Merge pull request #3192 from sbwalker/dev

fix #3174 - display accurate password complexity requirements (this is now implemented in registration, user profiles, and user management - add/edit)
2023-08-25 13:31:22 -04:00 · 2023-08-25 13:31:22 -04:00 · 5a111cdb2a
commit 5a111cdb2a
parent f0fd0db7bb ef2f779f71
9 changed files with 198 additions and 48 deletions
--- a/Oqtane.Client/Modules/Admin/Register/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Register/Index.razor
@ -16,7 +16,7 @@
            <ModuleMessage Message="@Localizer["Info.Registration.Exists"]" Type="MessageType.Info" />
        </Authorized>
        <NotAuthorized>
-            <ModuleMessage Message="@_passwordconstruction" Type="MessageType.Info" />
+            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
                <div class="container">
                    <div class="row mb-1 align-items-center">
@ -69,6 +69,7 @@ else
 }

@code {
+    private string _passwordrequirements;
    private string _username = string.Empty;
    private ElementReference form;
    private bool validated = false;
@ -79,44 +80,16 @@ else
    private string _email = string.Empty;
    private string _displayname = string.Empty;

-    //Password construction
-    private string _minimumlength;
-    private string _uniquecharacters;
-    private bool _requiredigit;
-    private bool _requireupper;
-    private bool _requirelower;
-    private bool _requirepunctuation;
-    private string _passwordconstruction;
-
    public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.Anonymous;

    protected override async Task OnInitializedAsync()
    {
-        var settings = await SettingService.GetSiteSettingsAsync(PageState.Site.SiteId);
-        
-        _minimumlength = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredLength", "6");
-        _uniquecharacters = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredUniqueChars", "1");
-        _requiredigit = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireDigit", "true"));
-        _requireupper = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireUppercase", "true"));
-        _requirelower = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireLowercase", "true"));
-        _requirepunctuation = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireNonAlphanumeric", "true"));
-        
-        // Replace the placeholders with the actual values of the variables
-        string digitRequirement = _requiredigit ? Localizer["Password.DigitRequirement"] + ", " : "";
-        string uppercaseRequirement = _requireupper ? Localizer["Password.UppercaseRequirement"] + ", " : "";
-        string lowercaseRequirement = _requirelower ? Localizer["Password.LowercaseRequirement"] + ", " : "";
-        string punctuationRequirement = _requirepunctuation ? Localizer["Password.PunctuationRequirement"] + ", " : "";
- 
-        // Replace the placeholders with the actual values of the variables
-		string passwordValidationCriteriaTemplate = Localizer["Password.ValidationCriteria"];
-		_passwordconstruction = Localizer["Info.Registration.InvalidEmail"] + ". " + string.Format(passwordValidationCriteriaTemplate,
-            _minimumlength, _uniquecharacters, digitRequirement, uppercaseRequirement, lowercaseRequirement, punctuationRequirement);
+        _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
    }

    protected override void OnParametersSet()
 	{
-		_togglepassword = SharedLocalizer["ShowPassword"];
-        
+		_togglepassword = SharedLocalizer["ShowPassword"];     
 	}

    private async Task Register()
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@ -23,6 +23,7 @@ else
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null && settings != null)
        {
+            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="Your username. Note that this field can not be modified." ResourceKey="Username"></Label>
@ -267,6 +268,7 @@ else
 <br /><br />

@code {
+    private string _passwordrequirements;
    private string username = string.Empty;
    private string _password = string.Empty;
    private string _passwordtype = "password";
@ -293,6 +295,8 @@ else
    {
        try
        {
+            _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
+
            _togglepassword = SharedLocalizer["ShowPassword"];

            if (PageState.Site.Settings.ContainsKey("LoginOptions:TwoFactor") && !string.IsNullOrEmpty(PageState.Site.Settings["LoginOptions:TwoFactor"]))
--- a/Oqtane.Client/Modules/Admin/Users/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Add.razor
@ -12,6 +12,7 @@
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null)
        {
+            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="A unique username for a user. Note that this field can not be modified once it is saved." ResourceKey="Username"></Label>
@ -94,6 +95,7 @@
 <NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>

@code {
+    private string _passwordrequirements;
    private string username = string.Empty;
    private string _password = string.Empty;
    private string _passwordtype = "password";
@ -111,6 +113,7 @@
    {
        try
        {
+            _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
            _togglepassword = SharedLocalizer["ShowPassword"];
            profiles = await ProfileService.GetProfilesAsync(ModuleState.SiteId);
            settings = new Dictionary<string, string>();
--- a/Oqtane.Client/Modules/Admin/Users/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Edit.razor
@ -21,6 +21,7 @@ else
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null)
        {
+            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="The unique username for a user. Note that this field can not be modified." ResourceKey="Username"></Label>
@ -149,6 +150,7 @@ else
 <AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>

@code {
+    private string _passwordrequirements;
    private int userid;
    private string username = string.Empty;
    private string _password = string.Empty;
@ -183,6 +185,7 @@ else
        {
            if (PageState.QueryString.ContainsKey("id"))
            {
+                _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
                _togglepassword = SharedLocalizer["ShowPassword"];
                profiles = await ProfileService.GetProfilesAsync(PageState.Site.SiteId);
                userid = Int32.Parse(PageState.QueryString["id"]);
--- a/Oqtane.Client/Resources/Modules/Admin/Register/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/Register/Index.resx
@ -177,19 +177,4 @@
  <data name="Username.Text" xml:space="preserve">
    <value>Username:</value>
  </data>
-  <data name="Password.ValidationCriteria" xml:space="preserve">
-    <value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Compexity Requirements For This Site.</value>
-  </data>
-  <data name="Password.DigitRequirement" xml:space="preserve">
-    <value>At Least One Digit</value>
-  </data>
-  <data name="Password.LowercaseRequirement" xml:space="preserve">
-    <value>At Least One Lowercase Letter</value>
-  </data>
-  <data name="Password.PunctuationRequirement" xml:space="preserve">
-    <value>At Least One Punctuation Mark</value>
-  </data>
-  <data name="Password.UppercaseRequirement" xml:space="preserve">
-    <value>At Least One Uppercase Letter</value>
-  </data>
 </root>
--- a/Oqtane.Client/Services/Interfaces/IUserService.cs
+++ b/Oqtane.Client/Services/Interfaces/IUserService.cs
@ -135,6 +135,11 @@ namespace Oqtane.Services
        /// <returns></returns>
        Task<User> LinkUserAsync(User user, string token, string type, string key, string name);

-
+        /// <summary>
+        /// Get password requirements for site
+        /// </summary>
+        /// <param name="siteId">ID of a <see cref="Site"/></param>
+        /// <returns></returns>
+        Task<string> GetPasswordRequirementsAsync(int siteId);
    }
 }
--- a/Oqtane.Client/Services/UserService.cs
+++ b/Oqtane.Client/Services/UserService.cs
@ -96,5 +96,9 @@ namespace Oqtane.Services
            return await PostJsonAsync<User>($"{Apiurl}/link?token={token}&type={type}&key={key}&name={name}", user);
        }

+        public async Task<string> GetPasswordRequirementsAsync(int siteId)
+        {
+            return await GetStringAsync($"{Apiurl}/passwordrequirements/{siteId}");
+        }
    }
 }
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -14,6 +14,10 @@ using Oqtane.Repository;
 using Oqtane.Security;
 using Oqtane.Extensions;
 using Oqtane.Managers;
+using Oqtane.Services;
+using static System.Runtime.InteropServices.JavaScript.JSType;
+using Microsoft.Extensions.Localization;
+using Oqtane.Modules.Admin.Roles;

 namespace Oqtane.Controllers
 {
@ -27,8 +31,9 @@ namespace Oqtane.Controllers
        private readonly IUserPermissions _userPermissions;
        private readonly IJwtManager _jwtManager;
        private readonly ILogManager _logger;
+        private readonly IStringLocalizer<UserController> _localizer;

-        public UserController(IUserRepository users, ITenantManager tenantManager, IUserManager userManager, ISiteRepository sites, IUserPermissions userPermissions, IJwtManager jwtManager, ILogManager logger)
+        public UserController(IUserRepository users, ITenantManager tenantManager, IUserManager userManager, ISiteRepository sites, IUserPermissions userPermissions, IJwtManager jwtManager, ILogManager logger, IStringLocalizer<UserController> localizer)
        {
            _users = users;
            _tenantManager = tenantManager;
@ -37,6 +42,7 @@ namespace Oqtane.Controllers
            _userPermissions = userPermissions;
            _jwtManager = jwtManager;
            _logger = logger;
+            _localizer = localizer;
        }

        // GET api/<controller>/5?siteid=x
@ -336,5 +342,37 @@ namespace Oqtane.Controllers
            }
            return user;
        }
+
+        // GET api/<controller>/passwordrequirements/5
+        [HttpGet("passwordrequirements/{siteid}")]
+        public string PasswordRequirements(int siteid)
+        {
+            var requirements = "";
+
+            var site = _sites.GetSite(siteid);
+            if (site != null && (site.AllowRegistration || User.IsInRole(RoleNames.Registered)))
+            {
+                // get settings
+                var sitesettings = HttpContext.GetSiteSettings();
+                var minimumlength = sitesettings.GetValue("IdentityOptions:Password:RequiredLength", "6");
+                var uniquecharacters = sitesettings.GetValue("IdentityOptions:Password:RequiredUniqueChars", "1");
+                var requiredigit = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireDigit", "true"));
+                var requireupper = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireUppercase", "true"));
+                var requirelower = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireLowercase", "true"));
+                var requirepunctuation = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireNonAlphanumeric", "true"));
+
+                // replace the placeholders with the setting values
+                string digitRequirement = requiredigit ? _localizer["Password.DigitRequirement"] + ", " : "";
+                string uppercaseRequirement = requireupper ? _localizer["Password.UppercaseRequirement"] + ", " : "";
+                string lowercaseRequirement = requirelower ? _localizer["Password.LowercaseRequirement"] + ", " : "";
+                string punctuationRequirement = requirepunctuation ? _localizer["Password.PunctuationRequirement"] + ", " : "";
+                string passwordValidationCriteriaTemplate = _localizer["Password.ValidationCriteria"];
+
+                // format requirements
+                requirements = string.Format(passwordValidationCriteriaTemplate, minimumlength, uniquecharacters, digitRequirement, uppercaseRequirement, lowercaseRequirement, punctuationRequirement);
+            }
+
+            return requirements;
+        }
    }
 }
--- a/Oqtane.Server/Resources/Controllers/UserController.resx
+++ b/Oqtane.Server/Resources/Controllers/UserController.resx
@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="utf-8"?>
+<root>
+  <!-- 
+    Microsoft ResX Schema 
+    
+    Version 2.0
+    
+    The primary goals of this format is to allow a simple XML format 
+    that is mostly human readable. The generation and parsing of the 
+    various data types are done through the TypeConverter classes 
+    associated with the data types.
+    
+    Example:
+    
+    ... ado.net/XML headers & schema ...
+    <resheader name="resmimetype">text/microsoft-resx</resheader>
+    <resheader name="version">2.0</resheader>
+    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
+    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
+    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
+    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
+    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
+        <value>[base64 mime encoded serialized .NET Framework object]</value>
+    </data>
+    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
+        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
+        <comment>This is a comment</comment>
+    </data>
+                
+    There are any number of "resheader" rows that contain simple 
+    name/value pairs.
+    
+    Each data row contains a name, and value. The row also contains a 
+    type or mimetype. Type corresponds to a .NET class that support 
+    text/value conversion through the TypeConverter architecture. 
+    Classes that don't support this are serialized and stored with the 
+    mimetype set.
+    
+    The mimetype is used for serialized objects, and tells the 
+    ResXResourceReader how to depersist the object. This is currently not 
+    extensible. For a given mimetype the value must be set accordingly:
+    
+    Note - application/x-microsoft.net.object.binary.base64 is the format 
+    that the ResXResourceWriter will generate, however the reader can 
+    read any of the formats listed below.
+    
+    mimetype: application/x-microsoft.net.object.binary.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
+            : and then encoded with base64 encoding.
+    
+    mimetype: application/x-microsoft.net.object.soap.base64
+    value   : The object must be serialized with 
+            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
+            : and then encoded with base64 encoding.
+
+    mimetype: application/x-microsoft.net.object.bytearray.base64
+    value   : The object must be serialized into a byte array 
+            : using a System.ComponentModel.TypeConverter
+            : and then encoded with base64 encoding.
+    -->
+  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
+    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
+    <xsd:element name="root" msdata:IsDataSet="true">
+      <xsd:complexType>
+        <xsd:choice maxOccurs="unbounded">
+          <xsd:element name="metadata">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" />
+              </xsd:sequence>
+              <xsd:attribute name="name" use="required" type="xsd:string" />
+              <xsd:attribute name="type" type="xsd:string" />
+              <xsd:attribute name="mimetype" type="xsd:string" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="assembly">
+            <xsd:complexType>
+              <xsd:attribute name="alias" type="xsd:string" />
+              <xsd:attribute name="name" type="xsd:string" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="data">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
+              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
+              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
+              <xsd:attribute ref="xml:space" />
+            </xsd:complexType>
+          </xsd:element>
+          <xsd:element name="resheader">
+            <xsd:complexType>
+              <xsd:sequence>
+                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
+              </xsd:sequence>
+              <xsd:attribute name="name" type="xsd:string" use="required" />
+            </xsd:complexType>
+          </xsd:element>
+        </xsd:choice>
+      </xsd:complexType>
+    </xsd:element>
+  </xsd:schema>
+  <resheader name="resmimetype">
+    <value>text/microsoft-resx</value>
+  </resheader>
+  <resheader name="version">
+    <value>2.0</value>
+  </resheader>
+  <resheader name="reader">
+    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <resheader name="writer">
+    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
+  </resheader>
+  <data name="Password.DigitRequirement" xml:space="preserve">
+    <value>At Least One Digit</value>
+  </data>
+  <data name="Password.LowercaseRequirement" xml:space="preserve">
+    <value>At Least One Lowercase Letter</value>
+  </data>
+  <data name="Password.PunctuationRequirement" xml:space="preserve">
+    <value>At Least One Punctuation Mark</value>
+  </data>
+  <data name="Password.UppercaseRequirement" xml:space="preserve">
+    <value>At Least One Uppercase Letter</value>
+  </data>
+  <data name="Password.ValidationCriteria" xml:space="preserve">
+    <value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Compexity Requirements For This Site.</value>
+  </data>
+</root>