mirror of
https://github.com/TryGhost/Ghost.git
synced 2023-12-13 21:00:40 +01:00
✨ Increase minimum password length to 10 characters (#9152)
refs #9150 - Sets password min length in validator to 10 - Updates tests
This commit is contained in:
parent
fedd8780e7
commit
0ed92959c8
|
@ -28,7 +28,7 @@ var _ = require('lodash'),
|
|||
Users;
|
||||
|
||||
function validatePasswordLength(password) {
|
||||
return validator.isLength(password, 8);
|
||||
return validator.isLength(password, 10);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -151,7 +151,7 @@ User = ghostBookshelf.Model.extend({
|
|||
this.set('password', String(this.get('password')));
|
||||
|
||||
if (!validatePasswordLength(this.get('password'))) {
|
||||
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.user.passwordDoesNotComplyLength')}));
|
||||
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.user.passwordDoesNotComplyLength', {minLength: 10})}));
|
||||
}
|
||||
|
||||
// An import with importOptions supplied can prevent re-hashing a user password
|
||||
|
@ -549,7 +549,7 @@ User = ghostBookshelf.Model.extend({
|
|||
userData = this.filterData(data);
|
||||
|
||||
if (!validatePasswordLength(userData.password)) {
|
||||
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.user.passwordDoesNotComplyLength')}));
|
||||
return Promise.reject(new errors.ValidationError({message: i18n.t('errors.models.user.passwordDoesNotComplyLength', {minLength: 10})}));
|
||||
}
|
||||
|
||||
options = this.filterOptions(options, 'setup');
|
||||
|
|
|
@ -228,7 +228,7 @@
|
|||
"missingContext": "missing context",
|
||||
"onlyOneRolePerUserSupported": "Only one role per user is supported at the moment.",
|
||||
"methodDoesNotSupportOwnerRole": "This method does not support assigning the owner role",
|
||||
"passwordDoesNotComplyLength": "Your password must be at least 8 characters long.",
|
||||
"passwordDoesNotComplyLength": "Your password must be at least {minLength} characters long.",
|
||||
"notEnoughPermission": "You do not have permission to perform this action",
|
||||
"noUserWithEnteredEmailAddr": "There is no user with that email address.",
|
||||
"userIsInactive": "The user with that email address is inactive.",
|
||||
|
|
|
@ -231,8 +231,8 @@ describe('Authentication API', function () {
|
|||
.send({
|
||||
passwordreset: [{
|
||||
token: token,
|
||||
newPassword: 'abcdefgh',
|
||||
ne2Password: 'abcdefgh'
|
||||
newPassword: 'abcdefghij',
|
||||
ne2Password: 'abcdefghij'
|
||||
}]
|
||||
})
|
||||
.expect('Content-Type', /json/)
|
||||
|
|
|
@ -188,7 +188,7 @@ describe('Spam Prevention API', function () {
|
|||
.send({
|
||||
grant_type: 'password',
|
||||
username: email,
|
||||
password: 'Sl1m3rson',
|
||||
password: 'Sl1m3rson99',
|
||||
client_id: 'ghost-admin',
|
||||
client_secret: 'not_available'
|
||||
}).expect('Content-Type', /json/)
|
||||
|
|
|
@ -32,8 +32,8 @@ describe('Authentication API', function () {
|
|||
testReset = {
|
||||
passwordreset: [{
|
||||
token: 'abc',
|
||||
newPassword: 'abcdefgh',
|
||||
ne2Password: 'abcdefgh'
|
||||
newPassword: 'abcdefghij',
|
||||
ne2Password: 'abcdefghij'
|
||||
}]
|
||||
};
|
||||
|
||||
|
@ -409,7 +409,7 @@ describe('Authentication API', function () {
|
|||
var user = {
|
||||
name: 'uninvited user',
|
||||
email: 'notinvited@example.com',
|
||||
password: '12345678',
|
||||
password: '1234567890',
|
||||
status: 'active'
|
||||
},
|
||||
options = {
|
||||
|
|
|
@ -1357,7 +1357,7 @@ describe('Users API', function () {
|
|||
var payload = {
|
||||
password: [{
|
||||
user_id: userIdFor.owner,
|
||||
oldPassword: 'Sl1m3rson',
|
||||
oldPassword: 'Sl1m3rson99',
|
||||
newPassword: 'newSl1m3rson',
|
||||
ne2Password: 'newSl1m3rson'
|
||||
}]
|
||||
|
@ -1374,8 +1374,8 @@ describe('Users API', function () {
|
|||
password: [{
|
||||
user_id: userIdFor.owner,
|
||||
oldPassword: 'wrong',
|
||||
newPassword: 'Sl1m3rson',
|
||||
ne2Password: 'Sl1m3rson'
|
||||
newPassword: 'Sl1m3rson9',
|
||||
ne2Password: 'Sl1m3rson9'
|
||||
}]
|
||||
};
|
||||
UserAPI.changePassword(payload, _.extend({}, context.owner, {id: userIdFor.owner}))
|
||||
|
@ -1389,8 +1389,8 @@ describe('Users API', function () {
|
|||
password: [{
|
||||
user_id: userIdFor.owner,
|
||||
oldPassword: '',
|
||||
newPassword: 'Sl1m3rson1',
|
||||
ne2Password: 'Sl1m3rson1'
|
||||
newPassword: 'Sl1m3rson19',
|
||||
ne2Password: 'Sl1m3rson19'
|
||||
}]
|
||||
};
|
||||
UserAPI.changePassword(payload, _.extend({}, context.owner, {id: userIdFor.owner}))
|
||||
|
@ -1403,9 +1403,9 @@ describe('Users API', function () {
|
|||
var payload = {
|
||||
password: [{
|
||||
user_id: userIdFor.owner,
|
||||
oldPassword: 'Sl1m3rson',
|
||||
newPassword: 'Sl1m3rson1',
|
||||
ne2Password: 'Sl1m3rson2'
|
||||
oldPassword: 'Sl1m3rson99',
|
||||
newPassword: 'Sl1m3rson19',
|
||||
ne2Password: 'Sl1m3rson29'
|
||||
}]
|
||||
};
|
||||
UserAPI.changePassword(payload, _.extend({}, context.owner, {id: userIdFor.owner}))
|
||||
|
@ -1418,8 +1418,8 @@ describe('Users API', function () {
|
|||
var payload = {
|
||||
password: [{
|
||||
user_id: userIdFor.editor,
|
||||
newPassword: 'Sl1m3rson1',
|
||||
ne2Password: 'Sl1m3rson2'
|
||||
newPassword: 'Sl1m3rson19',
|
||||
ne2Password: 'Sl1m3rson29'
|
||||
}]
|
||||
};
|
||||
UserAPI.changePassword(payload, _.extend({}, context.owner, {id: userIdFor.owner}))
|
||||
|
@ -1428,12 +1428,12 @@ describe('Users API', function () {
|
|||
}).catch(checkForErrorType('ValidationError', done));
|
||||
});
|
||||
|
||||
it('Owner can\'t change editor password without short passwords', function (done) {
|
||||
it('Owner can\'t change editor password with too short passwords', function (done) {
|
||||
var payload = {
|
||||
password: [{
|
||||
user_id: userIdFor.editor,
|
||||
newPassword: 'Sl',
|
||||
ne2Password: 'Sl'
|
||||
newPassword: 'only8car',
|
||||
ne2Password: 'only8car'
|
||||
}]
|
||||
};
|
||||
UserAPI.changePassword(payload, _.extend({}, context.owner, {id: userIdFor.owner}))
|
||||
|
|
|
@ -123,7 +123,7 @@ describe('User Model', function run() {
|
|||
|
||||
// avoid side-effects!
|
||||
userData = _.cloneDeep(userData);
|
||||
userData.password = 12345678;
|
||||
userData.password = 1234567890;
|
||||
|
||||
// mocha supports promises
|
||||
return UserModel.add(userData, context).then(function (createdUser) {
|
||||
|
@ -549,22 +549,8 @@ describe('User Model', function run() {
|
|||
describe('error', function () {
|
||||
it('wrong old password', function (done) {
|
||||
UserModel.changePassword({
|
||||
newPassword: '12345678',
|
||||
ne2Password: '12345678',
|
||||
oldPassword: '123456789',
|
||||
user_id: testUtils.DataGenerator.Content.users[0].id
|
||||
}, testUtils.context.owner).then(function () {
|
||||
done(new Error('expected error!'));
|
||||
}).catch(function (err) {
|
||||
(err instanceof errors.ValidationError).should.eql(true);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('wrong old password', function (done) {
|
||||
UserModel.changePassword({
|
||||
newPassword: '12345678',
|
||||
ne2Password: '12345678',
|
||||
newPassword: '1234567890',
|
||||
ne2Password: '1234567890',
|
||||
oldPassword: '123456789',
|
||||
user_id: testUtils.DataGenerator.Content.users[0].id
|
||||
}, testUtils.context.owner).then(function () {
|
||||
|
@ -579,12 +565,12 @@ describe('User Model', function run() {
|
|||
describe('success', function () {
|
||||
it('can change password', function (done) {
|
||||
UserModel.changePassword({
|
||||
newPassword: '12345678',
|
||||
ne2Password: '12345678',
|
||||
oldPassword: 'Sl1m3rson',
|
||||
newPassword: '1234567890',
|
||||
ne2Password: '1234567890',
|
||||
oldPassword: 'Sl1m3rson99',
|
||||
user_id: testUtils.DataGenerator.Content.users[0].id
|
||||
}, testUtils.context.owner).then(function (user) {
|
||||
user.get('password').should.not.eql('12345678');
|
||||
user.get('password').should.not.eql('1234567890');
|
||||
done();
|
||||
}).catch(done);
|
||||
});
|
||||
|
@ -598,7 +584,7 @@ describe('User Model', function run() {
|
|||
var userData = {
|
||||
name: 'Max Mustermann',
|
||||
email: 'test@ghost.org',
|
||||
password: '12345678'
|
||||
password: '1234567890'
|
||||
};
|
||||
|
||||
UserModel.setup(userData, {id: 1})
|
||||
|
|
|
@ -120,7 +120,7 @@ DataGenerator.Content = {
|
|||
}
|
||||
],
|
||||
|
||||
// Password = Sl1m3rson
|
||||
// Password = Sl1m3rson99
|
||||
users: [
|
||||
{
|
||||
// owner (owner is still id 1 because of permissions)
|
||||
|
@ -128,7 +128,7 @@ DataGenerator.Content = {
|
|||
name: 'Joe Bloggs',
|
||||
slug: 'joe-bloggs',
|
||||
email: 'jbloggs@example.com',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// admin
|
||||
|
@ -136,7 +136,7 @@ DataGenerator.Content = {
|
|||
name: 'Smith Wellingsworth',
|
||||
slug: 'smith-wellingsworth',
|
||||
email: 'swellingsworth@example.com',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// editor
|
||||
|
@ -144,7 +144,7 @@ DataGenerator.Content = {
|
|||
name: 'Jimothy Bogendath',
|
||||
slug: 'jimothy-bogendath',
|
||||
email: 'jbOgendAth@example.com',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// author
|
||||
|
@ -152,7 +152,7 @@ DataGenerator.Content = {
|
|||
name: 'Slimer McEctoplasm',
|
||||
slug: 'slimer-mcectoplasm',
|
||||
email: 'smcectoplasm@example.com',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// editor 2
|
||||
|
@ -160,7 +160,7 @@ DataGenerator.Content = {
|
|||
name: 'Ivan Email',
|
||||
slug: 'ivan-email',
|
||||
email: 'info1@ghost.org',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// author 2
|
||||
|
@ -168,7 +168,7 @@ DataGenerator.Content = {
|
|||
name: 'Author2',
|
||||
slug: 'a-2',
|
||||
email: 'info2@ghost.org',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
},
|
||||
{
|
||||
// admin 2
|
||||
|
@ -176,7 +176,7 @@ DataGenerator.Content = {
|
|||
name: 'admin2',
|
||||
slug: 'ad-2',
|
||||
email: 'info3@ghost.org',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
}
|
||||
],
|
||||
|
||||
|
@ -419,7 +419,7 @@ DataGenerator.forKnex = (function () {
|
|||
name: 'name',
|
||||
slug: 'slug_' + Date.now(),
|
||||
status: 'active',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6',
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS',
|
||||
created_by: DataGenerator.Content.users[0].id,
|
||||
created_at: new Date()
|
||||
});
|
||||
|
@ -449,7 +449,7 @@ DataGenerator.forKnex = (function () {
|
|||
name: 'Joe Bloggs',
|
||||
slug: 'joe-blogs',
|
||||
email: 'joe_' + uniqueInteger + '@example.com',
|
||||
password: '$2a$10$.pZeeBE0gHXd0PTnbT/ph.GEKgd0Wd3q2pWna3ynTGBkPKnGIKZL6'
|
||||
password: '$2b$10$ujPIlqjTsYwfc2/zrqZXZ.yd7cQQm2iOkAFenTAJfveKkc23nwdeS'
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -675,7 +675,7 @@ DataGenerator.forModel = (function () {
|
|||
user = _.pick(user, 'name', 'email');
|
||||
|
||||
return _.defaults({
|
||||
password: 'Sl1m3rson'
|
||||
password: 'Sl1m3rson99'
|
||||
}, user);
|
||||
});
|
||||
|
||||
|
|
|
@ -706,7 +706,7 @@ login = function login(request) {
|
|||
.send({
|
||||
grant_type: 'password',
|
||||
username: request.user.email,
|
||||
password: 'Sl1m3rson',
|
||||
password: 'Sl1m3rson99',
|
||||
client_id: 'ghost-admin',
|
||||
client_secret: 'not_available'
|
||||
}).then(function then(res) {
|
||||
|
|
Loading…
Reference in a new issue