check whether the password is not weak when resetting a password
This commit is contained in:
parent
62fb3ce251
commit
72c358ee62
@ -8,7 +8,7 @@ import System.IO.Unsafe (unsafePerformIO)
|
||||
|
||||
import Data.Time.Clock (addUTCTime)
|
||||
|
||||
import Handler.Common (passwordConfirmField, updatePassword)
|
||||
import Handler.Common (passwordConfirmField, updatePassword, isPasswordAcceptable, tooWeakPasswordMessage)
|
||||
|
||||
getCreateResetLinkR :: Handler Html
|
||||
getCreateResetLinkR = do
|
||||
@ -87,12 +87,8 @@ doResetPassword key _ Nothing = do
|
||||
setMessage $ toHtml ("Password not given or does not match! Make sure you entered the same password" :: Text)
|
||||
getResetPasswordR key
|
||||
|
||||
doResetPassword _ (Just userId) (Just password) = do
|
||||
updatePassword userId (Just password)
|
||||
runDB $ update userId removeVerificationKeyStatement
|
||||
defaultLayout $ do
|
||||
setTitle "Reset password"
|
||||
$(widgetFile "password-reset")
|
||||
doResetPassword key (Just userId) (Just password) = do
|
||||
doResetPassword' (isPasswordAcceptable password) key userId password
|
||||
|
||||
doResetPassword key Nothing _ = do
|
||||
runDB $ updateWhere [UserVerificationKey ==. Just key] removeVerificationKeyStatement
|
||||
@ -101,6 +97,18 @@ doResetPassword key Nothing _ = do
|
||||
setTitle "Reset password"
|
||||
$(widgetFile "password-reset-failed")
|
||||
|
||||
doResetPassword' :: Bool -> Text -> Key User -> Text -> Handler Html
|
||||
doResetPassword' True _ userId password = do
|
||||
updatePassword userId (Just password)
|
||||
runDB $ update userId removeVerificationKeyStatement
|
||||
defaultLayout $ do
|
||||
setTitle "Reset password"
|
||||
$(widgetFile "password-reset")
|
||||
|
||||
doResetPassword' False key _ _ = do
|
||||
tooWeakPasswordMessage
|
||||
getResetPasswordR key
|
||||
|
||||
removeVerificationKeyStatement :: [Update User]
|
||||
removeVerificationKeyStatement = [UserVerificationKey =. Nothing, UserKeyExpirationDate =. Nothing]
|
||||
|
||||
|
||||
@ -44,3 +44,13 @@ updatePassword userId (Just password) = do
|
||||
encodedPassword <- liftIO $ makePassword (encodeUtf8 password) defaultStrength
|
||||
runDB $ update userId [UserPassword =. Just (decodeUtf8 encodedPassword)]
|
||||
setMessage $ toHtml ("Password set!" :: Text)
|
||||
|
||||
minPasswordLength :: Int
|
||||
minPasswordLength = 10
|
||||
|
||||
isPasswordAcceptable :: Text -> Bool
|
||||
isPasswordAcceptable p = length p >= minPasswordLength
|
||||
|
||||
tooWeakPasswordMessage :: Handler ()
|
||||
tooWeakPasswordMessage =
|
||||
setMessage $ toHtml ("Password is too weak!!! A password needs to have at least " ++ (show minPasswordLength) ++ " characters")
|
||||
|
||||
Loading…
Reference in New Issue
Block a user