ($newPasswordLength < 12) { + if ($newPasswordLength > 128) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Password must be at least 12 characters long'), + 'message' => $this->l->t('Password must not exceed 128 characters'), + ], + ]); + } + try { - if ($newpassword === null || strlen($newpassword) > IUserManager::MAX_PASSWORD_LENGTH || $user->setPassword($newpassword) === false) { + if ($newPasswordLength > 128 || $user->setPassword($newpassword) === false) { + if ($user->setPassword($newpassword) === false) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Unable to change personal password'), + ], + ]); + } // password policy app throws exception } catch (HintException $e) { return new JSONResponse([ 'status' => 'error', 'data' => [ @@ -115,15 +134,25 @@ @@ -115,11 +140,14 @@ ]); } - if (strlen($password) > IUserManager::MAX_PASSWORD_LENGTH) { + $passwordLength = strlen($password); + if ($passwordLength < 12) { + if ($passwordLength < 12 || $passwordLength > 128) { return new JSONResponse([ 'status' => 'error', 'data' => [ - 'message' => $this->l->t('Unable to change password. Password too long.'), + 'message' => $this->l->t('Password must be at least 12 characters long'), + 'message' => $passwordLength < 12 + ? $this->l->t('Password must be at least 12 characters long') + : $this->l->t('Password must not exceed 128 characters'), ], ]); } + if ($passwordLength > 128) { + return new JSONResponse([ + 'status' => 'error', + 'data' => [ + 'message' => $this->l->t('Password must not exceed 128 characters'), + ], + ]); + } + $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); if ($currentUser === null || $targetUser === null --- ./core/src/components/login/UpdatePassword.vue +++ ./core/src/components/login/UpdatePassword.vue-new @@ -12,6 +12,8 @@ Loading
