PageRenderTime 42ms CodeModel.GetById 14ms RepoModel.GetById 1ms app.codeStats 0ms

/protected/vendor/nenad/yii2-password-strength/StrengthValidator.php

https://gitlab.com/I-NOZex/quiz
PHP | 388 lines | 222 code | 45 blank | 121 comment | 31 complexity | dc0aafa98159f4cebbd6d0bf798b60fe MD5 | raw file
    

  1. <?php
    2. 

  2. namespace nenad\passwordStrength;
    3. 

  3. 

  4. use yii\base\InvalidConfigException;
    5. 

  5. use yii\helpers\Html;
    6. 

  6. use yii\helpers\Json;
    7. 

  7. use Yii;
    8. 

  8. 

  9. /**
    10. 

  10.  * StrengthValidator validates if the attribute value matches a specified
    11. 

  11.  * set of password strength rules. It builds over the Yii StringValidator.
    12. 

  12.  */
    13. 

  13. class StrengthValidator extends \yii\validators\Validator
    14. 

  14. {
    15. 

  15.     //-- The valid preset constants --//
    16. 

  16. 

  17.     const SIMPLE = 'simple';
    18. 

  18.     const NORMAL = 'normal';
    19. 

  19.     const FAIR   = 'fair';
    20. 

  20.     const MEDIUM = 'medium';
    21. 

  21.     const STRONG = 'strong';
    22. 

  22.     const RESET  = 'reset'; // used for password reset
    23. 

  23. 

  24.     //-- The available rule constants --//
    25. 

  25.     const RULE_MIN   = 'min';
    26. 

  26.     const RULE_MAX   = 'max';
    27. 

  27.     const RULE_LEN   = 'length';
    28. 

  28.     const RULE_USER  = 'hasUser';
    29. 

  29.     const RULE_EMAIL = 'hasEmail';
    30. 

  30.     const RULE_LOW   = 'lower';
    31. 

  31.     const RULE_UP    = 'upper';
    32. 

  32.     const RULE_NUM   = 'digit';
    33. 

  33.     const RULE_SPL   = 'special';
    34. 

  34. 

  35.     /**
    36. 

  36.      * @var boolean check whether password contains the username
    37. 

  37.      */
    38. 

  38.     public $hasUser = true;
    39. 

  39. 

  40.     /**
    41. 

  41.      * @var boolean check whether password contains an email string
    42. 

  42.      */
    43. 

  43.     public $hasEmail = true;
    44. 

  44. 

  45.     /**
    46. 

  46.      * @var int minimum number of characters. If not set, defaults to 4.
    47. 

  47.      */
    48. 

  48.     public $min = 4;
    49. 

  49. 

  50.     /**
    51. 

  51.      * @var int maximum length. If not set, it means no maximum length limit.
    52. 

  52.      */
    53. 

  53.     public $max;
    54. 

  54. 

  55.     /**
    56. 

  56.      * @var int specifies the exact length that the value should be of
    57. 

  57.      */
    58. 

  58.     public $length;
    59. 

  59. 

  60.     /**
    61. 

  61.      * @var int minimal number of lower case characters
    62. 

  62.      */
    63. 

  63.     public $lower = 2;
    64. 

  64. 

  65.     /**
    66. 

  66.      * @var int minimal number of upper case characters
    67. 

  67.      */
    68. 

  68.     public $upper = 2;
    69. 

  69. 

  70.     /**
    71. 

  71.      * @var int  minimal number of numeric digit characters
    72. 

  72.      */
    73. 

  73.     public $digit = 2;
    74. 

  74. 

  75.     /**
    76. 

  76.      * @var int minimal number of special characters
    77. 

  77.      */
    78. 

  78.     public $special = 2;
    79. 

  79. 

  80.     /**
    81. 

  81.      * @var string the name of the username attribute
    82. 

  82.      */
    83. 

  83.     public $userAttribute = 'username';
    84. 

  84. 

  85.     /**
    86. 

  86.      * @var string user-defined error message used when the value is not a string
    87. 

  87.      */
    88. 

  88.     public $strError;
    89. 

  89. 

  90.     /**
    91. 

  91.      * @var string user-defined error message used when the length of the value is smaller than [[min]].
    92. 

  92.      */
    93. 

  93.     public $minError;
    94. 

  94. 

  95.     /**
    96. 

  96.      * @var string user-defined error message used when the length of the value is greater than [[max]].
    97. 

  97.      */
    98. 

  98.     public $maxError;
    99. 

  99. 

  100.     /**
    101. 

  101.      * @var string user-defined error message used when the length of the value is not equal to [[length]].
    102. 

  102.      */
    103. 

  103.     public $lengthError;
    104. 

  104. 

  105.     /**
    106. 

  106.      * @var string user-defined error message used when [[hasUser]] is true and value contains the username
    107. 

  107.      */
    108. 

  108.     public $hasUserError;
    109. 

  109. 

  110.     /**
    111. 

  111.      * @var string user-defined error message used [[hasEmail]] is true and value contains an email
    112. 

  112.      */
    113. 

  113.     public $hasEmailError;
    114. 

  114. 

  115.     /**
    116. 

  116.      * @var string user-defined error message used when value contains less than [[lower]] characters
    117. 

  117.      */
    118. 

  118.     public $lowerError;
    119. 

  119. 

  120.     /**
    121. 

  121.      * @var string user-defined error message used when value contains less than [[upper]] characters
    122. 

  122.      */
    123. 

  123.     public $upperError;
    124. 

  124. 

  125.     /**
    126. 

  126.      * @var string user-defined error message used when value contains less than [[digit]] characters
    127. 

  127.      */
    128. 

  128.     public $digitError;
    129. 

  129. 

  130.     /**
    131. 

  131.      * @var string user-defined error message used when value contains more than [[special]] characters
    132. 

  132.      */
    133. 

  133.     public $specialError;
    134. 

  134. 

  135.     /**
    136. 

  136.      * @var string preset - one of the preset constants,
    137. 

  137.      * @see $_presets
    138. 

  138.      * If this is not null, the preset parameters will override
    139. 

  139.      * the validator level params
    140. 

  140.      */
    141. 

  141.     public $preset;
    142. 

  142. 

  143.     /**
    144. 

  144.      * @var string presets configuration source file
    145. 

  145.      * defaults to [[presets.php]] in the current directory
    146. 

  146.      */
    147. 

  147.     public $presetsSource;
    148. 

  148. 

  149.     /**
    150. 

  150.      * @var array the target strength rule requirements that will
    151. 

  151.      * be evaluated for displaying the strength meter
    152. 

  152.      */
    153. 

  153.     public $strengthTarget = [
    154. 

  154.         'min' => 8,
    155. 

  155.         'lower' => 3,
    156. 

  156.         'upper' => 3,
    157. 

  157.         'digit' => 3,
    158. 

  158.         'special' => 3,
    159. 

  159.     ];
    160. 

  160. 

  161.     /**
    162. 

  162.      * @var array the the internalization configuration for this widget
    163. 

  163.      */
    164. 

  164.     public $i18n = [];
    165. 

  165. 

  166.     /**
    167. 

  167.      * @var array the list of inbuilt presets and their parameter settings
    168. 

  168.      */
    169. 

  169.     private $_presets;
    170. 

  170. 

  171.     /**
    172. 

  172.       * @var array the default rule settings
    173. 

  173.     */
    174. 

  174.     private static $_rules = [
    175. 

  175. 

  176.         self::RULE_MIN => [
    177. 

  177.             'msg' => '{attribute} should contain at least {n, plural, one{one character} other{# characters}} ({found} found)!',
    178. 

  178.             'int' => true
    179. 

  179.         ],
    180. 

  180. 

  181.         self::RULE_MAX => [
    182. 

  182.             'msg' => '{attribute} should contain at most {n, plural, one{one character} other{# characters}} ({found} found)!',
    183. 

  183.             'int' => true
    184. 

  184.         ],
    185. 

  185. 

  186.         self::RULE_LEN => [
    187. 

  187.             'msg' => '{attribute} should contain exactly {n, plural, one{one character} other{# characters}} ({found} found)!',
    188. 

  188.             'int' => true
    189. 

  189.         ],
    190. 

  190. 

  191.         self::RULE_USER => [
    192. 

  192.             'msg' => '{attribute} cannot contain the username',
    193. 

  193.             'bool' => true
    194. 

  194.         ],
    195. 

  195. 

  196.         self::RULE_EMAIL => [
    197. 

  197.             'msg' => '{attribute} cannot contain an email address',
    198. 

  198.             'match' => '/^([\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+\.)*[\w\!\#$\%\&\'\*\+\-\/\=\?\^\`{\|\}\~]+@((((([a-z0-9]{1}[a-z0-9\-]{0,62}[a-z0-9]{1})|[a-z])\.)+[a-z]{2,6})|(\d{1,3}\.){3}\d{1,3}(\:\d{1,5})?)$/i',
    199. 

  199.             'bool' => true
    200. 

  200.         ],
    201. 

  201. 

  202.         self::RULE_LOW => [
    203. 

  203.             'msg' => '{attribute} should contain at least {n, plural, one{one lower case character} other{# lower case characters}} ({found} found)!',
    204. 

  204.             'match' => '![a-z]!',
    205. 

  205.             'int' => true
    206. 

  206.         ],
    207. 

  207. 

  208.         self::RULE_UP => [
    209. 

  209.             'msg' => '{attribute} should contain at least {n, plural, one{one upper case character} other{# upper case characters}} ({found} found)!',
    210. 

  210.             'match' => '![A-Z]!',
    211. 

  211.             'int' => true
    212. 

  212.         ],
    213. 

  213. 

  214.         self::RULE_NUM => [
    215. 

  215.             'msg' => '{attribute} should contain at least {n, plural, one{one numeric character} other{# numeric characters}} ({found} found)!',
    216. 

  216.             'match' => '![\d]!',
    217. 

  217.             'int' => true
    218. 

  218.         ],
    219. 

  219. 

  220.         self::RULE_SPL => [
    221. 

  221.             'msg' => '{attribute} should contain at least {n, plural, one{one special character} other{# special characters}} ({found} found)!',
    222. 

  222.             'match' => '![\W]!',
    223. 

  223.             'int' => true
    224. 

  224.         ]
    225. 

  225.     ];
    226. 

  226. 

  227.     /**
    228. 

  228.      * Initialize the validator component
    229. 

  229.      */
    230. 

  230.     public function init()
    231. 

  231.     {
    232. 

  232.         parent::init();
    233. 

  233.         Yii::setAlias('@pwdstrength', dirname(__FILE__));
    234. 

  234.         if (empty($this->i18n)) {
    235. 

  235.             $this->i18n = [
    236. 

  236.                 'class' => 'yii\i18n\PhpMessageSource',
    237. 

  237.                 'basePath' => '@pwdstrength/messages'
    238. 

  238.             ];
    239. 

  239.         }
    240. 

  240.         Yii::$app->i18n->translations['pwdstrength'] = $this->i18n;
    241. 

  241.         $this->applyPreset();
    242. 

  242.         $this->checkParams();
    243. 

  243.         $this->setRuleMessages();
    244. 

  244.     }
    245. 

  245. 

  246.     /**
    247. 

  247.      * Sets the rule message for each rule
    248. 

  248.      */
    249. 

  249.     protected function setRuleMessages()
    250. 

  250.     {
    251. 

  251.         if ($this->strError === null) {
    252. 

  252.             $this->strError = Yii::t('pwdstrength', '{attribute} must be a string');
    253. 

  253.         }
    254. 

  254.         foreach (self::$_rules as $rule => $setup) {
    255. 

  255.             $param = "{$rule}Error";
    256. 

  256.             if ($this->$rule !== null) {
    257. 

  257.                 $message = (!isset($this->$param) || $this->$param === null) ? $setup['msg'] : $this->$param;
    258. 

  258.                 $this->$param = Yii::t('pwdstrength', $message, ['n' => $this->$rule]);
    259. 

  259.             }
    260. 

  260.         }
    261. 

  261.     }
    262. 

  262. 

  263.     /**
    264. 

  264.      * Apply preset parameter if set
    265. 

  265.      *
    266. 

  266.      * @return void
    267. 

  267.      * @throws InvalidConfigException if [[preset]] value is invalid.
    268. 

  268.      */
    269. 

  269.     protected function applyPreset()
    270. 

  270.     {
    271. 

  271.         if (!isset($this->preset)) {
    272. 

  272.             return;
    273. 

  273.         }
    274. 

  274.         if (!isset($this->presetsSource)) {
    275. 

  275.             $this->presetsSource = __DIR__ . '/presets.php';
    276. 

  276.         }
    277. 

  277.         $this->_presets = require($this->presetsSource);
    278. 

  278.         if (array_key_exists($this->preset, $this->_presets)) {
    279. 

  279.             foreach ($this->_presets[$this->preset] As $param => $value) {
    280. 

  280.                 $this->$param = $value;
    281. 

  281.             }
    282. 

  282.         } else {
    283. 

  283.             throw new InvalidConfigException("Invalid preset '{$this->preset}'.");
    284. 

  284.         }
    285. 

  285.     }
    286. 

  286. 

  287.     /**
    288. 

  288.      * Validates the provided parameters for valid data type
    289. 

  289.      * and the right threshold for 'max' chars.
    290. 

  290.      *
    291. 

  291.      * @throws InvalidConfigException if validation is invalid
    292. 

  292.      */
    293. 

  293.     protected function checkParams()
    294. 

  294.     {
    295. 

  295.         foreach (self::$_rules as $rule => $setup) {
    296. 

  296.             if (isset($this->$rule) && !empty($setup['int']) && $setup['int'] &&
    297. 

  297.                 (!is_int($this->$rule) || $this->$rule < 0)
    298. 

  298.             ) {
    299. 

  299.                 throw new InvalidConfigException("The property '{$rule}' must be a positive integer.");
    300. 

  300.             }
    301. 

  301.             if (isset($this->$rule) && !empty($setup['bool']) && $setup['bool'] &&
    302. 

  302.                 !is_bool($this->$rule)
    303. 

  303.             ) {
    304. 

  304.                 throw new InvalidConfigException("The property '{$rule}' must be either true or false.");
    305. 

  305.             }
    306. 

  306.         }
    307. 

  307.         if (isset($this->max)) {
    308. 

  308.             $chars = $this->lower + $this->upper + $this->digit + $this->special;
    309. 

  309.             if ($chars > $this->max) {
    310. 

  310.                 throw new InvalidConfigException("Total number of required characters {$chars} is greater than maximum allowed {$this->max}. Validation is impossible!");
    311. 

  311.             }
    312. 

  312.         }
    313. 

  313.     }
    314. 

  314. 

  315.     /**
    316. 

  316.      * Validation of the attribute
    317. 

  317.      *
    318. 

  318.      * @param Model $object
    319. 

  319.      * @param string $attribute
    320. 

  320.      */
    321. 

  321.     public function validateAttribute($object, $attribute)
    322. 

  322.     {
    323. 

  323.         $value = $object->$attribute;
    324. 

  324.         if (!is_string($value)) {
    325. 

  325.             $this->addError($object, $attribute, $this->strError);
    326. 

  326.             return;
    327. 

  327.         }
    328. 

  328.         $label = $object->getAttributeLabel($attribute);
    329. 

  329.         $username = $object[$this->userAttribute];
    330. 

  330.         $temp = [];
    331. 

  331.         foreach (self::$_rules as $rule => $setup) {
    332. 

  332.             $param = "{$rule}Error";
    333. 

  333.             if ($rule === self::RULE_USER && $this->hasUser && strpos($value, $username) > 0) {
    334. 

  334.                 $this->addError($object, $attribute, $this->$param, ['attribute' => $label]);
    335. 

  335.             } elseif ($rule === self::RULE_EMAIL && $this->hasEmail && preg_match($setup['match'], $value, $matches)) {
    336. 

  336.                 $this->addError($object, $attribute, $this->$param, ['attribute' => $label]);
    337. 

  337.             } elseif (!empty($setup['match']) && $rule !== self::RULE_EMAIL && $rule !== self::RULE_USER) {
    338. 

  338.                 $count = preg_match_all($setup['match'], $value, $temp);
    339. 

  339.                 if ($count < $this->$rule) {
    340. 

  340.                     $this->addError($object, $attribute, $this->$param, [
    341. 

  341.                         'attribute' => $label,
    342. 

  342.                         'found' => $count
    343. 

  343.                     ]);
    344. 

  344.                 }
    345. 

  345.             } else {
    346. 

  346.                 $length = strlen($value);
    347. 

  347.                 $test = false;
    348. 

  348.                 if ($rule === self::RULE_LEN) {
    349. 

  349.                     $test = ($length !== $this->$rule);
    350. 

  350.                 } elseif ($rule === self::RULE_MIN) {
    351. 

  351.                     $test = ($length < $this->$rule);
    352. 

  352.                 } elseif ($rule === self::RULE_MAX) {
    353. 

  353.                     $test = ($length > $this->$rule);
    354. 

  354.                 }
    355. 

  355.                 if ($this->$rule !== null && $test) {
    356. 

  356.                     $this->addError($object, $attribute, $this->$param, [
    357. 

  357.                         'attribute' => $label . ' (' . $rule . ' , ' . $this->$rule . ')',
    358. 

  358.                         'found' => $length
    359. 

  359.                     ]);
    360. 

  360.                 }
    361. 

  361.             }
    362. 

  362.         }
    363. 

  363.     }
    364. 

  364. 

  365.     /**
    366. 

  366.      * Client validation
    367. 

  367.      *
    368. 

  368.      * @param Model $model
    369. 

  369.      * @param string $attribute
    370. 

  370.      * @param View $view
    371. 

  371.      * @return string javascript method
    372. 

  372.      */
    373. 

  373.     public function clientValidateAttribute($model, $attribute, $view)
    374. 

  374.     {
    375. 

  375.         $label = $model->getAttributeLabel($attribute);
    376. 

  376.         $options = ['strError' => Html::encode(Yii::t('pwdstrength', $this->message, ['attribute' => $label]))];
    377. 

  377.         $options['userField'] = '#' . Html::getInputId($model, $this->userAttribute);
    378. 

  378.         foreach (self::$_rules as $rule => $setup) {
    379. 

  379.             $param = "{$rule}Error";
    380. 

  380.             if ($this->$rule !== null) {
    381. 

  381.                 $options[$rule] = $this->$rule;
    382. 

  382.                 $options[$param] = Html::encode(Yii::t('pwdstrength', $this->$param, ['attribute' => $label]));
    383. 

  383.             }
    384. 

  384.         }
    385. 

  385.         StrengthValidatorAsset::register($view);
    386. 

  386.         return "kvStrengthValidator.validate(value, messages, " . Json::encode($options) . ");";
    387. 

  387.     }
    388. 

  388. }
    389.