Winsomnia/MireaBackend
2
0
Fork 0
Code Pull Requests Actions Projects Releases Activity

feat: give the user the ability to make a password policy

Browse Source
This commit is contained in:
Polianin Nikita
2024-12-18 07:27:57 +03:00
parent 598ebabc5c
commit e760ddae0a
8 changed files with 159 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Endpoint/Controllers/V1/AuthController.cs
View File

@ -149,13 +149,16 @@ public class AuthController(IOptionsSnapshot<Admin> user, AuthService auth, Pass
[BadRequestResponse]
public ActionResult<string> RenewPassword([FromBody] string? password = null)
{
var passwordPolicy = generalConfig.Value.PasswordPolicy;
var passwordPolicyService = new PasswordPolicyService(passwordPolicy);
if (string.IsNullOrEmpty(password))
password = string.Empty;
else if (!PasswordHashService.HasPasswordInPolicySecurity(password))
throw new ControllerArgumentException("The password must be at least 8 characters long and contain at least one uppercase letter and one special character.");
else
passwordPolicyService.ValidatePasswordOrThrow(password);
while (!PasswordHashService.HasPasswordInPolicySecurity(password))
password = GeneratorKey.GenerateAlphaNumeric(16, includes: "!@#%^");
while (!passwordPolicyService.TryValidatePassword(password))
password = GeneratorKey.GenerateAlphaNumeric(passwordPolicy.MinimumLength + 2, includes: "!@#%^");
var (salt, hash) = passwordService.HashPassword(password);

26
Endpoint/Controllers/V1/SecurityController.cs Normal file
View File

@ -0,0 +1,26 @@
using Asp.Versioning;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Options;
using Mirea.Api.Dto.Common;
using Mirea.Api.Endpoint.Common.Attributes;
using Mirea.Api.Endpoint.Common.MapperDto;
using Mirea.Api.Endpoint.Configuration.Model;
using QRCoder;
using System;
using System.Drawing;
namespace Mirea.Api.Endpoint.Controllers.V1;
[ApiVersion("1.0")]
public class SecurityController(IOptionsSnapshot<GeneralConfig> generalConfig) : BaseController
{
/// <summary>
/// Retrieves the current password policy for user authentication.
/// </summary>
/// <returns>
/// The current password policy
/// </returns>
[HttpGet("PasswordPolicy")]
public ActionResult<PasswordPolicy> PasswordPolicy() =>
Ok(generalConfig.Value.PasswordPolicy.ConvertToDto());
}