PasswordStrength.php
79 lines
| 1 | <?php |
| 2 | |
| 3 | /** |
| 4 | * Matomo - free/libre analytics platform |
| 5 | * |
| 6 | * @link https://matomo.org |
| 7 | * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later |
| 8 | */ |
| 9 | namespace Piwik\Auth; |
| 10 | |
| 11 | use Piwik\Piwik; |
| 12 | /** |
| 13 | * Main class to handle actions related to password strength rules and verification of |
| 14 | * those rules. |
| 15 | * |
| 16 | * @api |
| 17 | */ |
| 18 | class PasswordStrength |
| 19 | { |
| 20 | /** @var bool */ |
| 21 | private $enabled; |
| 22 | public function __construct(bool $featureEnabled) |
| 23 | { |
| 24 | $this->enabled = $featureEnabled; |
| 25 | } |
| 26 | /** |
| 27 | * Provides the rules for defining a strong password. Rules are |
| 28 | * broken up into a regular expression which is applied to a password candidate, |
| 29 | * and a string which describes what the rule is testing for. |
| 30 | * |
| 31 | * @return array of rules to test password candidates against. |
| 32 | */ |
| 33 | public function getRules() : array |
| 34 | { |
| 35 | if (!$this->enabled) { |
| 36 | return []; |
| 37 | } |
| 38 | return [['validationRegex' => '/^.{12,}$/', 'ruleText' => Piwik::translate('General_PasswordStrengthValidationLength')], ['validationRegex' => '/^.*[a-z].*$/', 'ruleText' => Piwik::translate('General_PasswordStrengthValidationLowercase')], ['validationRegex' => '/^.*[A-Z].*$/', 'ruleText' => Piwik::translate('General_PasswordStrengthValidationUppercase')], ['validationRegex' => '/^.*[0-9].*$/', 'ruleText' => Piwik::translate('General_PasswordStrengthValidationNumber')], ['validationRegex' => '/^.*[!\\"#$%&\\\'(\\\\)*+,\\-.\\/:;<=>?@[\\]^_\\`{\\|}\\~].*$/', 'ruleText' => Piwik::translate('General_PasswordStrengthValidationSpecialChar')]]; |
| 39 | } |
| 40 | /** |
| 41 | * Determines which rules a password candidate breaks with regards to |
| 42 | * password strength. |
| 43 | * |
| 44 | * @param string $candidate The password candidate to be tested. |
| 45 | * @return array of rules which the password breaks. |
| 46 | */ |
| 47 | public function validatePasswordStrength(string $candidate) : array |
| 48 | { |
| 49 | if (!$this->enabled) { |
| 50 | return []; |
| 51 | } |
| 52 | $brokenRules = []; |
| 53 | foreach ($this->getRules() as $rule) { |
| 54 | if (!preg_match($rule['validationRegex'], $candidate)) { |
| 55 | $brokenRules[] = $rule['ruleText']; |
| 56 | } |
| 57 | } |
| 58 | return $brokenRules; |
| 59 | } |
| 60 | public function formatValidationFailedMessage(array $brokenRules) : string |
| 61 | { |
| 62 | if (!$this->enabled || empty($brokenRules)) { |
| 63 | return ''; |
| 64 | } |
| 65 | $concatenatedRules = implode(', ', array_map('lcfirst', $brokenRules)); |
| 66 | return Piwik::translate('General_PasswordStrengthValidationFailed', $concatenatedRules); |
| 67 | } |
| 68 | public function getRulesAsHtmlList() : string |
| 69 | { |
| 70 | $list = ''; |
| 71 | $rules = $this->getRules(); |
| 72 | foreach ($rules as $rule) { |
| 73 | $ruleText = $rule['ruleText']; |
| 74 | $list .= "<li>{$ruleText}</li>"; |
| 75 | } |
| 76 | return "<ul class='browser-default'>{$list}</ul>"; |
| 77 | } |
| 78 | } |
| 79 |