Upgrade password policy

app/Http/Controllers/Auth/RegisterController.php

@@ -21,6 +21,7 @@
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Validator as ValidatorFacade;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\View\View;
 
 class RegisterController extends Controller
@@ -111,12 +112,22 @@ public function showRegistrationForm(Request $request): View
      */
     protected function validator(array $data): Validator
     {
+        $passwordRules = [
+            'required',
+            'confirmed',
+            Password::min(8)
+                ->letters()
+                ->mixedCase()
+                ->numbers()
+                ->uncompromised(),
+        ];
+
         $rules = [
             'name'            => 'required|max:255',
             'email'           => 'required|email|max:255|unique:users,email',
             'airline_id'      => 'required',
             'home_airport_id' => 'required',
-            'password'        => 'required|min:5|confirmed',
+            'password'        => $passwordRules,
             'toc_accepted'    => 'accepted',
         ];
 

app/Http/Controllers/Frontend/ProfileController.php

@@ -21,6 +21,7 @@
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Storage;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\View\View;
 use Intervention\Image\Facades\Image;
 use Laracasts\Flash\Flash;
@@ -155,11 +156,20 @@ public function update(Request $request): RedirectResponse
         $id = Auth::user()->id;
         $user = $this->userRepo->findWithoutFail($id);
 
+        $passwordRules = [
+            'confirmed',
+            Password::min(8)
+                ->letters()
+                ->mixedCase()
+                ->numbers()
+                ->uncompromised(),
+        ];
+
         $rules = [
             'name'       => 'required',
             'email'      => 'required|unique:users,email,'.$id,
             'airline_id' => 'required',
-            'password'   => 'confirmed',
+            'password'   => $passwordRules,
             'avatar'     => 'nullable|mimes:jpeg,png,jpg',
         ];
 

app/Http/Controllers/System/InstallerController.php

@@ -21,6 +21,7 @@
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;
 use Illuminate\View\View;
 use RuntimeException;
 
@@ -272,13 +273,23 @@ public function step3(): View
      */
     public function usersetup(Request $request): RedirectResponse|View
     {
+        $passwordRules = [
+            'required',
+            'confirmed',
+            Password::min(8)
+                ->letters()
+                ->mixedCase()
+                ->numbers()
+                ->uncompromised(),
+        ];
+
         $validator = Validator::make($request->all(), [
             'airline_name'    => 'required',
             'airline_icao'    => 'required|size:3|unique:airlines,icao',
             'airline_country' => 'required',
             'name'            => 'required',
             'email'           => 'required|email|unique:users,email',
-            'password'        => 'required|confirmed',
+            'password'        => $passwordRules,
         ]);
 
         if ($validator->fails()) {

resources/views/layouts/default/auth/register.blade.php

@@ -94,7 +94,11 @@
             <input type="password" name="password" id="password" class="form-control" />
           </div>
           @if ($errors->has('password'))
-            <p class="text-danger">{{ $errors->first('password') }}</p>
+            <p class="text-danger">
+              @foreach($errors->get('password') as $error)
+                {{ $error }} <br />
+              @endforeach
+            </p>
           @endif
 
           <label for="password_confirmation" class="control-label">@lang('passwords.confirm')</label>

resources/views/layouts/default/profile/fields.blade.php

@@ -100,9 +100,11 @@
           <div class="input-group form-group-no-border{{ $errors->has('password') ? ' has-danger' : '' }}">
             <input type="password" name="password" id="password" class="form-control" />
           </div>
-          @if ($errors->has('password'))
-            <p class="text-danger">{{ $errors->first('password') }}</p>
-          @endif
+          <p class="text-danger">
+            @foreach($errors->get('password') as $error)
+              {{ $error }} <br />
+            @endforeach
+          </p>
 
           <p>{{ __('passwords.confirm') }}:</p>
           <div class="input-group form-group-no-border{{ $errors->has('password_confirmation') ? ' has-danger' : '' }}">

tests/RegistrationTest.php

@@ -52,13 +52,16 @@ protected function getUserData(): array
         $airline = Airline::factory()->create();
         $home = Airport::factory()->create(['hub' => true]);
 
+        $faker = \Faker\Factory::create();
+        $password = $faker->regexify('[A-Z]{3}[a-z]{3}[0-9]{2}');
+
         return [
             'name'                  => 'Test User',
             'email'                 => '[email protected]',
             'airline_id'            => $airline->id,
             'home_airport_id'       => $home->id,
-            'password'              => 'secret',
-            'password_confirmation' => 'secret',
+            'password'              => $password,
+            'password_confirmation' => $password,
             'toc_accepted'          => true,
         ];
     }

tests/UserTest.php

@@ -293,14 +293,17 @@ public function testUserPilotIdInvalidIATA(): void
      */
     public function testUserPilotIdAdded()
     {
+        $faker = \Faker\Factory::create();
+        $password = Hash::make($faker->regexify('[A-Z]{3}[a-z]{3}[0-9]{2}'));
+
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $user = $this->userSvc->createUser($new_user);
         $this->assertEquals($user->id, $user->pilot_id);
 
         // Add a second user
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $user2 = $this->userSvc->createUser($new_user);
         $this->assertEquals($user2->id, $user2->pilot_id);
 
@@ -315,12 +318,15 @@ public function testUserPilotIdAdded()
 
     public function testUserPilotDeleted()
     {
+        $faker = \Faker\Factory::create();
+        $password = Hash::make($faker->regexify('[A-Z]{3}[a-z]{3}[0-9]{2}'));
+
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $admin_user = $this->userSvc->createUser($new_user);
 
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $user = $this->userSvc->createUser($new_user);
         $this->assertEquals($user->id, $user->pilot_id);
 
@@ -337,12 +343,15 @@ public function testUserPilotDeleted()
 
     public function testUserPilotDeletedWithPireps()
     {
+        $faker = \Faker\Factory::create();
+        $password = Hash::make($faker->regexify('[A-Z]{3}[a-z]{3}[0-9]{2}'));
+
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $admin_user = $this->userSvc->createUser($new_user);
 
         $new_user = User::factory()->make()->makeVisible(['api_key', 'name', 'email'])->toArray();
-        $new_user['password'] = Hash::make('secret');
+        $new_user['password'] = $password;
         $user = $this->userSvc->createUser($new_user);
         $this->assertEquals($user->id, $user->pilot_id);