diff --git a/config.ini b/config.ini index c92233e8..f44a8ef2 100644 --- a/config.ini +++ b/config.ini @@ -5,3 +5,8 @@ name = booru-dev [security] secret = change +minPasswordLength = 5 + +[users] +minUserNameLength = 1 +maxUserNameLength = 32 diff --git a/src/Controllers/AuthController.php b/src/Controllers/AuthController.php index 33ccb785..a381401b 100644 --- a/src/Controllers/AuthController.php +++ b/src/Controllers/AuthController.php @@ -4,15 +4,20 @@ namespace Szurubooru\Controllers; final class AuthController extends AbstractController { private $authService; + private $userService; + private $passwordService; private $inputReader; public function __construct( \Szurubooru\Services\AuthService $authService, + \Szurubooru\Services\UserService $userService, + \Szurubooru\Services\PasswordService $passwordService, \Szurubooru\Helpers\InputReader $inputReader) { $this->authService = $authService; + $this->userService = $userService; + $this->passwordService = $passwordService; $this->inputReader = $inputReader; - } public function registerRoutes(\Szurubooru\Router $router) @@ -25,10 +30,8 @@ final class AuthController extends AbstractController { if (isset($this->inputReader->userName) and isset($this->inputReader->password)) { - if (!$this->inputReader->userName) - throw new \DomainException('User name cannot be empty.'); - else if (!$this->inputReader->password) - throw new \DomainException('Password cannot be empty.'); + $this->userService->validateUserName($this->inputReader->userName); + $this->passwordService->validatePassword($this->inputReader->password); $this->authService->loginFromCredentials($this->inputReader->userName, $this->inputReader->password); } diff --git a/src/Controllers/UserController.php b/src/Controllers/UserController.php index 15d3ea43..4b0f59cd 100644 --- a/src/Controllers/UserController.php +++ b/src/Controllers/UserController.php @@ -4,10 +4,17 @@ namespace Szurubooru\Controllers; final class UserController extends AbstractController { private $userService; + private $passwordService; + private $inputReader; - public function __construct(\Szurubooru\Services\UserService $userService) + public function __construct( + \Szurubooru\Services\UserService $userService, + \Szurubooru\Services\PasswordService $passwordService, + \Szurubooru\Helpers\InputReader $inputReader) { + $this->inputReader = $inputReader; $this->userService = $userService; + $this->passwordService = $passwordService; } public function registerRoutes(\Szurubooru\Router $router) @@ -21,6 +28,9 @@ final class UserController extends AbstractController public function create() { + $this->userService->validateUserName($this->inputReader->userName); + $this->passwordService->validatePassword($this->inputReader->password); + throw new \BadMethodCallException('Not implemented'); } diff --git a/src/Services/PasswordService.php b/src/Services/PasswordService.php index fdbf6b7e..34576994 100644 --- a/src/Services/PasswordService.php +++ b/src/Services/PasswordService.php @@ -10,6 +10,24 @@ class PasswordService $this->config = $config; } + public function validatePassword($password) + { + if (!$password) + throw new \DomainException('Password cannot be empty.'); + + $minPasswordLength = intval($this->config->security->minPasswordLength); + if (strlen($password) < $minPasswordLength) + throw new \DomainException('Password must have at least ' . $minPasswordLength . ' character(s).'); + + if (preg_match('/[^\x20-\x7f]/', $password)) + { + throw new \DomainException( + 'Password should contain only characters from ASCII range to avoid potential problems with encoding.'); + } + + return true; + } + public function getHash($password) { return hash('sha256', $this->config->security->secret . '/' . $password); diff --git a/src/Services/UserService.php b/src/Services/UserService.php index d235aaf9..9e4951d7 100644 --- a/src/Services/UserService.php +++ b/src/Services/UserService.php @@ -4,10 +4,14 @@ namespace Szurubooru\Services; class UserService { private $userDao; + private $config; - public function __construct(\Szurubooru\Dao\UserDao $userDao) + public function __construct( + \Szurubooru\Dao\UserDao $userDao, + \Szurubooru\Config $config) { $this->userDao = $userDao; + $this->config = $config; } public function getById($userId) @@ -25,6 +29,19 @@ class UserService return $this->userDao->save($user); } + public function validateUserName($userName) + { + if (!$userName) + throw new \DomainException('User name cannot be empty.'); + + $minUserNameLength = intval($this->config->users->minUserNameLength); + $maxUserNameLength = intval($this->config->users->maxserNameLength); + if (strlen($userName) < $minUserNameLength) + throw new \DomainException('User name must have at least ' . $minUserNameLength . ' character(s).'); + if (strlen($userName) < $maxUserNameLength) + throw new \DomainException('User name must have at most ' . $minUserNameLength . ' character(s).'); + } + public function getAnonymousUser() { $user = new \Szurubooru\Entities\User();