OpenSourceArk/Ghost
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved password validation into a library

Browse Source 
- This is super specific code relating only to validating passwords.
- It's needed as a shared validator as we use other funnels to help people setup Ghost on Pro, but currently it's hard-baked into Ghost
- It's also not the greatest code. It'd be nice to be able to rework it and know that would automatically update everywhere passwords are set
This commit is contained in:
Hannah Wolfe 2021-06-15 12:33:14 +01:00
parent d3cc85c920
commit 4e49aeb9a0
No known key found for this signature in database
GPG Key ID: 9F8C7532D0A6BA55
4 changed files with 10 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
core/server/data/validation/index.js
View File

@ -1,7 +1,4 @@
module.exports = {
validate: require('./validate'),
validator: require('./validator'),
// These two things are dependent on validator, not related
validatePassword: require('./password')
validator: require('./validator')
};

8
core/server/data/validation/password.js → core/server/lib/validate-password.js
View File

@ -1,10 +1,10 @@
const _ = require('lodash');
const validator = require('./validator');
const {validator} = require('../data/validation');
const tpl = require('@tryghost/tpl');
const settingsCache = require('../../services/settings/cache');
const urlUtils = require('../../../shared/url-utils');
const settingsCache = require('../services/settings/cache');
const urlUtils = require('../../shared/url-utils');
const messages = {
passwordDoesNotComplyLength: 'Your password must be at least {minLength} characters long.',
@ -50,7 +50,7 @@ function characterOccurance(stringToTest) {
* Returns false when validation fails and true for a valid password
* @param {String} password The password string to check.
* @param {String} email The users email address to validate agains password.
* @param {String} blogTitle Optional blogTitle value, when blog title is not set yet, e. g. in setup process.
* @param {String} [blogTitle] Optional blogTitle value, when blog title is not set yet, e. g. in setup process.
* @return {Object} example for returned validation Object:
* invalid password: `validationResult: {isValid: false, message: 'Sorry, you cannot use an insecure password.'}`
* valid password: `validationResult: {isValid: true}`

8
core/server/models/user.js
View File

@ -10,7 +10,7 @@ const errors = require('@tryghost/errors');
const security = require('@tryghost/security');
const {gravatar} = require('../lib/image');
const {pipeline} = require('@tryghost/promise');
const validation = require('../data/validation');
const validatePassword = require('../lib/validate-password');
const permissions = require('../services/permissions');
const urlUtils = require('../../shared/url-utils');
const activeStates = ['active', 'warn-1', 'warn-2', 'warn-3', 'warn-4'];
@ -225,8 +225,8 @@ User = ghostBookshelf.Model.extend({
this.set('status', 'locked');
}
} else {
// CASE: we're not importing data, run the validations
passwordValidation = validation.validatePassword(this.get('password'), this.get('email'));
// CASE: we're not importing data, validate the data
passwordValidation = validatePassword(this.get('password'), this.get('email'));
if (!passwordValidation.isValid) {
return Promise.reject(new errors.ValidationError({
@ -634,7 +634,7 @@ User = ghostBookshelf.Model.extend({
const userData = this.filterData(data);
let passwordValidation = {};
passwordValidation = validation.validatePassword(userData.password, userData.email, data.blogTitle);
passwordValidation = validatePassword(userData.password, userData.email, data.blogTitle);
if (!passwordValidation.isValid) {
return Promise.reject(new errors.ValidationError({

3
test/unit/data/validation/index_spec.js
View File

@ -8,11 +8,10 @@ describe('Validation', function () {
should.exist(validation);
validation.should.have.properties(
['validate', 'validator', 'validatePassword']
['validate', 'validator']
);
validation.validate.should.be.a.Function();
validation.validatePassword.should.be.a.Function();
validation.validator.should.have.properties(['empty', 'notContains', 'isTimezone', 'isEmptyOrURL', 'isSlug']);
});