shield icon indicating copy to clipboard operation
shield copied to clipboard
verified publisher icon codeigniter4

fix: `strong_password` rule fails when the personal field contains an integer value.

Open warcooft opened this issue 1 year ago • 3 comments

Description

strong_password rule fails when the personal field contains an integer value. so, we must convert the personal field's data type to a string. See https://github.com/codeigniter4/shield/issues/1171#issuecomment-2309437552

Screenshot 2024-08-26 at 13 45 08

Checklist:

  • [x] Securely signed commits
  • [ ] Component(s) with PHPDoc blocks, only if necessary or adds value
  • [ ] Unit testing, with >80% coverage
  • [ ] User guide updated
  • [x] Conforms to style guide

warcooft avatar Aug 26 '24 07:08 warcooft

@warcooft Thank you for submitting the PR. Could you please provide a step-by-step explanation of how to reproduce the issue?

I was unable to reproduce the issue for the value employee_id, which is an number.

    public array $personalFields = [
        //'f_name',
        'employee_id'
    ];

Data of Table "users":

+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+-------------+
| id | username | status | status_message | active | last_active | created_at         | updated_at         | deleted_at | employee_id |
+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+-------------+
| 6  | datamweb |        |                | 1      |             | 2024-08-26 20:4... | 2024-08-26 20:4... |            | 30303030    |
+----+----------+--------+----------------+--------+-------------+--------------------+--------------------+------------+-------------+

datamweb avatar Aug 26 '24 20:08 datamweb

Step to Reproduce

make sure field employee_id set data type to INT or TINYINT

$fields = [
    'employee_id' => ['type' => 'TINYINT', 'default' => 1],
];

Login first! then add this to your controller.

  public function index()
  {
        //login first
        $data = [
            'password'      => '12345678Aa',
            'password_confirm' => '12345678Aa',
            'old_password' => 'P@ssw0rd' //change this with your password
        ];

        if (!$this->validateData($data, $this->getValidationRules())) {
            dd($this->validator->getErrors());
        }

        $result = auth()->check([
            'email'    => auth()->user()->email,
            'password' => $data['old_password'],
        ]);

        if (!$result->isOK()) {
            // wrong password
            dd('wrong password');
        }

        // Success!
        $users = auth()->getProvider();

        $user = auth()->user()->fill([
            'password' => $data['password']
        ]);

        $users->save($user);
}

 protected function getValidationRules(): array
 {
        return setting('Validation.changePassword') ?? [
            'password' => [
                'label' => 'Auth.password',
                'rules' => 'required|strong_password',
            ],
            'password_confirm' => [
                'label' => 'Auth.passwordConfirm',
                'rules' => 'required|matches[password]',
            ],
        ];
  }

the error seems to arise from the strong_password rule.

warcooft avatar Aug 26 '24 21:08 warcooft

[!IMPORTANT] We expect all code changes or bug-fixes to be accompanied by one or more tests added to our test suite to prove the code works.

First, please write test code that reproduces the error. And add a commit to fix the error. Then, the test should pass, and it proves the error is surely fixed.

kenjis avatar Aug 26 '24 23:08 kenjis