Changeset View
Changeset View
Standalone View
Standalone View
src/applications/auth/engine/PhabricatorAuthPasswordEngine.php
Context not available. | |||||
$raw_password = $password->openEnvelope(); | $raw_password = $password->openEnvelope(); | ||||
if (!strlen($raw_password)) { | if (!@strlen($raw_password)) { | ||||
if ($can_skip) { | if ($can_skip) { | ||||
throw new PhabricatorAuthPasswordException( | throw new PhabricatorAuthPasswordException( | ||||
pht('You must choose a password or skip this step.'), | pht('You must choose a password or skip this step.'), | ||||
Context not available. | |||||
$min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | $min_len = PhabricatorEnv::getEnvConfig('account.minimum-password-length'); | ||||
$min_len = (int)$min_len; | $min_len = (int)$min_len; | ||||
if ($min_len) { | if ($min_len) { | ||||
if (strlen($raw_password) < $min_len) { | if (@strlen($raw_password) < $min_len) { | ||||
throw new PhabricatorAuthPasswordException( | throw new PhabricatorAuthPasswordException( | ||||
pht( | pht( | ||||
'The selected password is too short. Passwords must be a minimum '. | 'The selected password is too short. Passwords must be a minimum '. | ||||
Context not available. | |||||
$raw_confirm = $confirm->openEnvelope(); | $raw_confirm = $confirm->openEnvelope(); | ||||
if (!strlen($raw_confirm)) { | if (!@strlen($raw_confirm)) { | ||||
throw new PhabricatorAuthPasswordException( | throw new PhabricatorAuthPasswordException( | ||||
pht('You must confirm the selected password.'), | pht('You must confirm the selected password.'), | ||||
null, | null, | ||||
Context not available. | |||||
// Skip very short terms: it's okay if your password has the substring | // Skip very short terms: it's okay if your password has the substring | ||||
// "com" in it somewhere even if the install is on "mycompany.com". | // "com" in it somewhere even if the install is on "mycompany.com". | ||||
foreach ($terms_map as $term => $source) { | foreach ($terms_map as $term => $source) { | ||||
if (strlen($term) < $minimum_similarity) { | if (@strlen($term) < $minimum_similarity) { | ||||
unset($terms_map[$term]); | unset($terms_map[$term]); | ||||
} | } | ||||
} | } | ||||
Context not available. | |||||
// Finally, make sure that none of the terms appear in the password, | // Finally, make sure that none of the terms appear in the password, | ||||
// and that the password does not appear in any of the terms. | // and that the password does not appear in any of the terms. | ||||
$normal_password = phutil_utf8_strtolower($raw_password); | $normal_password = phutil_utf8_strtolower($raw_password); | ||||
if (strlen($normal_password) >= $minimum_similarity) { | if (@strlen($normal_password) >= $minimum_similarity) { | ||||
foreach ($normal_map as $term => $source) { | foreach ($normal_map as $term => $source) { | ||||
// See T2312. This may be required if the term list includes numeric | // See T2312. This may be required if the term list includes numeric | ||||
Context not available. | |||||
// array keys. | // array keys. | ||||
$term = phutil_string_cast($term); | $term = phutil_string_cast($term); | ||||
if (strpos($term, $normal_password) === false && | if (@strpos($term, $normal_password) === false && | ||||
strpos($normal_password, $term) === false) { | @strpos($normal_password, $term) === false) { | ||||
continue; | continue; | ||||
} | } | ||||
Context not available. |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0