-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Plugin.php
106 lines (95 loc) · 4.05 KB
/
Plugin.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php namespace Winter\PwnedPasswords;
use App;
use Lang;
use Event;
use Flash;
use Config;
use Validator;
use BackendAuth;
use ValidationException;
use Backend\Models\User;
use Backend\Controllers\Auth;
use System\Classes\PluginBase;
use Winter\PwnedPasswords\ValidationRules\NotPwned;
/**
* PwnedPasswords Plugin Information File
*/
class Plugin extends PluginBase
{
/**
* Ensure the plugin is available on all routes
*/
public $elevated = true;
/**
* Returns information about this plugin.
*
* @return array
*/
public function pluginDetails()
{
return [
'name' => 'winter.pwnedpasswords::lang.plugin.name',
'description' => 'winter.pwnedpasswords::lang.plugin.description',
'author' => 'Winter CMS',
'icon' => 'icon-check',
'homepage' => 'https://github.com/wintercms/wn-pwnedpasswords-plugin',
];
}
/**
* Runs right before the request route
*/
public function boot()
{
Event::listen('translator.beforeResolve', function ($key, $replaces, $locale) {
if ($key === 'validation.notpwned') {
return Lang::get('winter.pwnedpasswords::lang.validation.notpwned');
}
});
// Register the `notpwned:min` rule
Validator::extend('notpwned', NotPwned::class);
Validator::replacer('notpwned', function ($message, $attribute, $rule, $parameters) {
return str_replace(':min', array_shift($parameters) ?? 1, $message);
});
// Enforce rule on backend users if desired
if (Config::get('winter.pwnedpasswords::enforceOnBackendUsers', false) && !App::runningInConsole()) {
User::extend(function($model) {
$model->rules = array_merge($model->rules, ['password' => $model->rules['password'] . '|notpwned']);
});
// Force users to reset their passwords if they login with a pwned password
Auth::extend(function ($controller) {
$controller->bindEvent('page.beforeDisplay', function ($action, $params) use ($controller) {
if (post('postback') &&
($action === 'signin' || $action === 'reset')
) {
$validation = Validator::make(post(), ['password' => 'notpwned']);
if ($validation->fails()) {
// Force users to reset their password
if ($action === 'signin') {
Event::listen('backend.user.login', function ($user) use ($controller) {
// Make sure the user is not authenticated
BackendAuth::logout();
// Send out the password reset email
$response = $controller->restore_onSubmit();
// Notify the user
Flash::error("Your password has been detected in known password breaches and must be changed. An email with instructions to reset your password has been sent to your email address on file.");
// Return the response
abort($response);
});
}
// Ensure that they don't reset it to another terrible password
if ($action === 'reset') {
try {
throw new ValidationException($validation);
} catch (ValidationException $ex) {
// Notify the user & reload the page
Flash::error($ex->getMessage());
return redirect()->refresh();
}
}
}
}
});
});
}
}
}