From aef26729424a909bb29c25593956f0e783c7cfbd Mon Sep 17 00:00:00 2001
From: Marco <marco1@live.de>
Date: Sat, 20 Aug 2016 20:55:50 +0200
Subject: [PATCH] Refactor validation of passwords

---
 src/Auth.php | 44 +++++++++++++++++++++++++-------------------
 1 file changed, 25 insertions(+), 19 deletions(-)

diff --git a/src/Auth.php b/src/Auth.php
index 7d7ad36..20d9e57 100644
--- a/src/Auth.php
+++ b/src/Auth.php
@@ -153,11 +153,7 @@ class Auth {
 		$this->throttle(self::THROTTLE_ACTION_REGISTER);
 
 		$email = self::validateEmailAddress($email);
-
-		$password = isset($password) ? trim($password) : null;
-		if (empty($password)) {
-			throw new InvalidPasswordException();
-		}
+		$password = self::validatePassword($password);
 
 		$username = isset($username) ? trim($username) : null;
 		$password = password_hash($password, PASSWORD_DEFAULT);
@@ -267,11 +263,7 @@ class Auth {
 	 */
 	public function login($email, $password, $remember = false) {
 		$email = self::validateEmailAddress($email);
-
-		$password = isset($password) ? trim($password) : null;
-		if (empty($password)) {
-			throw new InvalidPasswordException();
-		}
+		$password = self::validatePassword($password);
 
 		$stmt = $this->db->prepare("SELECT id, password, verified, username FROM users WHERE email = :email");
 		$stmt->bindValue(':email', $email, \PDO::PARAM_STR);
@@ -338,6 +330,27 @@ class Auth {
 		return $email;
 	}
 
+	/**
+	 * Validates a password
+	 *
+	 * @param string $password the password to validate
+	 * @return string the password if it's valid
+	 * @throws InvalidPasswordException if the password was invalid
+	 */
+	private static function validatePassword($password) {
+		if (empty($password)) {
+			throw new InvalidPasswordException();
+		}
+
+		$password = trim($password);
+
+		if (strlen($password) < 1) {
+			throw new InvalidPasswordException();
+		}
+
+		return $password;
+	}
+
 	/**
 	 * Creates a new directive keeping the user logged in ("remember me")
 	 *
@@ -569,15 +582,8 @@ class Auth {
 	 */
 	public function changePassword($oldPassword, $newPassword) {
 		if ($this->isLoggedIn()) {
-			$oldPassword = isset($oldPassword) ? trim($oldPassword) : null;
-			if (empty($oldPassword)) {
-				throw new InvalidPasswordException();
-			}
-
-			$newPassword = isset($newPassword) ? trim($newPassword) : null;
-			if (empty($newPassword)) {
-				throw new InvalidPasswordException();
-			}
+			$oldPassword = self::validatePassword($oldPassword);
+			$newPassword = self::validatePassword($newPassword);
 
 			$userId = $this->getUserId();