Merge pull request #3192 from sbwalker/dev

fix #3174 - display accurate password complexity requirements (this is now implemented in registration, user profiles, and user management - add/edit)
2023-08-25 13:31:22 -04:00 · 2023-08-25 13:31:22 -04:00 · 5a111cdb2a
commit 5a111cdb2a
parent f0fd0db7bb ef2f779f71
9 changed files with 198 additions and 48 deletions
--- a/Oqtane.Client/Modules/Admin/Register/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Register/Index.razor
@ -16,7 +16,7 @@
            <ModuleMessage Message="@Localizer["Info.Registration.Exists"]" Type="MessageType.Info" />
        </Authorized>
        <NotAuthorized>
-            <ModuleMessage Message="@_passwordconstruction" Type="MessageType.Info" />
+            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
                <div class="container">
                    <div class="row mb-1 align-items-center">
@ -69,6 +69,7 @@ else
 }
@code {
    private string _passwordrequirements;
    private string _username = string.Empty;
    private ElementReference form;
    private bool validated = false;
@ -79,44 +80,16 @@ else
    private string _email = string.Empty;
    private string _displayname = string.Empty;
    //Password construction
    private string _minimumlength;
    private string _uniquecharacters;
    private bool _requiredigit;
    private bool _requireupper;
    private bool _requirelower;
    private bool _requirepunctuation;
    private string _passwordconstruction;
    public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.Anonymous;
    protected override async Task OnInitializedAsync()
    {
-        var settings = await SettingService.GetSiteSettingsAsync(PageState.Site.SiteId);
+        _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
        _minimumlength = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredLength", "6");
        _uniquecharacters = SettingService.GetSetting(settings, "IdentityOptions:Password:RequiredUniqueChars", "1");
        _requiredigit = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireDigit", "true"));
        _requireupper = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireUppercase", "true"));
        _requirelower = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireLowercase", "true"));
        _requirepunctuation = bool.Parse(SettingService.GetSetting(settings, "IdentityOptions:Password:RequireNonAlphanumeric", "true"));
        // Replace the placeholders with the actual values of the variables
        string digitRequirement = _requiredigit ? Localizer["Password.DigitRequirement"] + ", " : "";
        string uppercaseRequirement = _requireupper ? Localizer["Password.UppercaseRequirement"] + ", " : "";
        string lowercaseRequirement = _requirelower ? Localizer["Password.LowercaseRequirement"] + ", " : "";
        string punctuationRequirement = _requirepunctuation ? Localizer["Password.PunctuationRequirement"] + ", " : "";
        // Replace the placeholders with the actual values of the variables
 		string passwordValidationCriteriaTemplate = Localizer["Password.ValidationCriteria"];
 		_passwordconstruction = Localizer["Info.Registration.InvalidEmail"] + ". " + string.Format(passwordValidationCriteriaTemplate,
            _minimumlength, _uniquecharacters, digitRequirement, uppercaseRequirement, lowercaseRequirement, punctuationRequirement);
    }
    protected override void OnParametersSet()
 	{
 		_togglepassword = SharedLocalizer["ShowPassword"];     
 	}
    private async Task Register()
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@ -23,6 +23,7 @@ else
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null && settings != null)
        {
            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="Your username. Note that this field can not be modified." ResourceKey="Username"></Label>
@ -267,6 +268,7 @@ else
 <br /><br />
@code {
    private string _passwordrequirements;
    private string username = string.Empty;
    private string _password = string.Empty;
    private string _passwordtype = "password";
@ -293,6 +295,8 @@ else
    {
        try
        {
            _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
            _togglepassword = SharedLocalizer["ShowPassword"];
            if (PageState.Site.Settings.ContainsKey("LoginOptions:TwoFactor") && !string.IsNullOrEmpty(PageState.Site.Settings["LoginOptions:TwoFactor"]))
--- a/Oqtane.Client/Modules/Admin/Users/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Add.razor
@ -12,6 +12,7 @@
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null)
        {
            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="A unique username for a user. Note that this field can not be modified once it is saved." ResourceKey="Username"></Label>
@ -94,6 +95,7 @@
 <NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
@code {
    private string _passwordrequirements;
    private string username = string.Empty;
    private string _password = string.Empty;
    private string _passwordtype = "password";
@ -111,6 +113,7 @@
    {
        try
        {
            _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
            _togglepassword = SharedLocalizer["ShowPassword"];
            profiles = await ProfileService.GetProfilesAsync(ModuleState.SiteId);
            settings = new Dictionary<string, string>();
--- a/Oqtane.Client/Modules/Admin/Users/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Edit.razor
@ -21,6 +21,7 @@ else
    <TabPanel Name="Identity" ResourceKey="Identity">
        @if (profiles != null)
        {
            <ModuleMessage Message="@_passwordrequirements" Type="MessageType.Info" />
            <div class="container">
                <div class="row mb-1 align-items-center">
                    <Label Class="col-sm-3" For="username" HelpText="The unique username for a user. Note that this field can not be modified." ResourceKey="Username"></Label>
@ -149,6 +150,7 @@ else
 <AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
@code {
    private string _passwordrequirements;
    private int userid;
    private string username = string.Empty;
    private string _password = string.Empty;
@ -183,6 +185,7 @@ else
        {
            if (PageState.QueryString.ContainsKey("id"))
            {
                _passwordrequirements = await UserService.GetPasswordRequirementsAsync(PageState.Site.SiteId);
                _togglepassword = SharedLocalizer["ShowPassword"];
                profiles = await ProfileService.GetProfilesAsync(PageState.Site.SiteId);
                userid = Int32.Parse(PageState.QueryString["id"]);
--- a/Oqtane.Client/Resources/Modules/Admin/Register/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/Register/Index.resx
@ -177,19 +177,4 @@
  <data name="Username.Text" xml:space="preserve">
    <value>Username:</value>
  </data>
  <data name="Password.ValidationCriteria" xml:space="preserve">
    <value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Compexity Requirements For This Site.</value>
  </data>
  <data name="Password.DigitRequirement" xml:space="preserve">
    <value>At Least One Digit</value>
  </data>
  <data name="Password.LowercaseRequirement" xml:space="preserve">
    <value>At Least One Lowercase Letter</value>
  </data>
  <data name="Password.PunctuationRequirement" xml:space="preserve">
    <value>At Least One Punctuation Mark</value>
  </data>
  <data name="Password.UppercaseRequirement" xml:space="preserve">
    <value>At Least One Uppercase Letter</value>
  </data>
 </root>
--- a/Oqtane.Client/Services/Interfaces/IUserService.cs
+++ b/Oqtane.Client/Services/Interfaces/IUserService.cs
@ -135,6 +135,11 @@ namespace Oqtane.Services
        /// <returns></returns>
        Task<User> LinkUserAsync(User user, string token, string type, string key, string name);
-
+        /// <summary>
        /// Get password requirements for site
        /// </summary>
        /// <param name="siteId">ID of a <see cref="Site"/></param>
        /// <returns></returns>
        Task<string> GetPasswordRequirementsAsync(int siteId);
    }
 }
--- a/Oqtane.Client/Services/UserService.cs
+++ b/Oqtane.Client/Services/UserService.cs
@ -96,5 +96,9 @@ namespace Oqtane.Services
            return await PostJsonAsync<User>($"{Apiurl}/link?token={token}&type={type}&key={key}&name={name}", user);
        }
        public async Task<string> GetPasswordRequirementsAsync(int siteId)
        {
            return await GetStringAsync($"{Apiurl}/passwordrequirements/{siteId}");
        }
    }
 }
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -14,6 +14,10 @@ using Oqtane.Repository;
 using Oqtane.Security;
 using Oqtane.Extensions;
 using Oqtane.Managers;
 using Oqtane.Services;
 using static System.Runtime.InteropServices.JavaScript.JSType;
 using Microsoft.Extensions.Localization;
 using Oqtane.Modules.Admin.Roles;
 namespace Oqtane.Controllers
 {
@ -27,8 +31,9 @@ namespace Oqtane.Controllers
        private readonly IUserPermissions _userPermissions;
        private readonly IJwtManager _jwtManager;
        private readonly ILogManager _logger;
        private readonly IStringLocalizer<UserController> _localizer;
-        public UserController(IUserRepository users, ITenantManager tenantManager, IUserManager userManager, ISiteRepository sites, IUserPermissions userPermissions, IJwtManager jwtManager, ILogManager logger)
+        public UserController(IUserRepository users, ITenantManager tenantManager, IUserManager userManager, ISiteRepository sites, IUserPermissions userPermissions, IJwtManager jwtManager, ILogManager logger, IStringLocalizer<UserController> localizer)
        {
            _users = users;
            _tenantManager = tenantManager;
@ -37,6 +42,7 @@ namespace Oqtane.Controllers
            _userPermissions = userPermissions;
            _jwtManager = jwtManager;
            _logger = logger;
            _localizer = localizer;
        }
        // GET api/<controller>/5?siteid=x
@ -336,5 +342,37 @@ namespace Oqtane.Controllers
            }
            return user;
        }
        // GET api/<controller>/passwordrequirements/5
        [HttpGet("passwordrequirements/{siteid}")]
        public string PasswordRequirements(int siteid)
        {
            var requirements = "";
            var site = _sites.GetSite(siteid);
            if (site != null && (site.AllowRegistration || User.IsInRole(RoleNames.Registered)))
            {
                // get settings
                var sitesettings = HttpContext.GetSiteSettings();
                var minimumlength = sitesettings.GetValue("IdentityOptions:Password:RequiredLength", "6");
                var uniquecharacters = sitesettings.GetValue("IdentityOptions:Password:RequiredUniqueChars", "1");
                var requiredigit = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireDigit", "true"));
                var requireupper = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireUppercase", "true"));
                var requirelower = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireLowercase", "true"));
                var requirepunctuation = bool.Parse(sitesettings.GetValue("IdentityOptions:Password:RequireNonAlphanumeric", "true"));
                // replace the placeholders with the setting values
                string digitRequirement = requiredigit ? _localizer["Password.DigitRequirement"] + ", " : "";
                string uppercaseRequirement = requireupper ? _localizer["Password.UppercaseRequirement"] + ", " : "";
                string lowercaseRequirement = requirelower ? _localizer["Password.LowercaseRequirement"] + ", " : "";
                string punctuationRequirement = requirepunctuation ? _localizer["Password.PunctuationRequirement"] + ", " : "";
                string passwordValidationCriteriaTemplate = _localizer["Password.ValidationCriteria"];
                // format requirements
                requirements = string.Format(passwordValidationCriteriaTemplate, minimumlength, uniquecharacters, digitRequirement, uppercaseRequirement, lowercaseRequirement, punctuationRequirement);
            }
            return requirements;
        }
    }
 }
--- a/Oqtane.Server/Resources/Controllers/UserController.resx
+++ b/Oqtane.Server/Resources/Controllers/UserController.resx
@ -0,0 +1,135 @@
 <?xml version="1.0" encoding="utf-8"?>
 <root>
  <!-- 
    Microsoft ResX Schema 
    Version 2.0
    The primary goals of this format is to allow a simple XML format 
    that is mostly human readable. The generation and parsing of the 
    various data types are done through the TypeConverter classes 
    associated with the data types.
    Example:
    ... ado.net/XML headers & schema ...
    <resheader name="resmimetype">text/microsoft-resx</resheader>
    <resheader name="version">2.0</resheader>
    <resheader name="reader">System.Resources.ResXResourceReader, System.Windows.Forms, ...</resheader>
    <resheader name="writer">System.Resources.ResXResourceWriter, System.Windows.Forms, ...</resheader>
    <data name="Name1"><value>this is my long string</value><comment>this is a comment</comment></data>
    <data name="Color1" type="System.Drawing.Color, System.Drawing">Blue</data>
    <data name="Bitmap1" mimetype="application/x-microsoft.net.object.binary.base64">
        <value>[base64 mime encoded serialized .NET Framework object]</value>
    </data>
    <data name="Icon1" type="System.Drawing.Icon, System.Drawing" mimetype="application/x-microsoft.net.object.bytearray.base64">
        <value>[base64 mime encoded string representing a byte array form of the .NET Framework object]</value>
        <comment>This is a comment</comment>
    </data>
    There are any number of "resheader" rows that contain simple 
    name/value pairs.
    Each data row contains a name, and value. The row also contains a 
    type or mimetype. Type corresponds to a .NET class that support 
    text/value conversion through the TypeConverter architecture. 
    Classes that don't support this are serialized and stored with the 
    mimetype set.
    The mimetype is used for serialized objects, and tells the 
    ResXResourceReader how to depersist the object. This is currently not 
    extensible. For a given mimetype the value must be set accordingly:
    Note - application/x-microsoft.net.object.binary.base64 is the format 
    that the ResXResourceWriter will generate, however the reader can 
    read any of the formats listed below.
    mimetype: application/x-microsoft.net.object.binary.base64
    value   : The object must be serialized with 
            : System.Runtime.Serialization.Formatters.Binary.BinaryFormatter
            : and then encoded with base64 encoding.
    mimetype: application/x-microsoft.net.object.soap.base64
    value   : The object must be serialized with 
            : System.Runtime.Serialization.Formatters.Soap.SoapFormatter
            : and then encoded with base64 encoding.
    mimetype: application/x-microsoft.net.object.bytearray.base64
    value   : The object must be serialized into a byte array 
            : using a System.ComponentModel.TypeConverter
            : and then encoded with base64 encoding.
    -->
  <xsd:schema id="root" xmlns="" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
    <xsd:import namespace="http://www.w3.org/XML/1998/namespace" />
    <xsd:element name="root" msdata:IsDataSet="true">
      <xsd:complexType>
        <xsd:choice maxOccurs="unbounded">
          <xsd:element name="metadata">
            <xsd:complexType>
              <xsd:sequence>
                <xsd:element name="value" type="xsd:string" minOccurs="0" />
              </xsd:sequence>
              <xsd:attribute name="name" use="required" type="xsd:string" />
              <xsd:attribute name="type" type="xsd:string" />
              <xsd:attribute name="mimetype" type="xsd:string" />
              <xsd:attribute ref="xml:space" />
            </xsd:complexType>
          </xsd:element>
          <xsd:element name="assembly">
            <xsd:complexType>
              <xsd:attribute name="alias" type="xsd:string" />
              <xsd:attribute name="name" type="xsd:string" />
            </xsd:complexType>
          </xsd:element>
          <xsd:element name="data">
            <xsd:complexType>
              <xsd:sequence>
                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
                <xsd:element name="comment" type="xsd:string" minOccurs="0" msdata:Ordinal="2" />
              </xsd:sequence>
              <xsd:attribute name="name" type="xsd:string" use="required" msdata:Ordinal="1" />
              <xsd:attribute name="type" type="xsd:string" msdata:Ordinal="3" />
              <xsd:attribute name="mimetype" type="xsd:string" msdata:Ordinal="4" />
              <xsd:attribute ref="xml:space" />
            </xsd:complexType>
          </xsd:element>
          <xsd:element name="resheader">
            <xsd:complexType>
              <xsd:sequence>
                <xsd:element name="value" type="xsd:string" minOccurs="0" msdata:Ordinal="1" />
              </xsd:sequence>
              <xsd:attribute name="name" type="xsd:string" use="required" />
            </xsd:complexType>
          </xsd:element>
        </xsd:choice>
      </xsd:complexType>
    </xsd:element>
  </xsd:schema>
  <resheader name="resmimetype">
    <value>text/microsoft-resx</value>
  </resheader>
  <resheader name="version">
    <value>2.0</value>
  </resheader>
  <resheader name="reader">
    <value>System.Resources.ResXResourceReader, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
  </resheader>
  <resheader name="writer">
    <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
  </resheader>
  <data name="Password.DigitRequirement" xml:space="preserve">
    <value>At Least One Digit</value>
  </data>
  <data name="Password.LowercaseRequirement" xml:space="preserve">
    <value>At Least One Lowercase Letter</value>
  </data>
  <data name="Password.PunctuationRequirement" xml:space="preserve">
    <value>At Least One Punctuation Mark</value>
  </data>
  <data name="Password.UppercaseRequirement" xml:space="preserve">
    <value>At Least One Uppercase Letter</value>
  </data>
  <data name="Password.ValidationCriteria" xml:space="preserve">
    <value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Compexity Requirements For This Site.</value>
  </data>
 </root>