mirror of
https://github.com/phpbb/phpbb.git
synced 2025-02-24 20:13:22 +01:00
Merge branch 'ticket/bantu/9751' into develop-olympus
* ticket/bantu/9751: [ticket/9751] Add shortcut logic for pass_complex == PASS_TYPE_ANY. [ticket/9751] Compare $password with empty string instead of casting it to bool [ticket/9751] Use a switch/case block without break for password complexity. [ticket/9751] Password requirement "Must contain letters and numbers" fails
This commit is contained in:
Andreas Fischer
commit
f392f55d9b
@ -1605,8 +1605,9 @@ function validate_password($password)
|
||||
{
|
||||
global $config, $db, $user;
|
||||
|
||||
if (!$password)
|
||||
if ($password === '' || $config['pass_complex'] === 'PASS_TYPE_ANY')
|
||||
{
|
||||
// Password empty or no password complexity required.
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -1617,7 +1618,6 @@ function validate_password($password)
|
||||
{
|
||||
$upp = '\p{Lu}';
|
||||
$low = '\p{Ll}';
|
||||
$let = '\p{L}';
|
||||
$num = '\p{N}';
|
||||
$sym = '[^\p{Lu}\p{Ll}\p{N}]';
|
||||
$pcre = true;
|
||||
@ -1627,7 +1627,6 @@ function validate_password($password)
|
||||
mb_regex_encoding('UTF-8');
|
||||
$upp = '[[:upper:]]';
|
||||
$low = '[[:lower:]]';
|
||||
$let = '[[:lower:][:upper:]]';
|
||||
$num = '[[:digit:]]';
|
||||
$sym = '[^[:upper:][:lower:][:digit:]]';
|
||||
$mbstring = true;
|
||||
@ -1636,7 +1635,6 @@ function validate_password($password)
|
||||
{
|
||||
$upp = '[A-Z]';
|
||||
$low = '[a-z]';
|
||||
$let = '[a-zA-Z]';
|
||||
$num = '[0-9]';
|
||||
$sym = '[^A-Za-z0-9]';
|
||||
$pcre = true;
|
||||
@ -1646,22 +1644,22 @@ function validate_password($password)
|
||||
|
||||
switch ($config['pass_complex'])
|
||||
{
|
||||
// No break statements below ...
|
||||
// We require strong passwords in case pass_complex is not set or is invalid
|
||||
default:
|
||||
|
||||
// Require mixed case letters, numbers and symbols
|
||||
case 'PASS_TYPE_SYMBOL':
|
||||
$chars[] = $sym;
|
||||
|
||||
// Require mixed case letters and numbers
|
||||
case 'PASS_TYPE_ALPHA':
|
||||
$chars[] = $num;
|
||||
|
||||
// Require mixed case letters
|
||||
case 'PASS_TYPE_CASE':
|
||||
$chars[] = $low;
|
||||
$chars[] = $upp;
|
||||
break;
|
||||
|
||||
case 'PASS_TYPE_ALPHA':
|
||||
$chars[] = $let;
|
||||
$chars[] = $num;
|
||||
break;
|
||||
|
||||
case 'PASS_TYPE_SYMBOL':
|
||||
$chars[] = $low;
|
||||
$chars[] = $upp;
|
||||
$chars[] = $num;
|
||||
$chars[] = $sym;
|
||||
break;
|
||||
}
|
||||
|
||||
if ($pcre)
|
||||
|
||||
81
tests/regex/password_complexity_test.php
Normal file
81
tests/regex/password_complexity_test.php
Normal file
@ -0,0 +1,81 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* @package testing
|
||||
* @copyright (c) 2010 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
*
|
||||
*/
|
||||
|
||||
require_once dirname(__FILE__) . '/../../phpBB/includes/functions_user.php';
|
||||
|
||||
class phpbb_password_complexity_test extends phpbb_test_case
|
||||
{
|
||||
public function password_complexity_test_data_positive()
|
||||
{
|
||||
return array(
|
||||
array('12345', 'PASS_TYPE_ANY'),
|
||||
array('qwerty', 'PASS_TYPE_ANY'),
|
||||
array('QWERTY', 'PASS_TYPE_ANY'),
|
||||
array('QwerTY', 'PASS_TYPE_ANY'),
|
||||
array('q$erty', 'PASS_TYPE_ANY'),
|
||||
array('qW$rty', 'PASS_TYPE_ANY'),
|
||||
|
||||
array('QwerTY', 'PASS_TYPE_CASE'),
|
||||
array('QwerTY123', 'PASS_TYPE_ALPHA'),
|
||||
array('QwerTY123$&', 'PASS_TYPE_SYMBOL'),
|
||||
|
||||
array('', 'PASS_TYPE_ANY'),
|
||||
);
|
||||
}
|
||||
|
||||
public function password_complexity_test_data_negative()
|
||||
{
|
||||
return array(
|
||||
array('qwerty', 'PASS_TYPE_CASE'),
|
||||
array('QWERTY', 'PASS_TYPE_CASE'),
|
||||
array('123456', 'PASS_TYPE_CASE'),
|
||||
array('#$&', 'PASS_TYPE_CASE'),
|
||||
array('QTY123$', 'PASS_TYPE_CASE'),
|
||||
|
||||
array('qwerty', 'PASS_TYPE_ALPHA'),
|
||||
array('QWERTY', 'PASS_TYPE_ALPHA'),
|
||||
array('123456', 'PASS_TYPE_ALPHA'),
|
||||
array('QwertY', 'PASS_TYPE_ALPHA'),
|
||||
array('qwerty123', 'PASS_TYPE_ALPHA'),
|
||||
array('QWERTY123', 'PASS_TYPE_ALPHA'),
|
||||
array('#$&', 'PASS_TYPE_ALPHA'),
|
||||
array('QTY123$', 'PASS_TYPE_ALPHA'),
|
||||
|
||||
array('qwerty', 'PASS_TYPE_SYMBOL'),
|
||||
array('QWERTY', 'PASS_TYPE_SYMBOL'),
|
||||
array('123456', 'PASS_TYPE_SYMBOL'),
|
||||
array('QwertY', 'PASS_TYPE_SYMBOL'),
|
||||
array('qwerty123', 'PASS_TYPE_SYMBOL'),
|
||||
array('QWERTY123', 'PASS_TYPE_SYMBOL'),
|
||||
array('#$&', 'PASS_TYPE_SYMBOL'),
|
||||
array('qwerty123$', 'PASS_TYPE_SYMBOL'),
|
||||
array('QWERTY123$', 'PASS_TYPE_SYMBOL'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider password_complexity_test_data_positive
|
||||
*/
|
||||
public function test_password_complexity_positive($password, $mode)
|
||||
{
|
||||
global $config;
|
||||
$config['pass_complex'] = $mode;
|
||||
$this->assertFalse(validate_password($password));
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider password_complexity_test_data_negative
|
||||
*/
|
||||
public function test_password_complexity_negative($password, $mode)
|
||||
{
|
||||
global $config;
|
||||
$config['pass_complex'] = $mode;
|
||||
$this->assertEquals('INVALID_CHARS', validate_password($password));
|
||||
}
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user