File: PasswordStrength.php

package info (click to toggle)
matomo 5.8.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 95,068 kB
  • sloc: php: 289,425; xml: 127,249; javascript: 112,130; python: 202; sh: 178; makefile: 20; sql: 10
file content (112 lines) | stat: -rw-r--r-- 3,195 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
<?php

/**
 * Matomo - free/libre analytics platform
 *
 * @link    https://matomo.org
 * @license https://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 */

namespace Piwik\Auth;

use Piwik\Piwik;

/**
 * Main class to handle actions related to password strength rules and verification of
 * those rules.
 *
 * @api
 */
class PasswordStrength
{
    /** @var bool */
    private $enabled;

    public function __construct(bool $featureEnabled)
    {
        $this->enabled = $featureEnabled;
    }

    /**
     * Provides the rules for defining a strong password. Rules are
     * broken up into a regular expression which is applied to a password candidate,
     * and a string which describes what the rule is testing for.
     *
     * @return array of rules to test password candidates against.
     */
    public function getRules(): array
    {
        if (!$this->enabled) {
            return [];
        }

        return [
            [
                'validationRegex' => '/^.{12,}$/',
                'ruleText' => Piwik::translate('General_PasswordStrengthValidationLength'),
            ],
            [
                'validationRegex' => '/^.*[a-z].*$/',
                'ruleText' => Piwik::translate('General_PasswordStrengthValidationLowercase'),
            ],
            [
                'validationRegex' => '/^.*[A-Z].*$/',
                'ruleText' => Piwik::translate('General_PasswordStrengthValidationUppercase'),
            ],
            [
                'validationRegex' => '/^.*[0-9].*$/',
                'ruleText' => Piwik::translate('General_PasswordStrengthValidationNumber'),
            ],
            [
                'validationRegex' => '/^.*[!\"#$%&\\\'(\\\\)*+,\-.\/:;<=>?@[\\]^_\`{\|}\~].*$/',
                'ruleText' => Piwik::translate('General_PasswordStrengthValidationSpecialChar'),
            ],
        ];
    }

    /**
     * Determines which rules a password candidate breaks with regards to
     * password strength.
     *
     * @param string $candidate The password candidate to be tested.
     * @return array of rules which the password breaks.
     */
    public function validatePasswordStrength(string $candidate): array
    {
        if (!$this->enabled) {
            return [];
        }

        $brokenRules = [];
        foreach ($this->getRules() as $rule) {
            if (!preg_match($rule['validationRegex'], $candidate)) {
                $brokenRules[] = $rule['ruleText'];
            }
        }

        return $brokenRules;
    }

    public function formatValidationFailedMessage(array $brokenRules): string
    {
        if (!$this->enabled || empty($brokenRules)) {
            return '';
        }

        $concatenatedRules = implode(', ', array_map('lcfirst', $brokenRules));

        return Piwik::translate('General_PasswordStrengthValidationFailed', $concatenatedRules);
    }

    public function getRulesAsHtmlList(): string
    {
        $list = '';
        $rules = $this->getRules();
        foreach ($rules as $rule) {
            $ruleText = $rule['ruleText'];
            $list .= "<li>$ruleText</li>";
        }

        return "<ul class='browser-default'>$list</ul>";
    }
}