Validate password length

We can't do this using the ValidatesBeforeSave trait because the password has been hashed by then. Instead, we must validate the original password as it comes in.
2025-02-21 04:31:57 +08:00 · 2015-08-31 12:38:15 +09:30 · 2015-08-31 12:38:15 +09:30 · f5517fbd88
commit f5517fbd88
parent 6a0e3fcf2d
1 changed files with 19 additions and 0 deletions
--- a/src/Core/Users/User.php
+++ b/src/Core/Users/User.php
@ -32,6 +32,7 @@ use Flarum\Core\Support\Locked;
 use Flarum\Core\Support\VisibleScope;
 use Flarum\Core\Support\EventGenerator;
 use Flarum\Core\Support\ValidatesBeforeSave;
+use Flarum\Core\Exceptions\ValidationException;

 /**
 * @todo document database columns with @property
@ -149,6 +150,8 @@ class User extends Model
    {
        $user = new static;

+        $this->assertValidPassword($password);
+
        $user->username  = $username;
        $user->email     = $email;
        $user->password  = $password;
@ -225,6 +228,8 @@ class User extends Model
     */
    public function changePassword($password)
    {
+        $this->assertValidPassword($password);
+
        $this->password = $password;

        $this->raise(new UserPasswordWasChanged($this));
@ -232,6 +237,20 @@ class User extends Model
        return $this;
    }

+    /**
+     * Validate password input.
+     *
+     * @param string $password
+     * @return void
+     * @throws \Flarum\Core\Exceptions\ValidationException
+     */
+    protected function assertValidPassword($password)
+    {
+        if (strlen($password) < 8) {
+            throw new ValidationException(['password' => 'Password must be at least 8 characters']);
+        }
+    }
+
    /**
     * Set the password attribute, storing it as a hash.
     *