mirror of
https://github.com/discourse/discourse.git
synced 2024-11-29 12:17:49 +08:00
FEATURE: don't allow username and password to be the same
This commit is contained in:
parent
bcb0346595
commit
cf81b3f86d
|
@ -310,6 +310,13 @@ export default DiscourseController.extend(ModalFunctionality, {
|
|||
});
|
||||
}
|
||||
|
||||
if (!this.blank('accountUsername') && this.get('accountPassword') === this.get('accountUsername')) {
|
||||
return Discourse.InputValidation.create({
|
||||
failed: true,
|
||||
reason: I18n.t('user.password.same_as_username')
|
||||
});
|
||||
}
|
||||
|
||||
// Looks good!
|
||||
return Discourse.InputValidation.create({
|
||||
ok: true,
|
||||
|
|
|
@ -514,6 +514,7 @@ en:
|
|||
title: "Password"
|
||||
too_short: "Your password is too short."
|
||||
common: "That password is too common."
|
||||
same_as_username: "Your password is the same as your username."
|
||||
ok: "Your password looks good."
|
||||
instructions: "At least %{count} characters."
|
||||
|
||||
|
|
|
@ -292,6 +292,7 @@ en:
|
|||
attributes:
|
||||
password:
|
||||
common: "is one of the 10000 most common passwords. Please use a more secure password."
|
||||
same_as_username: "is the same as your username. Please use a more secure password."
|
||||
ip_address:
|
||||
signup_not_allowed: "Signup is not allowed from this account."
|
||||
color_scheme_color:
|
||||
|
|
|
@ -8,6 +8,8 @@ class PasswordValidator < ActiveModel::EachValidator
|
|||
record.errors.add(attribute, :blank)
|
||||
elsif value.length < SiteSetting.min_password_length
|
||||
record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
|
||||
elsif record.username.present? && value == record.username
|
||||
record.errors.add(attribute, :same_as_username)
|
||||
elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
|
||||
record.errors.add(attribute, :common)
|
||||
end
|
||||
|
|
|
@ -72,6 +72,13 @@ describe PasswordValidator do
|
|||
expect(record.errors[:password]).not_to be_present
|
||||
end
|
||||
end
|
||||
|
||||
it "adds an error when password is the same as the username" do
|
||||
@password = "porkchops1"
|
||||
record.username = @password
|
||||
validate
|
||||
expect(record.errors[:password]).to be_present
|
||||
end
|
||||
end
|
||||
|
||||
context "password not required" do
|
||||
|
|
|
@ -22,3 +22,27 @@ test('basicUsernameValidation', function() {
|
|||
equal(controller.get('basicUsernameValidation.ok'), true, 'Prefilled username is valid');
|
||||
equal(controller.get('basicUsernameValidation.reason'), I18n.t('user.username.prefilled'), 'Prefilled username is valid');
|
||||
});
|
||||
|
||||
test('passwordValidation', function() {
|
||||
var subject = this.subject;
|
||||
|
||||
var controller = subject();
|
||||
controller.set('passwordRequired', true);
|
||||
controller.set('accountUsername', 'porkchops');
|
||||
controller.set('prefilledUsername', 'porkchops');
|
||||
|
||||
controller.set('accountPassword', 'b4fcdae11f9167');
|
||||
equal(controller.get('passwordValidation.ok'), true, 'Password is ok');
|
||||
equal(controller.get('passwordValidation.reason'), I18n.t('user.password.ok'), 'Password is valid');
|
||||
|
||||
var testInvalidPassword = function(password, expectedReason) {
|
||||
var controller = subject();
|
||||
controller.set('accountPassword', password);
|
||||
equal(controller.get('passwordValidation.failed'), true, 'password should be invalid: ' + password);
|
||||
equal(controller.get('passwordValidation.reason'), expectedReason, 'password validation reason: ' + password + ', ' + expectedReason);
|
||||
};
|
||||
|
||||
testInvalidPassword('', undefined);
|
||||
testInvalidPassword('x', I18n.t('user.password.too_short'));
|
||||
testInvalidPassword('porkchops', I18n.t('user.password.same_as_username'));
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue
Block a user