From: Hypolite Petovan Date: Wed, 21 Mar 2018 05:33:35 +0000 (-0400) Subject: Add exposed password check to manual password change X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=ca1357025106a27a2a1ed55a46b33fac50244ef8;p=friendica.git Add exposed password check to manual password change --- diff --git a/mod/settings.php b/mod/settings.php index b66cad7f98..b39ee0b51f 100644 --- a/mod/settings.php +++ b/mod/settings.php @@ -390,6 +390,11 @@ function settings_post(App $a) $err = true; } + if (User::checkPasswordExposed($newpass)) { + notice(L10n::t('The new password has been exposed in a public data dump, please choose another.') . EOL); + $err = true; + } + // check if the old password was supplied correctly before changing it to the new value if (!User::authenticate(intval(local_user()), $_POST['opassword'])) { notice(L10n::t('Wrong password.') . EOL); diff --git a/src/Model/User.php b/src/Model/User.php index 702e815e60..331fdccb7f 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -5,6 +5,7 @@ */ namespace Friendica\Model; +use DivineOmega\PasswordExposed\PasswordStatus; use Friendica\Core\Addon; use Friendica\Core\Config; use Friendica\Core\L10n; @@ -22,6 +23,7 @@ use Friendica\Util\Network; use dba; use Exception; use LightOpenID; +use function password_exposed; require_once 'boot.php'; require_once 'include/dba.php'; @@ -101,7 +103,7 @@ class User * @param string $password * @return int|boolean * @deprecated since version 3.6 - * @see Friendica\Model\User::getIdFromPasswordAuthentication() + * @see User::getIdFromPasswordAuthentication() */ public static function authenticate($user_info, $password) { @@ -216,6 +218,17 @@ class User return autoname(6) . mt_rand(100, 9999); } + /** + * Checks if the provided plaintext password has been exposed or not + * + * @param string $password + * @return bool + */ + public static function checkPasswordExposed($password) + { + return password_exposed($password) === PasswordStatus::EXPOSED; + } + /** * Legacy hashing function, kept for password migration purposes *