From 72a57e23cd9436f77d60a4052a4fe3ce40ca1543 Mon Sep 17 00:00:00 2001 From: wangsijie Date: Thu, 10 Oct 2024 07:55:47 +0800 Subject: [PATCH] feat(core): check password policy before changing password (#6649) --- packages/core/src/routes/profile/index.ts | 9 +++++++-- .../src/tests/api/profile/index.test.ts | 13 +++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/packages/core/src/routes/profile/index.ts b/packages/core/src/routes/profile/index.ts index ed6298d2a..87a82f20b 100644 --- a/packages/core/src/routes/profile/index.ts +++ b/packages/core/src/routes/profile/index.ts @@ -12,13 +12,15 @@ import { verifyUserSensitivePermission, } from '../../libraries/verification.js'; import assertThat from '../../utils/assert-that.js'; +import { PasswordValidator } from '../experience/classes/libraries/password-validator.js'; import type { UserRouter, RouterInitArgs } from '../types.js'; export default function profileRoutes( ...[router, { queries, libraries }]: RouterInitArgs ) { const { - users: { updateUserById }, + users: { updateUserById, findUserById }, + signInExperiences: { findDefaultSignInExperience }, } = queries; const { @@ -80,7 +82,10 @@ export default function profileRoutes( const { id: userId } = ctx.auth; const { password, verificationRecordId } = ctx.guard.body; - // TODO(LOG-9947): apply password policy + const user = await findUserById(userId); + const signInExperience = await findDefaultSignInExperience(); + const passwordPolicyChecker = new PasswordValidator(signInExperience.passwordPolicy, user); + await passwordPolicyChecker.validatePassword(password, user); await verifyUserSensitivePermission({ userId, diff --git a/packages/integration-tests/src/tests/api/profile/index.test.ts b/packages/integration-tests/src/tests/api/profile/index.test.ts index 6ca618042..a54991d7d 100644 --- a/packages/integration-tests/src/tests/api/profile/index.test.ts +++ b/packages/integration-tests/src/tests/api/profile/index.test.ts @@ -128,6 +128,19 @@ describe('profile', () => { await deleteDefaultTenantUser(user.id); }); + it('should fail if password does not meet the password policy', async () => { + const { user, username, password } = await createDefaultTenantUserWithPassword(); + const api = await signInAndGetUserApi(username, password); + const newPassword = '123456'; + + await expectRejects(updatePassword(api, 'invalid-varification-record-id', newPassword), { + code: 'password.rejected', + status: 422, + }); + + await deleteDefaultTenantUser(user.id); + }); + it('should be able to update password', async () => { const { user, username, password } = await createDefaultTenantUserWithPassword(); const api = await signInAndGetUserApi(username, password);