Skip to content

Commit

Permalink
Closes #4
Browse files Browse the repository at this point in the history
  • Loading branch information
@luttje
luttje committed Mar 2, 2024
1 parent de8f52e commit 8321239
Show file tree
Hide file tree
Showing 9 changed files with 133 additions and 48 deletions.
38 changes: 26 additions & 12 deletions app/Http/Controllers/Auth/ChecksPasswords.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,24 +7,38 @@

trait ChecksPasswords
{
public function check_password($password, $user = null)
public function checkPassword($password, $user = null)
{
$userDetails = [];
if($user != null) {
$userDetails = array($user->name, $user->email);

if ($user != null) {
$userDetails = [$user->name, $user->email];
}

$zxcvbn = new Zxcvbn();
$strength = $zxcvbn->passwordStrength($password, $userDetails);
$seconds = time() + (int) $strength['crack_time'];
$seconds = Carbon::createFromTimestamp($seconds);
$strength['time_display'] = $seconds->diffForHumans(null, true);

$return = array(
"passes" => ($strength['score'] < 2) ? false : true,
"score" => $strength['score'],
"time" => $strength['time_display'],
);

$seconds = (int)(time() + (int)($strength['crack_times_seconds']['online_no_throttling_10_per_second']));
try {
$seconds = Carbon::createFromTimestamp($seconds);
$strength['time_display'] = $seconds->diffForHumans(null, true);
} catch (\Exception $e) {
$strength['time_display'] = '3 miljoen jaar';
}

$return = [
'passes' => ($strength['score'] < 2) ? false : true,
'feedback' => [
'Het gekozen wachtwoord is niet sterk genoeg.',
'Dit wachtwoord zou in ongeveer ' . $strength['time_display'] . ' te raden zijn!',

...(!empty($strength['feedback']['warning']) ? [__($strength['feedback']['warning'])] : []),
...collect($strength['feedback']['suggestions'])->map(function ($suggestion) {
return __($suggestion);
}),
],
'time' => $strength['time_display'],
];

return (object) $return;
}
Expand Down
12 changes: 8 additions & 4 deletions app/Http/Controllers/Auth/ResetPasswordController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ class ResetPasswordController extends Controller
|
*/

use ChecksPasswords, ResetsPasswords{
use ChecksPasswords, ResetsPasswords {
reset as protected parentreset;
}

Expand All @@ -41,10 +41,14 @@ public function __construct()

public function reset(Request $request)
{
$check = $this->check_password($request->password);
if(!$check->passes) {
return redirect()->route('password.request')->withErrors(['password' => 'Je nieuwe wachtwoord is niet sterk genoeg!']);
$check = $this->checkPassword($request->password);

if (!$check->passes) {
return redirect()
->back()
->withErrors($check->feedback);
}

return $this->parentreset($request);
}
}
64 changes: 41 additions & 23 deletions app/Http/Controllers/UserController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ public function index(Request $request)
$users = User::with('groups');
$search = request('q', false);

if($search) {
if ($search) {
$users = $users->whereHas('groups', function ($query) {
$search = request('q');
$query->where('name', 'LIKE', "%$search%");
Expand Down Expand Up @@ -60,7 +60,7 @@ public function store(Request $request)
'id' => 'required|alpha_num',
'name' => 'required|string',
'email' => 'nullable|email',
'password' => 'required|confirmed'
'password' => 'required|confirmed|string',
]);

$user = new User();
Expand All @@ -69,19 +69,23 @@ public function store(Request $request)
$user->type = $request->type;

$user->email = $request->email;
if($user->email == null) {
if ($user->email == null) {
$user->email = $user->id . '@' . ($user->type == 'student' ? 'edu.' : '') . 'curio.nl';
}

$check = $this->check_password($request->password, $user);
if(!$check->passes) {
return redirect()->route('users.create')->withInput($request->input())->withErrors(['msg' => 'Je nieuwe wachtwoord is niet sterk genoeg.', 'msg2' => 'Dit wachtwoord zou in ongeveer ' . $check->time . ' te kraken zijn!']);
$check = $this->checkPassword($request->password, $user);

if (!$check->passes) {
return redirect()
->route('users.create')
->withInput($request->input())
->withErrors($check->feedback);
}

$user->password = bcrypt($request->password);
$user->save();

if($request->groups != null) {
if ($request->groups != null) {
$user->groups()->attach($request->groups);
}

Expand Down Expand Up @@ -117,32 +121,42 @@ public function profile(User $user)
->with('user', $user);
}

public function profile_update(Request $request, User $user)
public function profileUpdate(Request $request, User $user)
{
if (Gate::denies('edit-self', $user)) {
return redirect('/me');
}

if(!password_verify($request->password, $user->getPassword())) {
return redirect()->route('users.profile', $user)->withErrors(['msg' => 'Je huidige wachtwoord is niet correct.']);
if (!password_verify($request->password, $user->getPassword())) {
return redirect()
->route('users.profile', $user)
->withErrors(['Je huidige wachtwoord is niet correct.']);
}

$request->validate([
'password_new' => 'nullable|confirmed'
]);

$check = $this->check_password($request->password_new, $user);
if(!$check->passes) {
return redirect()->route('users.profile', $user)->withErrors(['msg' => 'Je nieuwe wachtwoord is niet sterk genoeg.', 'msg2' => 'Dit wachtwoord zou in ongeveer ' . $check->time . ' te kraken zijn!']);
if ($request->password_new == null) {
return redirect()
->route('users.profile', $user)
->withErrors(['Je nieuwe wachtwoord is niet ingevuld.']);
}

$check = $this->checkPassword($request->password_new, $user);

if (!$check->passes) {
return redirect()
->route('users.profile', $user)
->withErrors($check->feedback);
}

$user->password = bcrypt($request->password_new);
$user->save();
$request->session()->flash('notice', array(
$request->session()->flash('notice', [
'Je wachtwoord is opgeslagen.',
'Je hebt een ' . ($check->score == 3 ? 'redelijk' : 'heel') . ' sterk wachtwoord gekozen.',
'Het zou ongeveer ' . $check->time . ' duren om dit wachtwoord te kraken!'
));
'Voor jouw informatie, je hebt een wachtwoord gekozen waarvoor het een hacker ongeveer ' . $check->time . ' zou duren om het te raden!'
]);

return redirect('/users/' . $user->id . '/profile');
}
Expand All @@ -160,10 +174,14 @@ public function update(Request $request, User $user)
'password' => 'nullable|confirmed'
]);

if($request->password != null) {
$check = $this->check_password($request->password, $user);
if(!$check->passes) {
return redirect()->route('users.edit', $user)->withInput($request->input())->withErrors(['msg' => 'Je nieuwe wachtwoord is niet sterk genoeg.', 'msg2' => 'Dit wachtwoord zou in ongeveer ' . $check->time . ' te kraken zijn!']);
if ($request->password != null) {
$check = $this->checkPassword($request->password, $user);

if (!$check->passes) {
return redirect()
->route('users.edit', $user)
->withInput($request->input())
->withErrors($check->feedback);
}
$user->password = bcrypt($request->password);
$user->save();
Expand All @@ -190,11 +208,11 @@ public function delete(User $user)
*/
public function destroy(Request $request)
{
if(!is_array($request->delete)) {
if (!is_array($request->delete)) {
return redirect()->back();
}

foreach($request->delete as $id) {
foreach ($request->delete as $id) {
$user = User::find($id);
$user->groups()->detach();
$user->delete();
Expand Down
22 changes: 21 additions & 1 deletion lang/nl.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,5 +12,25 @@
"Please click the button below to verify your email address.": "Klik op onderstaande knop om je e-mailadres te bevestigen.",
"If you did not create an account, no further action is required.": "Als je geen account hebt aangemaakt, dan hoef je niets te doen.",
"(and :count more error)": "(en :count andere fout)",
"(and :count more errors)": "(en :count andere fouten)"
"(and :count more errors)": "(en :count andere fouten)",

"Use a few words, avoid common phrases": "Gebruik een paar woorden, vermijd veelgebruikte zinnen",
"No need for symbols, digits, or uppercase letters": "Symbolen, cijfers of hoofdletters zijn niet nodig",
"Add another word or two. Uncommon words are better.": "Voeg nog een woord of twee toe. Ongebruikelijke woorden zijn beter.",
"This is similar to a commonly used password": "Dit lijkt op een veelgebruikt wachtwoord",
"Recent years are easy to guess": "Recentelijke jaartallen zijn makkelijk te raden",
"Avoid recent years": "Vermijd recentelijke jaartallen",
"Avoid years that are associated with you": "Vermijd jaartallen die met jou geassocieerd zijn",
"Reversed words aren't much harder to guess": "Omgekeerde woorden zijn niet veel moeilijker te raden",
"Repeats like \"aaa\" are easy to guess": "Herhalingen zoals \"aaa\" zijn makkelijk te raden",
"Repeats like \"abcabcabc\" are only slightly harder to guess than \"abc\"": "Herhalingen zoals \"abcabcabc\" zijn slechts iets moeilijker te raden dan \"abc\"",
"Avoid repeated words and characters": "Vermijd herhaalde woorden en tekens",
"Straight rows of keys are easy to guess": "Rechte rijen van toetsen zijn makkelijk te raden",
"Short keyboard patterns are easy to guess": "Korte toetsenbordpatronen zijn makkelijk te raden",
"Use a longer keyboard pattern with more turns": "Gebruik een langer toetsenbordpatroon met meer bochten",
"Sequences like abc or 6543 are easy to guess": "Sequenties zoals abc of 6543 zijn makkelijk te raden",
"Avoid sequences": "Vermijd sequenties",
"Predictable substitutions like '@' instead of 'a' don't help very much": "Voorspelbare vervangingen zoals '@' in plaats van 'a' helpen niet veel",
"Dates are often easy to guess": "Datums zijn vaak makkelijk te raden",
"Avoid dates and years that are associated with you": "Vermijd datums en jaartallen die met jou geassocieerd zijn"
}
5 changes: 5 additions & 0 deletions resources/css/app.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ body{
min-width: fit-content;
}

.alert ul {
margin-bottom: 0;
padding-left: 1rem;
}

.btn-brand{
border-color: #004c35;
color: #004c35;
Expand Down
22 changes: 16 additions & 6 deletions resources/css/login.css
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,30 +147,40 @@ footer{

.alert-primary {
color: #d6e3df;
background-color: #004c35;
background-color: #004c35;
}

.alert-primary a{
color: #d6e3df;
}

.alert-danger {
color: #721c24;
background-color: #f8d7da;
border-color: #f5c6cb;
}

.alert-danger ul{
padding-left: 18px;
}

@media only screen and (max-width: 768px) {

html{
font-size: 16px;
}

.container{
display: block;
}

.aside{
display: none;
}
}

@media only screen and (max-width: 480px) {

html{
font-size: 14px;
}
Expand All @@ -182,7 +192,7 @@ footer{
}

@media only screen and (max-width: 340px) {

.submit{
flex-direction: column;
align-items: flex-start;
Expand All @@ -199,4 +209,4 @@ footer{
.aside{
display: none;
}
}
}
6 changes: 6 additions & 0 deletions resources/views/auth/passwords/email.blade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,12 @@
</p>
@endif

<div class="alert alert-danger">
<strong>Let op!</strong>
<div>Vanwege beperkingen in de mailserver van Curio is het hoogstwaarschijnlijk dat je de 'wachtwoord vergeten'-mail niet ontvangt. Dit is omdat er 'curio' in de afzender voorkomt en Curio 'phishing'-aanvallen wil voorkomen.</div>
<strong>Vraag daarom je docent om je wachtwoord voor je te resetten.</strong>
</div>

<p>Reset je wachtwoord:</p>
<form method="POST" action="{{ route('password.email') }}">
@csrf
Expand Down
10 changes: 9 additions & 1 deletion resources/views/auth/passwords/reset.blade.php
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,18 @@
@extends('layouts.auth')

@section('content')

<div class="alert alert-primary">
Lees ook onze <a href="/passwords" target="_blank">richtlijnen</a> voor een sterk wachtwoord.
</div>
@if ($errors->any())
<div class="alert alert-danger">
<ul>
@foreach ($errors->all() as $error)
<li>{{ $error }}</li>
@endforeach
</ul>
</div>
@endif
<p>Reset je wachtwoord:</p>
<form method="POST" action="{{ route('password.request') }}">
@csrf
Expand Down
2 changes: 1 addition & 1 deletion routes/web.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
Route::get('/me', [DashboardController::class, 'show'])->name('home');

Route::get('/users/{user}/profile', [UserController::class, 'profile'])->name('users.profile');
Route::patch('/users/{user}/profile', [UserController::class, 'profile_update']);
Route::patch('/users/{user}/profile', [UserController::class, 'profileUpdate']);

Route::group(['middleware' => 'admin'], function () {
Route::resource('clients', ClientController::class, ['except' => ['edit', 'update']]);
Expand Down

0 comments on commit 8321239

Please sign in to comment.