mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-08-02 08:45:39 +02:00
d8e9af8af8
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector Creation of new DBQueryGenerator for database specific generation of SQL Support for parameterised queries, move of code base to use these over escaped conditions Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT Support for PDO Installation process upgraded to use new ORM SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data. Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn) 3.2 upgrade docs Performance Optimisation and simplification of code to use more concise API API Ability for database adapters to register extensions to ConfigureFromEnv.php
134 lines
3.2 KiB
PHP
134 lines
3.2 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This class represents a validator for member passwords.
|
|
*
|
|
* <code>
|
|
* $pwdVal = new PasswordValidator();
|
|
* $pwdValidator->minLength(7);
|
|
* $pwdValidator->checkHistoricalPasswords(6);
|
|
* $pwdValidator->characterStrength(3, array("lowercase", "uppercase", "digits", "punctuation"));
|
|
*
|
|
* Member::set_password_validator($pwdValidator);
|
|
* </code>
|
|
*
|
|
* @package framework
|
|
* @subpackage security
|
|
*/
|
|
class PasswordValidator extends Object {
|
|
|
|
private static $character_strength_tests = array(
|
|
'lowercase' => '/[a-z]/',
|
|
'uppercase' => '/[A-Z]/',
|
|
'digits' => '/[0-9]/',
|
|
'punctuation' => '/[^A-Za-z0-9]/',
|
|
);
|
|
|
|
protected $minLength, $minScore, $testNames, $historicalPasswordCount;
|
|
|
|
/**
|
|
* Minimum password length
|
|
*/
|
|
public function minLength($minLength) {
|
|
$this->minLength = $minLength;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Check the character strength of the password.
|
|
*
|
|
* Eg: $this->characterStrength(3, array("lowercase", "uppercase", "digits", "punctuation"))
|
|
*
|
|
* @param $minScore The minimum number of character tests that must pass
|
|
* @param $testNames The names of the tests to perform
|
|
*/
|
|
public function characterStrength($minScore, $testNames) {
|
|
$this->minScore = $minScore;
|
|
$this->testNames = $testNames;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Check a number of previous passwords that the user has used, and don't let them change to that.
|
|
*/
|
|
public function checkHistoricalPasswords($count) {
|
|
$this->historicalPasswordCount = $count;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* @param String $password
|
|
* @param Member $member
|
|
* @return ValidationResult
|
|
*/
|
|
public function validate($password, $member) {
|
|
$valid = ValidationResult::create();
|
|
|
|
if($this->minLength) {
|
|
if(strlen($password) < $this->minLength) {
|
|
$valid->error(
|
|
sprintf(
|
|
_t(
|
|
'PasswordValidator.TOOSHORT',
|
|
'Password is too short, it must be %s or more characters long'
|
|
),
|
|
$this->minLength
|
|
),
|
|
'TOO_SHORT'
|
|
);
|
|
}
|
|
}
|
|
|
|
if($this->minScore) {
|
|
$score = 0;
|
|
$missedTests = array();
|
|
foreach($this->testNames as $name) {
|
|
if(preg_match(self::config()->character_strength_tests[$name], $password)) {
|
|
$score++;
|
|
} else {
|
|
$missedTests[] = _t(
|
|
'PasswordValidator.STRENGTHTEST' . strtoupper($name),
|
|
$name,
|
|
'The user needs to add this to their password for more complexity'
|
|
);
|
|
}
|
|
}
|
|
|
|
if($score < $this->minScore) {
|
|
$valid->error(
|
|
sprintf(
|
|
_t(
|
|
'PasswordValidator.LOWCHARSTRENGTH',
|
|
'Please increase password strength by adding some of the following characters: %s'
|
|
),
|
|
implode(', ', $missedTests)
|
|
),
|
|
'LOW_CHARACTER_STRENGTH'
|
|
);
|
|
}
|
|
}
|
|
|
|
if($this->historicalPasswordCount) {
|
|
$previousPasswords = MemberPassword::get()
|
|
->where(array('"MemberPassword"."MemberID"' => $member->ID))
|
|
->sort('"Created" DESC, "ID" DESC')
|
|
->limit($this->historicalPasswordCount);
|
|
if($previousPasswords) foreach($previousPasswords as $previousPasswords) {
|
|
if($previousPasswords->checkPassword($password)) {
|
|
$valid->error(
|
|
_t(
|
|
'PasswordValidator.PREVPASSWORD',
|
|
'You\'ve already used that password in the past, please choose a new password'
|
|
),
|
|
'PREVIOUS_PASSWORD'
|
|
);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
return $valid;
|
|
}
|
|
|
|
}
|