Merge pull request #9981 from creative-commoners/pull/4.8/blank-password-validation

FIX Ensure changing a password to blank is validated
This commit is contained in:
Andre Kiste 2021-06-18 13:09:15 +12:00 committed by GitHub
commit 852268990c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 5 deletions

View File

@ -1705,8 +1705,8 @@ class Member extends DataObject
$valid = parent::validate();
$validator = static::password_validator();
if (!$this->ID || $this->isChanged('Password')) {
if ($this->Password && $validator) {
if ($validator) {
if ((!$this->ID && $this->Password) || $this->isChanged('Password')) {
$userValid = $validator->validate($this->Password, $this);
$valid->combineAnd($userValid);
}

View File

@ -53,6 +53,6 @@ class MemberPassword extends DataObject
public function checkPassword($password)
{
$encryptor = PasswordEncryptor::create_for_algorithm($this->PasswordEncryption);
return $encryptor->check($this->Password, $password, $this->Salt, $this->Member());
return $encryptor->check($this->Password ?? '', $password, $this->Salt, $this->Member());
}
}

View File

@ -1601,4 +1601,14 @@ class MemberTest extends FunctionalTest
$member->write();
$this->assertNotNull(Member::get()->find('Email', 'trimmed@test.com'));
}
public function testChangePasswordToBlankIsValidated()
{
// override setup() function which setMinLength(0)
PasswordValidator::singleton()->setMinLength(8);
// 'test' member has a password defined in yml
$member = $this->objFromFixture(Member::class, 'test');
$result = $member->changePassword('');
$this->assertFalse($result->isValid());
}
}