minor updates to password logging and validation

phpsa · Jun 1, 2024 · 059af14 · 059af14
1 parent d2dfbea
commit 059af14
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -142,6 +142,22 @@ this will force a user to update their password, note -- all existing users will
 From V5.0.0 - there is a new validation rule that can be added to validate that a password has not been used before.
 `Phpsa\FilamentAuthentication\Rules\PreventPasswordReuseRule` - this will use the value from config `filament-authentication.password_renew.prevent_password_reuse` 0 to disable, any number of previous to block out fro re-use.
 
+-- If using socialite / Filament-socialite etc, you will need to override the `public function needsRenewal(): bool` method in the trait,
+EG:
+```php
+ use CanRenewPassword {
+        CanRenewPassword::needsRenewal as traitNeedsRenewal;
+    }
+
+    public function needsRenewal(): bool
+    {
+        if ($this->password === null && SocialiteUser::where('user_id', $this->id)->exists()) {
+            return false;
+        }
+        return $this->traitNeedsRenewal();
+    }
+```
+
 ## Authentication Log
 
 Introduced in V4.2.0 - this allows you to log each user login attempt.

diff --git a/src/Http/Middleware/RenewPasswordMiddleware.php b/src/Http/Middleware/RenewPasswordMiddleware.php
@@ -25,7 +25,7 @@ public function handle(Request $request, Closure $next)
             Filament::getCurrentPanel()->generateRouteName('auth.logout')
         )
         || $request->routeIs(
-            Filament::getCurrentPanel()->generateRouteName('auth.password.renew')
+            Filament::getCurrentPanel()->generateRouteName('fa.password.renew')
         )
         || app(ImpersonateManager::class)->isImpersonating()
         || ! in_array(

diff --git a/src/Pages/Auth/RenewPassword.php b/src/Pages/Auth/RenewPassword.php
@@ -14,6 +14,7 @@
 use Filament\Pages\Concerns\InteractsWithFormActions;
 use Yebor974\Filament\RenewPassword\RenewPasswordPlugin;
 use Illuminate\Validation\Rules\Password as PasswordRule;
+use Phpsa\FilamentAuthentication\Rules\PreventPasswordReuseRule;
 use Phpsa\FilamentAuthentication\Traits\CanRenewPassword;
 
 class RenewPassword extends SimplePage
@@ -34,8 +35,7 @@ public function mount(): void
     {
         $user = Filament::auth()->user();
 
-        if (
-               ! in_array(CanRenewPassword::class, class_uses_recursive($user))
+        if (! in_array(CanRenewPassword::class, class_uses_recursive($user))
                || ! $user->needsRenewal()
         ) {
             redirect()->intended(Filament::getUrl());
@@ -93,7 +93,7 @@ protected function getForms(): array
                             ->password()
                             ->revealable(filament()->arePasswordsRevealable())
                             ->required()
-                            ->rules(['different:data.currentPassword', PasswordRule::default()]),
+                            ->rules(['different:data.currentPassword', PasswordRule::default(), new PreventPasswordReuseRule()]),
                         TextInput::make('PasswordConfirmation')
                             ->label(__('filament-authentication::filament-authentication.field.user.confirm_password'))
                             ->password()

diff --git a/src/Rules/PreventPasswordReuseRule.php b/src/Rules/PreventPasswordReuseRule.php
@@ -7,22 +7,24 @@
 use Illuminate\Support\Facades\Hash;
 use Phpsa\FilamentAuthentication\Models\PasswordRenewLog;
 
-class PreventPasswordReuseRule extends ValidationRule
+class PreventPasswordReuseRule implements ValidationRule
 {
 
-    public function __construct(public Authenticatable $user)
+    public function __construct(?Authenticatable $user = null)
     {
+        $this->user = $user ?? auth()->user();
     }
 
     public function validate(string $attribute, mixed $value, Closure $fail): void
     {
+
         //if config is disabled we don't wanna
         if ((int) config('filament-authentication.password_renew.prevent_password_reuse') <= 0) {
             return;
         }
 
-        $previous = PasswordRenewLog::where('authenticatable_id', $this->user->getAuthIdentifier())
-            ->where('authenticatable_type', get_class($this->user))
+        $previous = PasswordRenewLog::where('renewable_id', $this->user->getAuthIdentifier())
+            ->where('renewable_type', get_class($this->user))
             ->latest()
             ->limit(config('filament-authentication.password_renew.prevent_password_reuse'))
             ->pluck('phash')

diff --git a/src/Traits/CanRenewPassword.php b/src/Traits/CanRenewPassword.php
@@ -30,6 +30,7 @@ public function latestRenewable()
 
     public function needsRenewal(): bool
     {
+
         $period = config('filament-authentication.password_renew.renew_password_days_period');
 
         if (! is_numeric($period) || $period <= 0) {
-Original file line number
+Diff line change
@@ Expand Up / @@ -30,6 +30,7 @@ public function latestRenewable() @@
         public function needsRenewal(): bool
         {
             $period = config('filament-authentication.password_renew.renew_password_days_period');
             if (! is_numeric($period) || $period <= 0) {
@@ Expand Down @@