Don't allow blank passwords on the password change endpoint; closes #2750
This commit is contained in:
parent
16f49f8dc1
commit
7ebe04fb91
2 changed files with 26 additions and 4 deletions
|
@ -2,7 +2,6 @@
|
||||||
|
|
||||||
namespace Pterodactyl\Http\Requests\Api\Client\Account;
|
namespace Pterodactyl\Http\Requests\Api\Client\Account;
|
||||||
|
|
||||||
use Pterodactyl\Models\User;
|
|
||||||
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
use Pterodactyl\Http\Requests\Api\Client\ClientApiRequest;
|
||||||
use Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException;
|
use Pterodactyl\Exceptions\Http\Base\InvalidPasswordProvidedException;
|
||||||
|
|
||||||
|
@ -32,8 +31,8 @@ class UpdatePasswordRequest extends ClientApiRequest
|
||||||
*/
|
*/
|
||||||
public function rules(): array
|
public function rules(): array
|
||||||
{
|
{
|
||||||
$rules = User::getRulesForUpdate($this->user());
|
return [
|
||||||
|
'password' => ['required', 'string', 'confirmed', 'min:8'],
|
||||||
return ['password' => array_merge($rules['password'], ['confirmed'])];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -140,6 +140,29 @@ class AccountControllerTest extends ClientApiIntegrationTestCase
|
||||||
$response->assertJsonPath('errors.0.detail', 'The password provided was invalid for this account.');
|
$response->assertJsonPath('errors.0.detail', 'The password provided was invalid for this account.');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Test that a validation error is returned to the user if no password is provided or if
|
||||||
|
* the password is below the minimum password length.
|
||||||
|
*/
|
||||||
|
public function testErrorIsReturnedForInvalidRequestData()
|
||||||
|
{
|
||||||
|
$user = factory(User::class)->create();
|
||||||
|
|
||||||
|
$this->actingAs($user)->putJson('/api/client/account/password', [
|
||||||
|
'current_password' => 'password',
|
||||||
|
])
|
||||||
|
->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
|
||||||
|
->assertJsonPath('errors.0.meta.rule', 'required');
|
||||||
|
|
||||||
|
$this->actingAs($user)->putJson('/api/client/account/password', [
|
||||||
|
'current_password' => 'password',
|
||||||
|
'password' => 'pass',
|
||||||
|
'password_confirmation' => 'pass',
|
||||||
|
])
|
||||||
|
->assertStatus(Response::HTTP_UNPROCESSABLE_ENTITY)
|
||||||
|
->assertJsonPath('errors.0.meta.rule', 'min');
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Test that a validation error is returned if the password passed in the request
|
* Test that a validation error is returned if the password passed in the request
|
||||||
* does not have a confirmation, or the confirmation is not the same as the password.
|
* does not have a confirmation, or the confirmation is not the same as the password.
|
||||||
|
|
Loading…
Reference in a new issue