Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions app/Http/Controllers/Auth/LoginController.php
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\AuthenticatesUsers;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Log;
Expand Down Expand Up @@ -44,6 +45,14 @@ public function __construct()
$this->middleware('guest')->except('logout');
}

protected function validateLogin(Request $request): void
{
$request->validate([
$this->username() => 'required|string',
'password' => 'required|string|max:72',
]);
}

/**
* Redirect the user to the GitHub authentication page.
*/
Expand Down
2 changes: 1 addition & 1 deletion app/Http/Controllers/Auth/RegisterController.php
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ protected function validator(array $data): \Illuminate\Contracts\Validation\Vali
return Validator::make($data, [
'name' => 'required|string|max:255',
'email' => 'required|string|email|max:255|unique:users',
'password' => Password::defaults(),
'password' => ['required', 'string', Password::defaults()],
'privacy' => 'required',
]);
}
Expand Down
13 changes: 13 additions & 0 deletions app/Http/Controllers/Auth/ResetPasswordController.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use App\Http\Controllers\Controller;
use Illuminate\Foundation\Auth\ResetsPasswords;
use Illuminate\Validation\Rules\Password;

class ResetPasswordController extends Controller
{
Expand Down Expand Up @@ -36,4 +37,16 @@ public function __construct()
{
$this->middleware('guest');
}

/**
* @return array<string, mixed>
*/
protected function rules(): array
{
return [
'token' => 'required',
'email' => 'required|email',
'password' => ['required', 'string', 'confirmed', Password::defaults()],
];
}
}
1 change: 1 addition & 0 deletions app/Providers/AppServiceProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ public function boot(): void
->mixedCase()
->numbers()
->symbols()
->max(72)
->uncompromised();
});

Expand Down
1 change: 1 addition & 0 deletions resources/js/components/PasswordField.vue
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
:type="type"
:defaultValue="value"
:required="required"
maxlength="72"
/>
<div
class="absolute right-4 top-1/2 -translate-y-1/2 cursor-pointer"
Expand Down
61 changes: 61 additions & 0 deletions tests/Feature/Auth/PasswordLengthValidationTest.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
<?php

namespace Tests\Feature\Auth;

use Illuminate\Foundation\Testing\RefreshDatabase;
use Illuminate\Support\Str;
use Tests\TestCase;

final class PasswordLengthValidationTest extends TestCase
{
use RefreshDatabase;

public function test_registration_rejects_password_longer_than_72_characters(): void
{
$response = $this->post('/register', [
'name' => 'Test User',
'email' => 'long-password@example.com',
'password' => Str::repeat('Aa1!', 19), // 76 chars
'password_confirmation' => Str::repeat('Aa1!', 19),
'privacy' => '1',
]);

$response->assertSessionHasErrors('password');
$this->assertDatabaseMissing('users', ['email' => 'long-password@example.com']);
}

public function test_login_rejects_password_longer_than_72_characters(): void
{
$response = $this->post('/login', [
'email' => 'user@example.com',
'password' => Str::repeat('x', 73),
]);

$response->assertSessionHasErrors('password');
}

public function test_registration_page_renders_password_fields(): void
{
$response = $this->get('/register');

$response->assertOk();
$response->assertSee('name="password"', false);
$response->assertSee('name="password_confirmation"', false);
}

public function test_registration_accepts_password_at_max_length(): void
{
$password = Str::repeat('Aa1!', 18); // 72 chars, meets complexity rules
$this->assertSame(72, strlen($password));

$response = $this->post('/register', [
'name' => 'Test User',
'email' => 'max-length@example.com',
'password' => $password,
'password_confirmation' => $password,
'privacy' => '1',
]);

$response->assertSessionDoesntHaveErrors(['password']);
}
}
Loading