mirror of
https://github.com/discourse/discourse.git
synced 2024-11-30 10:24:49 +08:00
6f747c6b71
We were blocking user registrations with same username and password, but allowing usernames to be changed to be same as password later. Also disallow names to be the same as password.
36 lines
1.5 KiB
Ruby
36 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require_dependency "common_passwords/common_passwords"
|
|
|
|
class PasswordValidator < ActiveModel::EachValidator
|
|
|
|
def validate_each(record, attribute, value)
|
|
return unless record.password_validation_required?
|
|
|
|
if value.nil?
|
|
record.errors.add(attribute, :blank)
|
|
elsif value.length < SiteSetting.min_admin_password_length && (record.admin? || is_developer?(record.email))
|
|
record.errors.add(attribute, :too_short, count: SiteSetting.min_admin_password_length)
|
|
elsif value.length < SiteSetting.min_password_length
|
|
record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
|
|
elsif record.username.present? && value == record.username
|
|
record.errors.add(attribute, :same_as_username)
|
|
elsif record.name.present? && value == record.name
|
|
record.errors.add(attribute, :same_as_name)
|
|
elsif record.email.present? && value == record.email
|
|
record.errors.add(attribute, :same_as_email)
|
|
elsif record.confirm_password?(value)
|
|
record.errors.add(attribute, :same_as_current)
|
|
elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
|
|
record.errors.add(attribute, :common)
|
|
elsif value.chars.uniq.length < SiteSetting.password_unique_characters
|
|
record.errors.add(attribute, :unique_characters)
|
|
end
|
|
end
|
|
|
|
def is_developer?(value)
|
|
Rails.configuration.respond_to?(:developer_emails) && Rails.configuration.developer_emails.include?(value)
|
|
end
|
|
|
|
end
|