Merge pull request #2515 from sbwalker/dev

fix #2512 - provide guidance about password complexity policy during install, and ensure modified passwords meet complexity policy
2022-12-02 07:42:55 -05:00 · 2022-12-02 07:42:55 -05:00 · 8c0dc6422e
commit 8c0dc6422e
parent 642e41530e c91e285475
6 changed files with 194 additions and 159 deletions
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@ -337,7 +337,9 @@ else
 						photo = null;
 					}
-                    await UserService.UpdateUserAsync(user);
+					user = await UserService.UpdateUserAsync(user);
 					if (user != null)
 					{
 						await SettingService.UpdateUserSettingsAsync(settings, PageState.User.UserId);
 						await logger.LogInformation("User Profile Saved");
@ -345,6 +347,11 @@ else
 						StateHasChanged();
 					}
 					else
 					{
 						AddModuleMessage(Localizer["Message.Password.Complexity"], MessageType.Error);						
 					}
 				}
                else
                {
                    AddModuleMessage(Localizer["Message.Password.Invalid"], MessageType.Warning);
                }
--- a/Oqtane.Client/Modules/Admin/Users/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Edit.razor
@ -249,12 +249,18 @@ else
 					user.IsDeleted = (isdeleted == null ? true : Boolean.Parse(isdeleted));
 					user = await UserService.UpdateUserAsync(user);
 					if (user != null)
 					{
 						await SettingService.UpdateUserSettingsAsync(settings, user.UserId);
 						await logger.LogInformation("User Saved {User}", user);
 						NavigationManager.NavigateTo(NavigateUrl());
 					}
 					else
 					{
 						AddModuleMessage(Localizer["Message.Password.Complexity"], MessageType.Error);
 					}
                }
                else
                {
                    AddModuleMessage(Localizer["Message.Password.NoMatch"], MessageType.Warning);
                }
--- a/Oqtane.Client/Resources/Installer/Installer.resx
+++ b/Oqtane.Client/Resources/Installer/Installer.resx
@ -136,7 +136,7 @@
    <value>Please Enter All Required Fields. Ensure Passwords Match And Email Address Provided Is Valid.</value>
  </data>
  <data name="Message.Password.Invalid" xml:space="preserve">
-    <value>The Password Provided Does Not Meet The Password Policy. Please Verify The Minimum Password Length And Complexity Requirements.</value>
+    <value>The Password Provided Does Not Meet The Complexity Policy. Passwords Must Be At Least 6 Characters In Length And Contain Uppercase, Lowercase, Numeric, And Punctuation Characters.</value>
  </data>
  <data name="Register" xml:space="preserve">
    <value>Please Register Me For Major Product Updates And Security Bulletins</value>
--- a/Oqtane.Client/Resources/Modules/Admin/UserProfile/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/UserProfile/Index.resx
@ -120,6 +120,9 @@
  <data name="Message.Password.Invalid" xml:space="preserve">
    <value>Passwords Entered Do Not Match</value>
  </data>
  <data name="Message.Password.Complexity" xml:space="preserve">
    <value>Password Provided Does Not Meet The Complexity Policy</value>
  </data>
  <data name="From" xml:space="preserve">
    <value>From</value>
  </data>
--- a/Oqtane.Client/Resources/Modules/Admin/Users/Edit.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/Users/Edit.resx
@ -120,6 +120,9 @@
  <data name="Message.Password.NoMatch" xml:space="preserve">
    <value>Passwords Entered Do Not Match</value>
  </data>
  <data name="Message.Password.Complexity" xml:space="preserve">
    <value>Password Provided Does Not Meet The Complexity Policy</value>
  </data>
  <data name="Identity.Name" xml:space="preserve">
    <value>Identity</value>
  </data>
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -247,12 +247,21 @@ namespace Oqtane.Controllers
                if (identityuser != null)
                {
                    identityuser.Email = user.Email;
                    var valid = true;
                    if (user.Password != "")
                    {
                        var validator = new PasswordValidator<IdentityUser>();
                        var result = await validator.ValidateAsync(_identityUserManager, null, user.Password);
                        valid = result.Succeeded;
                        if (valid)
                        {
                            identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, user.Password);
                        }
                    await _identityUserManager.UpdateAsync(identityuser);
                    }
                    if (valid)
                    {
                        await _identityUserManager.UpdateAsync(identityuser);
                        user = _users.UpdateUser(user);
                        _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Update);
                        _syncManager.AddSyncEvent(_tenantManager.GetAlias().TenantId, EntityNames.User, user.UserId, SyncEventActions.Refresh);
@ -260,6 +269,13 @@ namespace Oqtane.Controllers
                        _logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", user);
                    }
                    else
                    {
                        _logger.Log(user.SiteId, LogLevel.Error, this, LogFunction.Update, "Unable To Update User {Username}. Password Does Not Meet Complexity Requirements.", user.Username);
                        user = null;
                    }
                }
            }
            else
            {
                user.Password = ""; // remove sensitive information
                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Post Attempt {User}", user);