forked from filipg/gonito
check whether the password is not weak when resetting a password
This commit is contained in:
parent
62fb3ce251
commit
72c358ee62
@ -8,7 +8,7 @@ import System.IO.Unsafe (unsafePerformIO)
|
|||||||
|
|
||||||
import Data.Time.Clock (addUTCTime)
|
import Data.Time.Clock (addUTCTime)
|
||||||
|
|
||||||
import Handler.Common (passwordConfirmField, updatePassword)
|
import Handler.Common (passwordConfirmField, updatePassword, isPasswordAcceptable, tooWeakPasswordMessage)
|
||||||
|
|
||||||
getCreateResetLinkR :: Handler Html
|
getCreateResetLinkR :: Handler Html
|
||||||
getCreateResetLinkR = do
|
getCreateResetLinkR = do
|
||||||
@ -87,12 +87,8 @@ doResetPassword key _ Nothing = do
|
|||||||
setMessage $ toHtml ("Password not given or does not match! Make sure you entered the same password" :: Text)
|
setMessage $ toHtml ("Password not given or does not match! Make sure you entered the same password" :: Text)
|
||||||
getResetPasswordR key
|
getResetPasswordR key
|
||||||
|
|
||||||
doResetPassword _ (Just userId) (Just password) = do
|
doResetPassword key (Just userId) (Just password) = do
|
||||||
updatePassword userId (Just password)
|
doResetPassword' (isPasswordAcceptable password) key userId password
|
||||||
runDB $ update userId removeVerificationKeyStatement
|
|
||||||
defaultLayout $ do
|
|
||||||
setTitle "Reset password"
|
|
||||||
$(widgetFile "password-reset")
|
|
||||||
|
|
||||||
doResetPassword key Nothing _ = do
|
doResetPassword key Nothing _ = do
|
||||||
runDB $ updateWhere [UserVerificationKey ==. Just key] removeVerificationKeyStatement
|
runDB $ updateWhere [UserVerificationKey ==. Just key] removeVerificationKeyStatement
|
||||||
@ -101,6 +97,18 @@ doResetPassword key Nothing _ = do
|
|||||||
setTitle "Reset password"
|
setTitle "Reset password"
|
||||||
$(widgetFile "password-reset-failed")
|
$(widgetFile "password-reset-failed")
|
||||||
|
|
||||||
|
doResetPassword' :: Bool -> Text -> Key User -> Text -> Handler Html
|
||||||
|
doResetPassword' True _ userId password = do
|
||||||
|
updatePassword userId (Just password)
|
||||||
|
runDB $ update userId removeVerificationKeyStatement
|
||||||
|
defaultLayout $ do
|
||||||
|
setTitle "Reset password"
|
||||||
|
$(widgetFile "password-reset")
|
||||||
|
|
||||||
|
doResetPassword' False key _ _ = do
|
||||||
|
tooWeakPasswordMessage
|
||||||
|
getResetPasswordR key
|
||||||
|
|
||||||
removeVerificationKeyStatement :: [Update User]
|
removeVerificationKeyStatement :: [Update User]
|
||||||
removeVerificationKeyStatement = [UserVerificationKey =. Nothing, UserKeyExpirationDate =. Nothing]
|
removeVerificationKeyStatement = [UserVerificationKey =. Nothing, UserKeyExpirationDate =. Nothing]
|
||||||
|
|
||||||
|
@ -44,3 +44,13 @@ updatePassword userId (Just password) = do
|
|||||||
encodedPassword <- liftIO $ makePassword (encodeUtf8 password) defaultStrength
|
encodedPassword <- liftIO $ makePassword (encodeUtf8 password) defaultStrength
|
||||||
runDB $ update userId [UserPassword =. Just (decodeUtf8 encodedPassword)]
|
runDB $ update userId [UserPassword =. Just (decodeUtf8 encodedPassword)]
|
||||||
setMessage $ toHtml ("Password set!" :: Text)
|
setMessage $ toHtml ("Password set!" :: Text)
|
||||||
|
|
||||||
|
minPasswordLength :: Int
|
||||||
|
minPasswordLength = 10
|
||||||
|
|
||||||
|
isPasswordAcceptable :: Text -> Bool
|
||||||
|
isPasswordAcceptable p = length p >= minPasswordLength
|
||||||
|
|
||||||
|
tooWeakPasswordMessage :: Handler ()
|
||||||
|
tooWeakPasswordMessage =
|
||||||
|
setMessage $ toHtml ("Password is too weak!!! A password needs to have at least " ++ (show minPasswordLength) ++ " characters")
|
||||||
|
Loading…
Reference in New Issue
Block a user