mirror of
https://github.com/discourse/discourse.git
synced 2024-12-20 00:55:58 +08:00
32e261ef73
* Add migrations to ensure password hash is synced across users & user_passwords * Persist password-related data in user_passwords instead of users * Merge User#expire_old_email_tokens with User#expire_tokens_if_password_changed * Add post deploy migration to mark password-related columns from users table as read-only * Refactored UserPassword#confirm_password? and changes required to accommodate hashing the password after validations
37 lines
1.5 KiB
Ruby
37 lines
1.5 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
class UserPasswordValidator < ActiveModel::EachValidator
|
|
def validate_each(record, attribute, value)
|
|
return unless record.password_validation_required?
|
|
user = record.user
|
|
|
|
if value.nil?
|
|
record.errors.add(attribute, :blank)
|
|
elsif value.length < SiteSetting.min_admin_password_length &&
|
|
(user.admin? || is_developer?(user.email))
|
|
record.errors.add(attribute, :too_short, count: SiteSetting.min_admin_password_length)
|
|
elsif value.length < SiteSetting.min_password_length
|
|
record.errors.add(attribute, :too_short, count: SiteSetting.min_password_length)
|
|
elsif user.username.present? && value == user.username
|
|
record.errors.add(attribute, :same_as_username)
|
|
elsif user.name.present? && value == user.name
|
|
record.errors.add(attribute, :same_as_name)
|
|
elsif user.email.present? && value == user.email
|
|
record.errors.add(attribute, :same_as_email)
|
|
elsif record.password_hash_changed? && record.confirm_password?(value)
|
|
record.errors.add(attribute, :same_as_current)
|
|
elsif SiteSetting.block_common_passwords && CommonPasswords.common_password?(value)
|
|
record.errors.add(attribute, :common)
|
|
elsif value.chars.uniq.length < SiteSetting.password_unique_characters
|
|
record.errors.add(attribute, :unique_characters)
|
|
end
|
|
end
|
|
|
|
private
|
|
|
|
def is_developer?(value)
|
|
Rails.configuration.respond_to?(:developer_emails) &&
|
|
Rails.configuration.developer_emails.include?(value)
|
|
end
|
|
end
|