FEATURE: don't allow username and password to be the same

This commit is contained in:
Neil Lalonde 2015-02-25 11:59:57 -05:00
parent bcb0346595
commit cf81b3f86d
6 changed files with 42 additions and 0 deletions

View File

@ -310,6 +310,13 @@ export default DiscourseController.extend(ModalFunctionality, {
});
}
if (!this.blank('accountUsername') && this.get('accountPassword') === this.get('accountUsername')) {
return Discourse.InputValidation.create({
failed: true,
reason: I18n.t('user.password.same_as_username')
});
}
// Looks good!
return Discourse.InputValidation.create({
ok: true,

View File

@ -514,6 +514,7 @@ en:
title: "Password"
too_short: "Your password is too short."
common: "That password is too common."
same_as_username: "Your password is the same as your username."
ok: "Your password looks good."
instructions: "At least %{count} characters."

View File

@ -292,6 +292,7 @@ en:
attributes:
password:
common: "is one of the 10000 most common passwords. Please use a more secure password."
same_as_username: "is the same as your username. Please use a more secure password."
ip_address:
signup_not_allowed: "Signup is not allowed from this account."
color_scheme_color:

View File

@ -8,6 +8,8 @@ class PasswordValidator < ActiveModel::EachValidator
record.errors.add(attribute, :blank)
elsif value.length < SiteSetting.min_password_length
record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
elsif record.username.present? && value == record.username
record.errors.add(attribute, :same_as_username)
elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
record.errors.add(attribute, :common)
end

View File

@ -72,6 +72,13 @@ describe PasswordValidator do
expect(record.errors[:password]).not_to be_present
end
end
it "adds an error when password is the same as the username" do
@password = "porkchops1"
record.username = @password
validate
expect(record.errors[:password]).to be_present
end
end
context "password not required" do

View File

@ -22,3 +22,27 @@ test('basicUsernameValidation', function() {
equal(controller.get('basicUsernameValidation.ok'), true, 'Prefilled username is valid');
equal(controller.get('basicUsernameValidation.reason'), I18n.t('user.username.prefilled'), 'Prefilled username is valid');
});
test('passwordValidation', function() {
var subject = this.subject;
var controller = subject();
controller.set('passwordRequired', true);
controller.set('accountUsername', 'porkchops');
controller.set('prefilledUsername', 'porkchops');
controller.set('accountPassword', 'b4fcdae11f9167');
equal(controller.get('passwordValidation.ok'), true, 'Password is ok');
equal(controller.get('passwordValidation.reason'), I18n.t('user.password.ok'), 'Password is valid');
var testInvalidPassword = function(password, expectedReason) {
var controller = subject();
controller.set('accountPassword', password);
equal(controller.get('passwordValidation.failed'), true, 'password should be invalid: ' + password);
equal(controller.get('passwordValidation.reason'), expectedReason, 'password validation reason: ' + password + ', ' + expectedReason);
};
testInvalidPassword('', undefined);
testInvalidPassword('x', I18n.t('user.password.too_short'));
testInvalidPassword('porkchops', I18n.t('user.password.same_as_username'));
});