Проверка на надежный пароль (#862)

* Проверка на надежный пароль

* fixed typos in locales/ru.strings

Co-authored-by: Alexander Minkin <weryskok@gmail.com>

* подправил локаль

---------

Co-authored-by: Alexander Minkin <weryskok@gmail.com>

Web/Presenters/AuthPresenter.php

@@ -80,7 +80,11 @@ final class AuthPresenter extends OpenVKPresenter
             
             if(!Validator::i()->emailValid($this->postParam("email")))
                 $this->flashFail("err", tr("invalid_email_address"), tr("invalid_email_address_comment"));
-            
+
+            if(OPENVK_ROOT_CONF['openvk']['preferences']['security']['forceStrongPassword'])
+                if(!Validator::i()->passwordStrong($this->postParam("password")))
+                    $this->flashFail("err", tr("error"), tr("error_weak_password"));
+
             if (strtotime($this->postParam("birthday")) > time())
                 $this->flashFail("err", tr("invalid_birth_date"), tr("invalid_birth_date_comment"));
 

Web/Util/Validator.php

@@ -22,5 +22,9 @@ class Validator
         return (bool) preg_match("/^(?:t.me\/|@)?([a-zA-Z0-9_]{0,32})$/", $telegram);
     }
 
+    function passwordStrong(string $password): bool{
+        return (bool) preg_match("/^(?=.*[A-Z])(?=.*[0-9])(?=.*[a-z]).{8,}$/", $password);
+    }
+
     use TSimpleSingleton;
 }

locales/en.strings

@@ -992,6 +992,7 @@
 "error_upload_failed" = "Failed to upload a photo";
 "error_old_password" = "Old password does not match";
 "error_new_password" = "New password does not match";
+"error_weak_password" = "Password isn't strong enough. It should has at least 8 symbols, at least one capital letter and at least one digit."
 "error_shorturl_incorrect" = "The short address has an incorrect format.";
 "error_repost_fail" = "Failed to share post";
 "error_data_too_big" = "Attribute '$1' must be at most $2 $3 long";

locales/ru.strings

@@ -905,6 +905,7 @@
 "error_upload_failed" = "Не удалось загрузить фото";
 "error_old_password" = "Старый пароль не совпадает";
 "error_new_password" = "Новые пароли не совпадает";
+"error_weak_password" = "Ненадёжный пароль. Пароль должен содержать не менее 8 символов, цифры, прописные и строчные буквы";
 "error_shorturl_incorrect" = "Короткий адрес имеет некорректный формат.";
 "error_repost_fail" = "Не удалось поделиться записью";
 "error_data_too_big" = "Аттрибут '$1' не может быть длиннее $2 $3";

openvk-example.yml

@@ -27,6 +27,7 @@ openvk:
             requirePhone: false
             forcePhoneVerification: false
             forceEmailVerification: false
+            forceStrongPassword: false
             enableSu: true
             rateLimits:
                 actions: 5