feat(mon-domifa): add new password rules

SocialGouv · Dec 18, 2023 · 574f009 · 574f009
1 parent 8eb463d
commit 574f009
Show file tree

Hide file tree

Showing 9 changed files with 58 additions and 9 deletions.
diff --git a/.talismanrc b/.talismanrc
@@ -1,8 +1,8 @@
 fileignoreconfig:
 - filename: _scripts/db/dumps/domifa_test.postgres.restore-data-only.sql
-  checksum: 40a85fc5e2ee32756348aecf74a0b85754a55959160b84f0dad9dccdba830468
+  checksum: db202fb5eec3c0341eb1ee4cf2cc3324dbcfe53149626a2166a5b7baddc80823
 - filename: _scripts/db/dumps/domifa_test.postgres.truncate-restore-data-only.sql
-  checksum: 68720419374aa7549545e234e5097408ac669fb4514d6d0d0fffe20e26bfff55
+  checksum: 9001477026fe543968f3b51facc9cf6c51c698089a662b8b3562473ad84934db
 - filename: packages/backend/src/_common/decorators/IsValidPasswordDecorator.ts
   checksum: f0d4b3cd2e6e2d9b1e0271c34d64adacf87a5f1e7a505402a20869962543608d
 - filename: packages/backend/src/_migrations/1699910877010-auto-migration.ts
@@ -15,8 +15,12 @@ fileignoreconfig:
   checksum: ed72b9f80448ddaa06717a97f4f98a01cfca8c4b95ceaa1535b669ca428a0308
 - filename: packages/backend/src/_portail-admin/portail-admin-login/portail-admin-login.controller.spec.ts
   checksum: 3bd78f8919cbe14a45484825d6ce816bc7e2a0456fc53b9beeb1fedb6bdb061a
+- filename: packages/backend/src/_portail-usager/portail-usager-login/portail-usagers-login.controller.spec.ts
+  checksum: 2e02fb9ee9e1324dfab89afeaf4357b6339df59376ea1191f44d394524d6efd8
 - filename: packages/backend/src/_tests/_core/constants/TESTS_USERS_STRUCTURE.mock.ts
   checksum: 7fd396491726fce9ed96ac175c3acdb9ae93ecac0d66e7c6fc5554c5deeceb6f
+- filename: packages/backend/src/_tests/_core/constants/TEST_USER_USAGER.mock.ts
+  checksum: 70745049ab5f62821dd2aeacafc423e3bc2c2004fadcd05dd5f54f1f09722de2
 - filename: packages/backend/src/auth/structures-auth.controller.spec.ts
   checksum: 5cc345a4fee5809b8cbb892e660cfc90a12c674b90919767037e9235a9f222ee
 - filename: packages/backend/src/database/services/user-usager/user-usager-security/userUsagerSecurityPasswordUpdater.service.ts
@@ -25,6 +29,8 @@ fileignoreconfig:
   checksum: b66659fea19859e55afaf0ed47519f0804857e486b2ecc6b01d5ae96f1a86a0b
 - filename: packages/backend/src/users/dto/reset-password.dto.ts
   checksum: 459ec0c5e439bca5375d3a06f4868f8078ca2ad1895fdc5c84bc81cc6bc394fc
+- filename: packages/backend/src/users/dto/usager-login.dto.ts
+  checksum: 809d870844d5224912d7a93997131e4df85156d525153bfc1f3b68fdd06c6548
 - filename: packages/backend/src/users/users.public.controller.spec.ts
   checksum: c92d7fdda68498beff9b1680e5cc4b4ee6f0d658bb5a25efd6dd228fd8ce061e
 - filename: packages/frontend/src/app/modules/general/components/login/login.component.ts
@@ -41,6 +47,8 @@ fileignoreconfig:
   checksum: 628884c40a4907e9161c55bbd77110f15fad0504c7060a7be6be6612fe44daec
 - filename: packages/portail-usagers/src/app/modules/usager-auth/usager-accept-cgu/usager-accept-cgu.component.ts
   checksum: 189eb0e583dc89e07c097b61b59e3ee952d84b098dd0fd75bc7cd4bc71ab3fa5
+- filename: packages/portail-usagers/src/app/modules/usager-auth/usager-login/usager-login.component.ts
+  checksum: b04680c071a8098191859f5a67124df3d168478ee2f997a361595b7244d1f5f7
 - filename: yarn.lock
   checksum: a6cca0f668a649e61f86f18d8f8525a30935f637d8d599b7890009d408cb92d8
 version: "1.0"
diff --git a/_scripts/db/dumps/domifa_test.postgres.custom.gz b/_scripts/db/dumps/domifa_test.postgres.custom.gz
diff --git a/_scripts/db/dumps/domifa_test.postgres.restore-data-only.sql b/_scripts/db/dumps/domifa_test.postgres.restore-data-only.sql
@@ -257,7 +257,7 @@ e0bcefc6-f1be-4c83-ac9d-6ea47335a9c3	2021-03-15 16:53:55.740856+01	2023-09-05 23
 
 COPY public.user_usager (uuid, "createdAt", "updatedAt", version, id, "usagerUUID", "structureId", login, password, salt, "isTemporaryPassword", "lastLogin", "passwordLastUpdate", "lastPasswordResetDate", "lastPasswordResetStructureUser", enabled, "acceptTerms") FROM stdin;
 a657f4bd-e4d1-4c38-bdd0-ffd268b356df	2021-10-05 11:34:41.369505+02	2021-11-30 15:02:07.705535+01	18	1	b2c26e55-ab37-457d-b307-6fe161050a9b	1	WKYJBDXS	$2a$10$cmwXTghEgrGRYTkGIJlj3Owjo8YVVDXOgceAGtkgzcD2M/Tf3Dhb.	$2a$10$/uFyiR8hCe8XkRe7x2fYm.	t	2021-11-30 15:02:07.69+01	\N	2021-10-05 11:34:41.365+02	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
-a03a9a49-ae31-4160-9879-bab02dc46361	2021-11-30 14:50:26.278073+01	2023-11-20 16:40:58.362384+01	17	2	97b7e840-0e93-4bf4-ba7d-0a406aa898f2	1	LNQIFFBK	$2a$10$u..ofvcb5t5a44N0Oriwbew6oz600aoOFzll9yl92Lx1VOb0E8o0a	$2a$10$zmuPXxUOuQJ7nE6ag4.x6e	f	2023-11-20 16:40:58.36+01	2021-11-30 15:01:39.675+01	2021-11-30 14:50:26.275+01	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
+a03a9a49-ae31-4160-9879-bab02dc46361	2021-11-30 14:50:26.278073+01	2023-11-20 16:40:58.362384+01	17	2	97b7e840-0e93-4bf4-ba7d-0a406aa898f2	1	LNQIFFBK	$2a$10$Z7vpACSuSYrcIBIOWGcSm.CHLMq7Ki/6zIKwzXT1baIgxLscGu1Nu	$2a$10$zmuPXxUOuQJ7nE6ag4.x6e	f	2023-11-20 16:40:58.36+01	2021-11-30 15:01:39.675+01	2021-11-30 14:50:26.275+01	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
 \.
 
 

diff --git a/_scripts/db/dumps/domifa_test.postgres.truncate-restore-data-only.sql b/_scripts/db/dumps/domifa_test.postgres.truncate-restore-data-only.sql
@@ -283,7 +283,7 @@ e0bcefc6-f1be-4c83-ac9d-6ea47335a9c3	2021-03-15 16:53:55.740856+01	2023-09-05 23
 
 COPY public.user_usager (uuid, "createdAt", "updatedAt", version, id, "usagerUUID", "structureId", login, password, salt, "isTemporaryPassword", "lastLogin", "passwordLastUpdate", "lastPasswordResetDate", "lastPasswordResetStructureUser", enabled, "acceptTerms") FROM stdin;
 a657f4bd-e4d1-4c38-bdd0-ffd268b356df	2021-10-05 11:34:41.369505+02	2021-11-30 15:02:07.705535+01	18	1	b2c26e55-ab37-457d-b307-6fe161050a9b	1	WKYJBDXS	$2a$10$cmwXTghEgrGRYTkGIJlj3Owjo8YVVDXOgceAGtkgzcD2M/Tf3Dhb.	$2a$10$/uFyiR8hCe8XkRe7x2fYm.	t	2021-11-30 15:02:07.69+01	\N	2021-10-05 11:34:41.365+02	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
-a03a9a49-ae31-4160-9879-bab02dc46361	2021-11-30 14:50:26.278073+01	2023-11-20 16:40:58.362384+01	17	2	97b7e840-0e93-4bf4-ba7d-0a406aa898f2	1	LNQIFFBK	$2a$10$u..ofvcb5t5a44N0Oriwbew6oz600aoOFzll9yl92Lx1VOb0E8o0a	$2a$10$zmuPXxUOuQJ7nE6ag4.x6e	f	2023-11-20 16:40:58.36+01	2021-11-30 15:01:39.675+01	2021-11-30 14:50:26.275+01	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
+a03a9a49-ae31-4160-9879-bab02dc46361	2021-11-30 14:50:26.278073+01	2023-11-20 16:40:58.362384+01	17	2	97b7e840-0e93-4bf4-ba7d-0a406aa898f2	1	LNQIFFBK	$2a$10$Z7vpACSuSYrcIBIOWGcSm.CHLMq7Ki/6zIKwzXT1baIgxLscGu1Nu	$2a$10$zmuPXxUOuQJ7nE6ag4.x6e	f	2023-11-20 16:40:58.36+01	2021-11-30 15:01:39.675+01	2021-11-30 14:50:26.275+01	{"userId": 1, "userName": "Patrick Roméro"}	t	\N
 \.
 
 

diff --git a/...backend/src/_portail-usager/portail-usager-login/portail-usagers-login.controller.spec.ts b/...backend/src/_portail-usager/portail-usager-login/portail-usagers-login.controller.spec.ts
@@ -58,6 +58,17 @@ describe("Usagers Login Controller", () => {
     expect(response.text).toBe(`{"message":"CHANGE_PASSWORD_REQUIRED"}`);
   });
 
+  it("should not accept login for valid usager login/password with a password which not respect rules", async () => {
+    const response = await supertest(context.app.getHttpServer())
+      .post("/portail-usagers/auth/login")
+      .send({
+        login: TEMPORARY_PASS_USER.login,
+        password: TEMPORARY_PASS_USER.password,
+        newPassword: "password007",
+      });
+    expect(response.status).toBe(HttpStatus.BAD_GATEWAY);
+  });
+
   it("should accept login for valid usager login/password with temporary password and new password", async () => {
     const response = await supertest(context.app.getHttpServer())
       .post("/portail-usagers/auth/login")

diff --git a/packages/backend/src/_tests/_core/constants/TEST_USER_USAGER.mock.ts b/packages/backend/src/_tests/_core/constants/TEST_USER_USAGER.mock.ts
@@ -14,7 +14,7 @@ const ALL: TestUserUsager[] = [
     usagerUUID: "97b7e840-0e93-4bf4-ba7d-0a406aa898f2",
     structureId: 1,
     login: "LNQIFFBK",
-    password: "Azerty012345",
+    password: "Azerty012345!",
     isTemporaryPassword: false,
   },
 ];

diff --git a/packages/backend/src/users/dto/usager-login.dto.ts b/packages/backend/src/users/dto/usager-login.dto.ts
@@ -1,6 +1,6 @@
 import { ApiProperty } from "@nestjs/swagger";
 import { IsNotEmpty, IsOptional, IsString, MinLength } from "class-validator";
-import { UpperCaseTransform } from "../../_common/decorators";
+import { IsValidPassword, UpperCaseTransform } from "../../_common/decorators";
 
 export class UsagerLoginDto {
   @ApiProperty({
@@ -27,6 +27,6 @@ export class UsagerLoginDto {
     required: false,
   })
   @IsOptional()
-  @MinLength(8)
+  @IsValidPassword("newPassword")
   public readonly newPassword?: string;
 }
diff --git a/...ages/portail-usagers/src/app/modules/usager-auth/usager-login/usager-login.component.html b/...ages/portail-usagers/src/app/modules/usager-auth/usager-login/usager-login.component.html
@@ -160,6 +160,28 @@ <h1 class="title">Connexion à Mon DomiFa</h1>
               ></fa-icon>
               Au moins une lettre en minuscule
             </p>
+            <p
+              class="my-1"
+              [ngClass]="
+                f.newPassword.errors?.required ||
+                f.newPassword.errors?.hasSpecialCharacter
+                  ? 'text-danger'
+                  : 'text-success'
+              "
+            >
+              <fa-icon
+                aria-hidden="true"
+                [icon]="[
+                  'fas',
+                  f.newPassword.errors?.required ||
+                  f.newPassword.errors?.hasSpecialCharacter
+                    ? 'times-circle'
+                    : 'check-circle'
+                ]"
+              ></fa-icon>
+              Au moins un caractère spécial:
+              @[]^_!"#$%&amp;&apos;()*+,\-./:;&lbrace;&rbrace;&lt;&gt;=|~?
+            </p>
             <p
               class="my-1"
               [ngClass]="

diff --git a/packages/portail-usagers/src/app/modules/usager-auth/usager-login/usager-login.component.ts b/packages/portail-usagers/src/app/modules/usager-auth/usager-login/usager-login.component.ts
@@ -76,7 +76,7 @@ export class UsagerLoginComponent implements OnInit, OnDestroy {
   public initForm(): void {
     this.loginForm = this.formBuilder.group(
       {
-        password: ["", Validators.required],
+        password: ["", [Validators.minLength(8), Validators.required]],
         login: ["", [Validators.required]],
         newPassword: [
           { value: "", disabled: true },
@@ -91,7 +91,15 @@ export class UsagerLoginComponent implements OnInit, OnDestroy {
             PasswordValidator.patternValidator(/[a-z]/, {
               hasLowerCase: true,
             }),
-            Validators.minLength(8),
+            PasswordValidator.patternValidator(
+              // eslint-disable-next-line no-useless-escape
+              /[@\[\]^_!"#$%&'()*+,\-./:;{}<>=|~?]/,
+              {
+                hasSpecialCharacter: true,
+              },
+            ),
+            Validators.minLength(12),
+            Validators.maxLength(150),
           ]),
         ],
         newPasswordConfirm: [