Infrastructure/logto
0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-30 20:33:54 -05:00
Code Issues Activity

feat(core): check password policy before changing password (#6649)

Browse source
This commit is contained in:
wangsijie 2024-10-10 07:55:47 +08:00 committed by GitHub
parent e3be97b528
commit 72a57e23cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 20 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
packages/core/src/routes/profile/index.ts
View file

@ -12,13 +12,15 @@ import {
verifyUserSensitivePermission, verifyUserSensitivePermission,
} from '../../libraries/verification.js'; } from '../../libraries/verification.js';
import assertThat from '../../utils/assert-that.js'; import assertThat from '../../utils/assert-that.js';
import { PasswordValidator } from '../experience/classes/libraries/password-validator.js';
import type { UserRouter, RouterInitArgs } from '../types.js'; import type { UserRouter, RouterInitArgs } from '../types.js';
export default function profileRoutes<T extends UserRouter>( export default function profileRoutes<T extends UserRouter>(
...[router, { queries, libraries }]: RouterInitArgs<T> ...[router, { queries, libraries }]: RouterInitArgs<T>
) { ) {
const { const {
users: { updateUserById }, users: { updateUserById, findUserById },
signInExperiences: { findDefaultSignInExperience },
} = queries; } = queries;
const { const {
@ -80,7 +82,10 @@ export default function profileRoutes<T extends UserRouter>(
const { id: userId } = ctx.auth; const { id: userId } = ctx.auth;
const { password, verificationRecordId } = ctx.guard.body; const { password, verificationRecordId } = ctx.guard.body;
// TODO(LOG-9947): apply password policy const user = await findUserById(userId);
const signInExperience = await findDefaultSignInExperience();
const passwordPolicyChecker = new PasswordValidator(signInExperience.passwordPolicy, user);
await passwordPolicyChecker.validatePassword(password, user);
await verifyUserSensitivePermission({ await verifyUserSensitivePermission({
userId, userId,

13
packages/integration-tests/src/tests/api/profile/index.test.ts
View file

@ -128,6 +128,19 @@ describe('profile', () => {
await deleteDefaultTenantUser(user.id); await deleteDefaultTenantUser(user.id);
}); });
it('should fail if password does not meet the password policy', async () => {
const { user, username, password } = await createDefaultTenantUserWithPassword();
const api = await signInAndGetUserApi(username, password);
const newPassword = '123456';
await expectRejects(updatePassword(api, 'invalid-varification-record-id', newPassword), {
code: 'password.rejected',
status: 422,
});
await deleteDefaultTenantUser(user.id);
});
it('should be able to update password', async () => { it('should be able to update password', async () => {
const { user, username, password } = await createDefaultTenantUserWithPassword(); const { user, username, password } = await createDefaultTenantUserWithPassword();
const api = await signInAndGetUserApi(username, password); const api = await signInAndGetUserApi(username, password);