ENH Generate a random password if a blank password is entered

creative-commoners · Oct 12, 2023 · b045115 · b045115
1 parent 87958e7
commit b045115
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 8 deletions.
diff --git a/src/Forms/ConfirmedPasswordField.php b/src/Forms/ConfirmedPasswordField.php
@@ -43,7 +43,8 @@ class ConfirmedPasswordField extends FormField
     public $requireStrongPassword = false;
 
     /**
-     * Allow empty fields in serverside validation
+     * Allow empty fields in when entering the password for the first time
+     * If this is set to true then a random password will be created before saving
      *
      * @var boolean
      */
@@ -119,6 +120,8 @@ class ConfirmedPasswordField extends FormField
      */
     protected $hiddenField = null;
 
+    private string $strongPasswordRegex = '/^(([a-zA-Z]+\d+)|(\d+[a-zA-Z]+))[a-zA-Z0-9]*$/';
+
     /**
      * @param string $name
      * @param string $title
@@ -255,7 +258,15 @@ public function getChildren()
     public function setCanBeEmpty($value)
     {
         $this->canBeEmpty = (bool)$value;
-
+        $text = _t(
+            __CLASS__ . '.CANBEEMTPYRIGHT',
+            'If an password is not set then a hidden random password will be automatically generated. The user will need to click the forgotten password link to receive an email with a password reset link.'
+        );
+        if ($this->canBeEmpty) {
+            $this->passwordField->setRightTitle($text);
+        } elseif (!$this->canBeEmpty && $this->passwordField->getRightTitle() === $text) {
+            $this->passwordField->setRightTitle('');
+        }
         return $this;
     }
 
@@ -488,7 +499,7 @@ public function validate($validator)
         }
 
         if ($this->getRequireStrongPassword()) {
-            if (!preg_match('/^(([a-zA-Z]+\d+)|(\d+[a-zA-Z]+))[a-zA-Z0-9]*$/', $value ?? '')) {
+            if (!preg_match($this->strongPasswordRegex, $value ?? '')) {
                 $validator->validationError(
                     $name,
                     _t(
@@ -552,8 +563,6 @@ public function validate($validator)
     }
 
     /**
-     * Only save if field was shown on the client, and is not empty.
-     *
      * @param DataObjectInterface $record
      */
     public function saveInto(DataObjectInterface $record)
@@ -562,9 +571,33 @@ public function saveInto(DataObjectInterface $record)
             return;
         }
 
-        if (!($this->canBeEmpty && !$this->value)) {
-            parent::saveInto($record);
+        // Create a random password if password is blank
+        if ($this->canBeEmpty && !$this->value) {
+            $this->value = $this->createStrongRandomPassword();
         }
+
+        parent::saveInto($record);
+    }
+
+    private function createStrongRandomPassword(): string
+    {
+        $value = '';
+        do {
+            // random_int() in OK to use for random password generation
+            $randomInt = random_int(0, PHP_INT_MAX);
+            // add in a-f as extra possible characters
+            $hashed = substr(md5($randomInt), 0, $this->getMaxLength());
+            // uppercase half of the characters
+            $hashed = implode('', [
+                strtoupper(substr($hashed, 0, floor(strlen($hashed) / 2))),
+                substr($hashed, ceil(strlen($hashed) / 2)),
+            ]);
+            // shuffle the characters
+            $arr = str_split($hashed);
+            shuffle($arr);
+            $value = implode('', $arr);
+        } while (!preg_match($this->strongPasswordRegex, $value));
+        return $value;
     }
 
     /**

diff --git a/src/Security/Member.php b/src/Security/Member.php
@@ -670,7 +670,7 @@ public function getMemberPasswordField()
             $password->setRequireExistingPassword(true);
         }
 
-        $password->setCanBeEmpty(false);
+        $password->setCanBeEmpty(true);
         $this->extend('updateMemberPasswordField', $password);
 
         return $password;