Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for minimum password length upon self registration. #2459

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

nickygerritsen
Copy link
Member

Fixes #2458.

if ($user->getName() === null) {
$user->setName($user->getUsername());
}
if (strlen($plainPass) < UserController::MIN_PASSWORD_LENGTH) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it make more sense to store this constant here in the security controller, or possibly in some other global place?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you have a good suggestion? Since we also use it in the jury controller.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe in webapp/config/static.yaml.in? Not sure whether we should also make it configurable from configure or so...

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do like that idea, but then maybe we do that in a separate issue / PR?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We had this in the past and had some discussions in #maintainer about it (if I remember correctly).

webapp/src/Controller/SecurityController.php Show resolved Hide resolved
@thijskh
Copy link
Member

thijskh commented Apr 28, 2024

Probably we need to tell the user what length we expect when we present the form? Not reject it after submission with a surprise limit that was never communicated before?

@nickygerritsen
Copy link
Member Author

Probably we need to tell the user what length we expect when we present the form? Not reject it after submission with a surprise limit that was never communicated before?

The minlength html attribute kinda does this, right?

@@ -210,17 +210,17 @@ public function selfRegisterProvider(): Generator
continue;
}
yield[['username'=>'minimaluser', 'teamName'=>'NewTeam','affiliation'=>'none'],'shirt-recognize-bar-together', $fixtures, $category];
yield[['username'=>'bruteforce', 'teamName'=>'Fib(4)','affiliation'=>'none'],'0112', $fixtures, $category];
yield[['username'=>'fullUser', 'name'=>'Full User', 'email'=>'[email protected]','teamName'=>'Trial','affiliation'=>'none'],'.', $fixtures, $category];
yield[['username'=>'bruteforce', 'teamName'=>'Fib(4)','affiliation'=>'none'],'0112345678', $fixtures, $category];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
yield[['username'=>'bruteforce', 'teamName'=>'Fib(4)','affiliation'=>'none'],'0112345678', $fixtures, $category];
yield[['username'=>'bruteforce', 'teamName'=>'Fib(9)','affiliation'=>'none'],'01123581321', $fixtures, $category];

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Self-registering allows weak password
5 participants