From cb7da26d5355fea71e6d096ea5f546901ef82e97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Sun, 25 Feb 2024 09:19:30 +0000 Subject: [PATCH 1/3] Fix empty pass with personal data check --- app/controllers/api/users.php | 2 +- src/Appwrite/Auth/Validator/PersonalData.php | 5 +++-- .../Projects/ProjectsConsoleClientTest.php | 17 +++++++++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 987c146e0d..5fa62a3730 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -71,7 +71,7 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e : ID::custom($userId); if ($project->getAttribute('auths', [])['personalDataCheck'] ?? false) { - $personalDataValidator = new PersonalData($userId, $email, $name, $phone); + $personalDataValidator = new PersonalData($userId, $email, $name, $phone, false, true); if (!$personalDataValidator->isValid($plaintextPassword)) { throw new Exception(Exception::USER_PASSWORD_PERSONAL_DATA); } diff --git a/src/Appwrite/Auth/Validator/PersonalData.php b/src/Appwrite/Auth/Validator/PersonalData.php index 6e2b4a9bd7..8eaae002f6 100644 --- a/src/Appwrite/Auth/Validator/PersonalData.php +++ b/src/Appwrite/Auth/Validator/PersonalData.php @@ -12,9 +12,10 @@ class PersonalData extends Password protected ?string $email = null, protected ?string $name = null, protected ?string $phone = null, - protected bool $strict = false + protected bool $strict = false, + protected bool $allowEmpty = false, ) { - parent::__construct(); + parent::__construct($allowEmpty); } /** diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index a189e4630e..a74d140e2c 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -1731,6 +1731,23 @@ class ProjectsConsoleClientTest extends Scope $this->assertEquals(201, $response['headers']['status-code']); + $email = uniqid() . 'user@localhost.test'; + $password = ''; + $name = 'username'; + $userId = ID::unique(); + $response = $this->client->call(Client::METHOD_POST, '/account', array_merge([ + 'origin' => 'http://localhost', + 'content-type' => 'application/json', + 'x-appwrite-project' => $id, + ]), [ + 'email' => $email, + 'password' => $password, + 'name' => $name, + 'userId' => $userId + ]); + + $this->assertEquals(201, $response['headers']['status-code']); + $email = uniqid() . 'user@localhost.test'; $userId = ID::unique(); $response = $this->client->call(Client::METHOD_POST, '/users', array_merge($this->getHeaders(), [ From a08d5a5ef6e187aa221f1d50f6d8cc52541704b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Matej=20Ba=C4=8Do?= Date: Sun, 25 Feb 2024 10:25:51 +0000 Subject: [PATCH 2/3] Fix tests --- .../Services/Account/AccountCustomClientTest.php | 5 ++++- .../Projects/ProjectsConsoleClientTest.php | 16 ++++++---------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/tests/e2e/Services/Account/AccountCustomClientTest.php b/tests/e2e/Services/Account/AccountCustomClientTest.php index d3fc13bd17..b982103d55 100644 --- a/tests/e2e/Services/Account/AccountCustomClientTest.php +++ b/tests/e2e/Services/Account/AccountCustomClientTest.php @@ -2251,8 +2251,11 @@ class AccountCustomClientTest extends Scope $smsRequest = $this->getLastRequest(); + $message = $smsRequest['data']['message']; + $token = substr($message, 0, 6); + return \array_merge($data, [ - 'token' => $smsRequest['data']['secret'] + 'token' => $token ]); } diff --git a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php index a74d140e2c..80227577cc 100644 --- a/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php +++ b/tests/e2e/Services/Projects/ProjectsConsoleClientTest.php @@ -1731,19 +1731,15 @@ class ProjectsConsoleClientTest extends Scope $this->assertEquals(201, $response['headers']['status-code']); - $email = uniqid() . 'user@localhost.test'; - $password = ''; - $name = 'username'; - $userId = ID::unique(); - $response = $this->client->call(Client::METHOD_POST, '/account', array_merge([ - 'origin' => 'http://localhost', + $response = $this->client->call(Client::METHOD_POST, '/users', array_merge($this->getHeaders(), [ 'content-type' => 'application/json', 'x-appwrite-project' => $id, + 'x-appwrite-mode' => 'admin', ]), [ - 'email' => $email, - 'password' => $password, - 'name' => $name, - 'userId' => $userId + // Empty password + 'email' => uniqid() . 'user@localhost.test', + 'name' => 'User', + 'userId' => ID::unique(), ]); $this->assertEquals(201, $response['headers']['status-code']); From d3cf892001725beceb5b339a2cc7aa5b5a4d4c27 Mon Sep 17 00:00:00 2001 From: Jake Barnby Date: Mon, 26 Feb 2024 17:50:52 +1300 Subject: [PATCH 3/3] Named params --- app/controllers/api/users.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/app/controllers/api/users.php b/app/controllers/api/users.php index 5fa62a3730..491a371eb0 100644 --- a/app/controllers/api/users.php +++ b/app/controllers/api/users.php @@ -71,7 +71,14 @@ function createUser(string $hash, mixed $hashOptions, string $userId, ?string $e : ID::custom($userId); if ($project->getAttribute('auths', [])['personalDataCheck'] ?? false) { - $personalDataValidator = new PersonalData($userId, $email, $name, $phone, false, true); + $personalDataValidator = new PersonalData( + $userId, + $email, + $name, + $phone, + strict: false, + allowEmpty: true + ); if (!$personalDataValidator->isValid($plaintextPassword)) { throw new Exception(Exception::USER_PASSWORD_PERSONAL_DATA); }