From b50583596c7232ca0729d6e198d2b9860d5ef3be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20L?= Date: Thu, 24 Jul 2025 12:56:41 +0100 Subject: [PATCH 1/5] decrease password complexity --- app/Http/Controllers/Auth/RegisterController.php | 2 +- app/Http/Controllers/UsersController.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index f9c6ba8a1..e24963487 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -64,7 +64,7 @@ public function register (Request $request): array 'name' => 'required|min:3|max:25', 'username' => 'required|min:3|max:20|unique:users|different:password', 'email' => 'required|email|max:75|unique:users', - 'password' => ['required', Password::min(8)->mixedCase()->numbers()->symbols()->uncompromised()] + 'password' => ['required', Password::min(5)->uncompromised()] // 'g-recaptcha-response' => 'required|captcha' ]); diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index 7cb310453..29b87ac1e 100644 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -73,7 +73,7 @@ public function changePassword (Request $request) { $this->validate($request, [ 'oldpassword' => 'required', - 'password' => 'required|confirmed|min:6|case_diff|numbers|letters|symbols' + 'password' => 'required|confirmed|min:5' ]); $user = Auth::user(); From 91b449666212165defb875f9225c9f3f5a54dd54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20L?= Date: Thu, 24 Jul 2025 13:39:08 +0100 Subject: [PATCH 2/5] update password test --- tests/Feature/Signup/CreateNewUserTest.php | 86 +++++++++++----------- 1 file changed, 43 insertions(+), 43 deletions(-) diff --git a/tests/Feature/Signup/CreateNewUserTest.php b/tests/Feature/Signup/CreateNewUserTest.php index 2e53cbd83..e132c839d 100644 --- a/tests/Feature/Signup/CreateNewUserTest.php +++ b/tests/Feature/Signup/CreateNewUserTest.php @@ -12,54 +12,54 @@ public function test_a_user_can_create_an_account () 'name' => 'John Doe', 'username' => 'username_' . time(), 'email' => 'test_' . time() . '@example.com', - 'password' => 'ReallyStrongPassword123!', + 'password' => 'password!', 'password_confirmation' => 'password', ]); $this->assertEquals(200, $response->getStatusCode()); } - public static function passwordProvider (): array - { - return [ - 'missing_uppercase' => [ - 'password' => 'lowercase1#', - 'error' => 'The password must contain at least one uppercase and one lowercase letter.' - ], - 'missing_lowercase' => [ - 'password' => 'UPPERCASE1#', - 'error' => 'The password must contain at least one uppercase and one lowercase letter.' - ], - 'missing_numbers' => [ - 'password' => 'UpperLower#', - 'error' => 'The password must contain at least one number.' - ], - 'missing_symbols' => [ - 'password' => 'UpperLower1', - 'error' => 'The password must contain at least one special character.' - ], - ]; - } - - /** - * @dataProvider passwordProvider - */ - public function test_a_user_cannot_create_an_account_with_invalid_password ($password, $error) - { - $response = $this->withoutMiddleware()->post('/register', [ - 'name' => 'John Doe', - 'username' => 'username_' . time(), - 'email' => 'test_' . time() . '@example.com', - 'password' => $password, - 'password_confirmation' => 'password', - ]); - - $this->assertEquals(302, $response->getStatusCode()); +// public static function passwordProvider (): array +// { +// return [ +// 'missing_uppercase' => [ +// 'password' => 'lowercase1#', +// 'error' => 'The password must contain at least one uppercase and one lowercase letter.' +// ], +// 'missing_lowercase' => [ +// 'password' => 'UPPERCASE1#', +// 'error' => 'The password must contain at least one uppercase and one lowercase letter.' +// ], +// 'missing_numbers' => [ +// 'password' => 'UpperLower#', +// 'error' => 'The password must contain at least one number.' +// ], +// 'missing_symbols' => [ +// 'password' => 'UpperLower1', +// 'error' => 'The password must contain at least one special character.' +// ], +// ]; +// } - $errors = $response->getSession()->get('errors')->toArray(); - - $this->assertArrayHasKey('password', $errors); - - $this->assertTrue(in_array($error, $errors['password'])); - } +// /** +// * @dataProvider passwordProvider +// */ +// public function test_a_user_cannot_create_an_account_with_invalid_password ($password, $error) +// { +// $response = $this->withoutMiddleware()->post('/register', [ +// 'name' => 'John Doe', +// 'username' => 'username_' . time(), +// 'email' => 'test_' . time() . '@example.com', +// 'password' => $password, +// 'password_confirmation' => 'password', +// ]); +// +// $this->assertEquals(302, $response->getStatusCode()); +// +// $errors = $response->getSession()->get('errors')->toArray(); +// +// $this->assertArrayHasKey('password', $errors); +// +// $this->assertTrue(in_array($error, $errors['password'])); +// } } From 03230565762ed8d475d13415eb809fb01de88b54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20L?= Date: Thu, 24 Jul 2025 13:59:20 +0100 Subject: [PATCH 3/5] fix test --- .env.testing | 4 ++-- app/Http/Controllers/Auth/RegisterController.php | 2 +- phpunit.xml | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/.env.testing b/.env.testing index 2adf1aeef..d0e4eaaaa 100644 --- a/.env.testing +++ b/.env.testing @@ -10,8 +10,8 @@ LOG_CHANNEL=stack DB_CONNECTION=mysql DB_HOST=127.0.0.1 DB_PORT=3306 -DB_DATABASE=olm -DB_USERNAME=homestead +DB_DATABASE=olm_test +DB_USERNAME=root DB_PASSWORD=secret # For Testing diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index e24963487..d76ebf441 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -64,7 +64,7 @@ public function register (Request $request): array 'name' => 'required|min:3|max:25', 'username' => 'required|min:3|max:20|unique:users|different:password', 'email' => 'required|email|max:75|unique:users', - 'password' => ['required', Password::min(5)->uncompromised()] + 'password' => ['required', Password::min(5)] // 'g-recaptcha-response' => 'required|captcha' ]); diff --git a/phpunit.xml b/phpunit.xml index 86a833843..ea1506741 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -17,6 +17,8 @@ + + From 35273c7bcbfcec9029fa0e891be0fa05a7b7cee6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20L?= Date: Thu, 24 Jul 2025 20:25:52 +0100 Subject: [PATCH 4/5] update yml --- .github/workflows/laravel.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/laravel.yml b/.github/workflows/laravel.yml index bb11239ce..44640df41 100644 --- a/.github/workflows/laravel.yml +++ b/.github/workflows/laravel.yml @@ -36,6 +36,7 @@ jobs: env: MYSQL_ALLOW_EMPTY_PASSWORD: false MYSQL_ROOT_PASSWORD: password + MYSQL_ROOT_HOST: '%' MYSQL_DATABASE: olm_test ports: - 3306/tcp From 1c3d8e187d0ce2da8325cf1431e1d08a709f8fb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Se=C3=A1n=20L?= Date: Thu, 24 Jul 2025 20:43:58 +0100 Subject: [PATCH 5/5] test --- .github/workflows/laravel.yml | 4 ++-- phpunit.xml | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/laravel.yml b/.github/workflows/laravel.yml index 44640df41..400397a80 100644 --- a/.github/workflows/laravel.yml +++ b/.github/workflows/laravel.yml @@ -15,7 +15,7 @@ jobs: APP_ENV: testing DB_DATABASE: olm_test DB_USERNAME: root - DB_PASSWORD: password + DB_PASSWORD: secret BROADCAST_DRIVER: log CACHE_DRIVER: array QUEUE_CONNECTION: sync @@ -35,7 +35,7 @@ jobs: image: mysql:5.7 env: MYSQL_ALLOW_EMPTY_PASSWORD: false - MYSQL_ROOT_PASSWORD: password + MYSQL_ROOT_PASSWORD: secret MYSQL_ROOT_HOST: '%' MYSQL_DATABASE: olm_test ports: diff --git a/phpunit.xml b/phpunit.xml index ea1506741..86a833843 100644 --- a/phpunit.xml +++ b/phpunit.xml @@ -17,8 +17,6 @@ - -