cartodb-4.42/app/models/carto/helpers/password.rb

90 lines
2.9 KiB
Ruby
Raw Normal View History

2024-04-06 13:25:13 +08:00
module Carto::Password
def valid_password?(key, value, confirmation_value)
password_validator.validate(value, confirmation_value, self).each { |e| errors.add(key, e) }
validate_password_not_in_use(nil, value, key)
errors[key].empty?
end
def password_validator
if organization.try(:strong_passwords_enabled)
Carto::PasswordValidator.new(Carto::StrongPasswordStrategy.new)
else
Carto::PasswordValidator.new(Carto::StandardPasswordStrategy.new)
end
end
def validate_password_not_in_use(old_password = nil, new_password = nil, key = :new_password)
if password_in_use?(old_password, new_password)
errors.add(key, 'New password cannot be the same as old password')
end
errors[key].empty?
end
def validate_old_password(old_password)
return true unless needs_password_confirmation?
Carto::Common::EncryptionService.verify(password: old_password, secure_password: crypted_password,
secret: Cartodb.config[:password_secret])
end
def valid_password_confirmation(password)
valid = validate_old_password(password)
errors.add(:password, 'Confirmation password sent does not match your current password') unless valid
valid
end
# Some operations, such as user deletion, won't ask for password confirmation if password is not set
# (because of Google/Github sign in, for example)
def needs_password_confirmation?
(!oauth_signin? || last_password_change_date.present?) &&
!created_with_http_authentication? &&
!organization.try(:auth_saml_enabled?)
end
def password_expired?
return false unless password_expiration_in_d && password_set?
password_date + password_expiration_in_d.days.to_i < Time.now
end
def password_expiration_in_d
organization_user? ? organization.password_expiration_in_d : Cartodb.get_config(:passwords, 'expiration_in_d')
end
def password_date
last_password_change_date || created_at
end
def security_token
return if session_salt.blank?
Carto::Common::EncryptionService.encrypt(sha_class: Digest::SHA256, password: crypted_password, salt: session_salt)
end
def can_change_password?
!Carto::Ldap::Manager.new.configuration_present?
end
def password=(value)
return if !Carto::Ldap::Manager.new.configuration_present? && !valid_password?(:password, value, value)
return if !value.nil? && password_validator.validate(value, value, self).any?
@password = value
self.crypted_password = Carto::Common::EncryptionService.encrypt(password: value,
secret: Cartodb.config[:password_secret])
set_last_password_change_date
end
def password_confirmation=(password_confirmation)
set_last_password_change_date
@password_confirmation = password_confirmation
end
private
def set_last_password_change_date
self.last_password_change_date = Time.zone.now unless new_record?
end
end