From e65dc5708ddf4fa15f1b09a1b555668ec05751e7 Mon Sep 17 00:00:00 2001
From: Jakob <dev@schrej.net>
Date: Sun, 30 Oct 2016 21:02:39 +0100
Subject: [PATCH] Validate password on reset according to rules (#158)

* move password rules to Models\User::PASSWORD_RULES

* validate new password according to rules on password reset

* add password requirements info to auth.passwords.reset view
---
 app/Http/Controllers/Auth/ResetPasswordController.php | 8 ++++++++
 app/Http/Controllers/Base/AccountController.php       | 2 +-
 app/Models/User.php                                   | 7 +++++++
 resources/views/auth/passwords/reset.blade.php        | 1 +
 4 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/app/Http/Controllers/Auth/ResetPasswordController.php b/app/Http/Controllers/Auth/ResetPasswordController.php
index 854170b19..ab6b968e4 100644
--- a/app/Http/Controllers/Auth/ResetPasswordController.php
+++ b/app/Http/Controllers/Auth/ResetPasswordController.php
@@ -31,4 +31,12 @@ class ResetPasswordController extends Controller
     {
         $this->middleware('guest');
     }
+
+
+    protected function rules() {
+        return [
+            'token' => 'required', 'email' => 'required|email',
+            'password' => 'required|confirmed|' . User::PASSWORD_RULES,
+        ];
+    }
 }
diff --git a/app/Http/Controllers/Base/AccountController.php b/app/Http/Controllers/Base/AccountController.php
index c79063706..a532a0a2e 100644
--- a/app/Http/Controllers/Base/AccountController.php
+++ b/app/Http/Controllers/Base/AccountController.php
@@ -84,7 +84,7 @@ class AccountController extends Controller
 
         $this->validate($request, [
             'current_password' => 'required',
-            'new_password' => 'required|confirmed|different:current_password|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})',
+            'new_password' => 'required|confirmed|different:current_password|' . Models\User::PASSWORD_RULES,
             'new_password_confirmation' => 'required'
         ]);
 
diff --git a/app/Models/User.php b/app/Models/User.php
index 251d1b018..990511ecb 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -76,6 +76,13 @@ class User extends Model implements AuthenticatableContract,
      */
     protected $hidden = ['password', 'remember_token', 'totp_secret'];
 
+    /**
+    * The rules for user passwords
+    * 
+    * @var string
+    */
+    const PASSWORD_RULES = 'min:8|regex:((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,})';
+
     public function permissions()
     {
         return $this->hasMany(Permission::class);
diff --git a/resources/views/auth/passwords/reset.blade.php b/resources/views/auth/passwords/reset.blade.php
index 3362f205b..5151ce7a2 100644
--- a/resources/views/auth/passwords/reset.blade.php
+++ b/resources/views/auth/passwords/reset.blade.php
@@ -55,6 +55,7 @@
                             <strong>{{ $errors->first('password') }}</strong>
                         </span>
                     @endif
+                    <p class="text-muted"><small>{{ trans('base.password_req') }}</small></p>
                 </div>
             </div>
             <div class="form-group">