replace pwned with uncompromised

jcergolj · Sep 21, 2021 · 947772f · 947772f
1 parent 928e71c
commit 947772f
Show file tree

Hide file tree

Showing 11 changed files with 93 additions and 138 deletions.
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -13,6 +13,8 @@ class AppServiceProvider extends ServiceProvider
      */
     public const OWNER_FIELD = 'owner_id';
 
+    public const MIN_PASSWORD_LENGTH = 8;
+
     /**
      * Register any application services.
      *

diff --git a/app/Rules/PasswordRule.php b/app/Rules/PasswordRule.php
@@ -2,8 +2,10 @@
 
 namespace App\Rules;
 
+use App\Providers\AppServiceProvider;
 use Illuminate\Contracts\Validation\ImplicitRule;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\Validation\ValidationException;
 
 class PasswordRule implements ImplicitRule
@@ -39,7 +41,7 @@ public function passes($attribute, $value)
             $attribute => $value,
             $attribute.'_confirmation' => $this->confirmationValue,
         ], [
-            $attribute => ['required', 'min:8', 'confirmed', 'pwned'],
+            $attribute => ['required', 'confirmed', Password::min(AppServiceProvider::MIN_PASSWORD_LENGTH)->uncompromised()],
         ]);
 
         try {

diff --git a/composer.json b/composer.json
@@ -17,8 +17,7 @@
         "laravel/framework": "^8.0",
         "laravel/ui": "^3.0",
         "livewire/livewire": "^2.0",
-        "predis/predis": "^1.1",
-        "valorin/pwned-validator": "^1.3"
+        "predis/predis": "^1.1"
     },
     "require-dev": {
         "barryvdh/laravel-debugbar": "^3.5",

diff --git a/composer.lock b/composer.lock
diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
@@ -117,7 +117,7 @@
     'url' => 'The :attribute format is invalid.',
     'uuid' => 'The :attribute must be a valid UUID.',
     'password_check' => 'The :attribute value is invalid.',
-    'pwned' => 'Your password is insufficiently secure as it has been found in known password breaches, please choose a unique one.',
+    'uncompromised' => 'Your password is insufficiently secure as it has been found in known password breaches, please choose a unique one.',
 
     /*
     |--------------------------------------------------------------------------

diff --git a/tests/Feature/Http/Controllers/Auth/ResetPasswordControllerTest.php b/tests/Feature/Http/Controllers/Auth/ResetPasswordControllerTest.php
@@ -7,19 +7,21 @@
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Http\Response;
 use Illuminate\Support\Facades\Hash;
-use Tests\HasPwnedMock;
 use Tests\TestCase;
 
 /** @see \App\Http\Controllers\Auth\ResetPasswordController */
 class ResetPasswordControllerTest extends TestCase
 {
-    use RefreshDatabase, HasPwnedMock;
+    use RefreshDatabase;
+
+    /** @var string */
+    private $password;
 
     public function setUp() : void
     {
         parent::setUp();
 
-        $this->mockPwned();
+        $this->password = password_generator();
     }
 
     /** @test */
@@ -44,13 +46,13 @@ public function user_with_valid_token_can_reset_his_password()
         $response = $this->post('password/reset', [
             'token' => $token,
             'email' => '[email protected]',
-            'password' => 'new-password',
-            'password_confirmation' => 'new-password',
+            'password' => $this->password,
+            'password_confirmation' => $this->password,
         ]);
 
         $response->assertRedirect(route('home.index'));
 
-        $this->assertTrue(Hash::check('new-password', $user->fresh()->password));
+        $this->assertTrue(Hash::check($this->password, $user->fresh()->password));
 
         $this->assertAuthenticatedAs($user);
     }
@@ -123,7 +125,7 @@ public function clientFormValidationProvider()
             'Test email is required' => ['email', ''],
             'Test email is valid' => ['email', 'not-an-email'],
             'Test password is required' => ['password', ''],
-            'Test password must be greater than 7' => ['password', '1234567'],
+            'Test password must be greater than 7' => ['password', too_short_password()],
         ];
     }
 
@@ -136,8 +138,8 @@ public function password_must_be_confirmed()
         ]);
 
         $validParams = $this->validParams($user, [
-            'password' => 'password',
-            'password_confirmation' => 'non-matching-password',
+            'password' => $this->password,
+            'password_confirmation' => $this->password.'-non-matching-password',
         ]);
 
         $response = $this->from(route('password.reset', ['token' => $validParams['token']]))
@@ -151,18 +153,16 @@ public function password_must_be_confirmed()
     }
 
     /** @test */
-    public function password_must_not_be_pwned()
+    public function password_must_uncompromised()
     {
-        $this->mockPwned(false);
-
         $user = UserFactory::new()->create([
             'email' => '[email protected]',
-            'password' => bcrypt('password'),
+            'password' => bcrypt('old-password'),
         ]);
 
         $validParams = $this->validParams($user, [
-            'password' => 'new-password',
-            'password_confirmation' => 'new-password',
+            'password' => 'password',
+            'password_confirmation' => 'password',
         ]);
 
         $response = $this->from(route('password.reset', ['token' => $validParams['token']]))
@@ -171,7 +171,7 @@ public function password_must_not_be_pwned()
         $response->assertRedirect(route('password.reset', ['token' => $validParams['token']]))
             ->assertInvalid('password');
 
-        $this->assertTrue(Hash::check('password', $user->fresh()->password));
+        $this->assertTrue(Hash::check('old-password', $user->fresh()->password));
         $this->assertGuest();
     }
 
@@ -194,8 +194,8 @@ private function validParams($user, $overrides = [])
         return array_merge([
             'token' => $token,
             'email' => '[email protected]',
-            'password' => 'new-password',
-            'password_confirmation' => 'new-password',
+            'password' => $this->password,
+            'password_confirmation' => $this->password,
         ], $overrides);
     }
 }
diff --git a/tests/Feature/Http/Livewire/AcceptedInvitationComponentTest.php b/tests/Feature/Http/Livewire/AcceptedInvitationComponentTest.php
@@ -13,26 +13,28 @@
 use Illuminate\Support\Facades\Hash;
 use Livewire\Livewire;
 use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
-use Tests\HasPwnedMock;
 use Tests\TestCase;
 
 /** @see \App\Http\Livewire\AcceptedInvitationComponent */
 class AcceptedInvitationComponentTest extends TestCase
 {
-    use RefreshDatabase, HasPwnedMock;
+    use RefreshDatabase;
 
     /** @var \App\Models\User */
     private $user;
 
+    /** @var string */
+    private $password;
+
     public function setUp() : void
     {
         parent::setUp();
 
+        $this->password = password_generator();
+
         $this->user = UserFactory::new()->create([
             'password' => null,
         ]);
-
-        $this->mockPwned();
     }
 
     /** @test */
@@ -60,12 +62,12 @@ public function user_can_set_up_new_password()
     {
         $request = $this->buildRequest($this->user);
         Livewire::test(AcceptedInvitationComponent::class, ['request' => $request, 'user' => $this->user])
-            ->set('newPassword', 'new-password')
-            ->set('newPasswordConfirmation', 'new-password')
+            ->set('newPassword', $this->password)
+            ->set('newPasswordConfirmation', $this->password)
             ->call('submit')
             ->assertRedirect(route('home.index'));
 
-        $this->assertTrue(Hash::check('new-password', $this->user->fresh()->password));
+        $this->assertTrue(Hash::check($this->password, $this->user->fresh()->password));
     }
 
     /**
@@ -87,7 +89,7 @@ public function clientFormValidationProvider()
     {
         return [
             'Test new password is required' => ['newPassword', '', 'app\_rules\_password_rule'],
-            'Test password must be greater than 7' => ['newPassword', '1234567', 'app\_rules\_password_rule'],
+            'Test password must be greater than 7' => ['newPassword', too_short_password(), 'app\_rules\_password_rule'],
         ];
     }
 
@@ -96,23 +98,21 @@ public function password_must_be_confirmed()
     {
         $request = $this->buildRequest($this->user);
         Livewire::test(AcceptedInvitationComponent::class, ['request' => $request, 'user' => $this->user])
-            ->set('newPassword', 'new-password')
-            ->set('newPasswordConfirmation', 'invalid-password')
+            ->set('newPassword', $this->password)
+            ->set('newPasswordConfirmation', $this->password.'invalid-password')
             ->call('submit')
             ->assertHasErrors(['newPassword' => 'app\_rules\_password_rule']);
 
         $this->assertNull($this->user->fresh()->password);
     }
 
     /** @test */
-    public function password_must_be_not_be_pwned()
+    public function password_must_be_uncompromised()
     {
-        $this->mockPwned(false);
-
         $request = $this->buildRequest($this->user);
         Livewire::test(AcceptedInvitationComponent::class, ['request' => $request, 'user' => $this->user])
             ->set('newPassword', 'new-password')
-            ->set('newPasswordConfirmation', 'invalid-password')
+            ->set('newPasswordConfirmation', 'new-password')
             ->call('submit')
             ->assertHasErrors(['newPassword' => 'app\_rules\_password_rule']);
-Original file line number
+Diff line change
@@ Expand Up / @@ -13,6 +13,8 @@ class AppServiceProvider extends ServiceProvider @@
          */
         public const OWNER_FIELD = 'owner_id';
+        public const MIN_PASSWORD_LENGTH = 8;
         /**
          * Register any application services.
          *
@@ Expand Down @@