feature #54881 [Validator] Make PasswordStrengthValidator::estimateStrength() public (yalit)

derrabus · derrabus · commit 64fa4b5a94ab · 2024-05-21T18:14:55.000+02:00
This PR was merged into the 7.2 branch. Discussion ---------- [Validator] Make `PasswordStrengthValidator::estimateStrength()` public | Q | A | ------------- | --- | Branch? | 7.1 | Bug fix? | no | New feature? | yes (allows for externally | Deprecations? | no | Issues | na | License | MIT Linked to the PasswordStrength Constraint, the need is to be able to get the "strength" of a password and not just only if it's strong enough. For instance, the need is to show a "score" bar in the frontend. Currently, the strength is being computed by a private function within the PasswordStrengthValidator not accessible directly. The proposed change is to extract that computation in a specific `PasswordStrengthEstimator` service for it to be accessible from the "external" world. The best way to do so would be to inject the service in the Validator constructor but doing that it would break the compatibility as the current constructor is receiving a Closure to allow for self-strength computation. So here the service is called from within the Validator directly and so maintaining the Backward Compatibility I created the same PR but with no Backward Compatibility (service injected in the constructor) here : #54882 Commits ------- e058d92 [Validator] Make `PasswordStrengthValidator::estimateStrength()` public
diff --git a/src/Symfony/Component/Validator/CHANGELOG.md b/src/Symfony/Component/Validator/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+7.2
+---
+
+ * Make `PasswordStrengthValidator::estimateStrength()` public
+
 7.1
 ---
 
diff --git a/src/Symfony/Component/Validator/Constraints/PasswordStrengthValidator.php b/src/Symfony/Component/Validator/Constraints/PasswordStrengthValidator.php
@@ -57,7 +57,7 @@ public function validate(#[\SensitiveParameter] mixed $value, Constraint $constr
      *
      * @return PasswordStrength::STRENGTH_*
      */
-    private static function estimateStrength(#[\SensitiveParameter] string $password): int
+    public static function estimateStrength(#[\SensitiveParameter] string $password): int
     {
         if (!$length = \strlen($password)) {
             return PasswordStrength::STRENGTH_VERY_WEAK;
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/PasswordStrengthValidatorTest.php b/src/Symfony/Component/Validator/Tests/Constraints/PasswordStrengthValidatorTest.php
@@ -92,4 +92,20 @@ public static function provideInvalidConstraints(): iterable
             '0',
         ];
     }
+
+    /**
+     * @dataProvider getPasswordValues
+     */
+    public function testStrengthEstimator(string $password, int $expectedStrength)
+    {
+        self::assertSame($expectedStrength, PasswordStrengthValidator::estimateStrength((string) $password));
+    }
+
+    public static function getPasswordValues(): iterable
+    {
+        yield ['How-is-this', PasswordStrength::STRENGTH_WEAK];
+        yield ['Reasonable-pwd', PasswordStrength::STRENGTH_MEDIUM];
+        yield ['This 1s a very g00d Pa55word! ;-)', PasswordStrength::STRENGTH_VERY_STRONG];
+        yield ['pudding-smack-👌🏼-fox-😎', PasswordStrength::STRENGTH_VERY_STRONG];
+    }
 }
diff --git a/src/Symfony/Component/Validator/Tests/Constraints/PasswordStrengthValidatorWithClosureTest.php b/src/Symfony/Component/Validator/Tests/Constraints/PasswordStrengthValidatorWithClosureTest.php
@@ -0,0 +1,104 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Validator\Tests\Constraints;
+
+use Symfony\Component\Validator\Constraints\PasswordStrength;
+use Symfony\Component\Validator\Constraints\PasswordStrengthValidator;
+use Symfony\Component\Validator\Test\ConstraintValidatorTestCase;
+use Symfony\Component\Validator\Tests\Constraints\Fixtures\StringableValue;
+
+class PasswordStrengthValidatorWithClosureTest extends ConstraintValidatorTestCase
+{
+    protected function createValidator(): PasswordStrengthValidator
+    {
+        return new PasswordStrengthValidator(static function (string $value) {
+            $length = \strlen($value);
+
+            return match (true) {
+                $length < 6 => PasswordStrength::STRENGTH_VERY_WEAK,
+                $length < 10 => PasswordStrength::STRENGTH_WEAK,
+                $length < 15 => PasswordStrength::STRENGTH_MEDIUM,
+                $length < 20 => PasswordStrength::STRENGTH_STRONG,
+                default => PasswordStrength::STRENGTH_VERY_STRONG,
+            };
+        });
+    }
+
+    /**
+     * @dataProvider getValidValues
+     */
+    public function testValidValues(string|\Stringable $value, int $expectedStrength)
+    {
+        $this->validator->validate($value, new PasswordStrength(minScore: $expectedStrength));
+
+        $this->assertNoViolation();
+
+        if (PasswordStrength::STRENGTH_VERY_STRONG === $expectedStrength) {
+            return;
+        }
+
+        $this->validator->validate($value, new PasswordStrength(minScore: $expectedStrength + 1));
+
+        $this->buildViolation('The password strength is too low. Please use a stronger password.')
+            ->setCode(PasswordStrength::PASSWORD_STRENGTH_ERROR)
+            ->setParameter('{{ strength }}', $expectedStrength)
+            ->assertRaised();
+    }
+
+    public static function getValidValues(): iterable
+    {
+        yield ['az34tyu', PasswordStrength::STRENGTH_WEAK];
+        yield ['A med1um one', PasswordStrength::STRENGTH_MEDIUM];
+        yield ['a str0ng3r one doh', PasswordStrength::STRENGTH_STRONG];
+        yield [new StringableValue('HeloW0rld'), PasswordStrength::STRENGTH_WEAK];
+    }
+
+    /**
+     * @dataProvider provideInvalidConstraints
+     */
+    public function testThePasswordIsWeak(PasswordStrength $constraint, string $password, string $expectedMessage, string $expectedCode, string $strength)
+    {
+        $this->validator->validate($password, $constraint);
+
+        $this->buildViolation($expectedMessage)
+            ->setCode($expectedCode)
+            ->setParameters([
+                '{{ strength }}' => $strength,
+            ])
+            ->assertRaised();
+    }
+
+    public static function provideInvalidConstraints(): iterable
+    {
+        yield [
+            new PasswordStrength(),
+            'password',
+            'The password strength is too low. Please use a stronger password.',
+            PasswordStrength::PASSWORD_STRENGTH_ERROR,
+            (string) PasswordStrength::STRENGTH_WEAK,
+        ];
+        yield [
+            new PasswordStrength(minScore: PasswordStrength::STRENGTH_VERY_STRONG),
+            'Good password?',
+            'The password strength is too low. Please use a stronger password.',
+            PasswordStrength::PASSWORD_STRENGTH_ERROR,
+            (string) PasswordStrength::STRENGTH_MEDIUM,
+        ];
+        yield [
+            new PasswordStrength(message: 'This password should be strong.'),
+            'password',
+            'This password should be strong.',
+            PasswordStrength::PASSWORD_STRENGTH_ERROR,
+            (string) PasswordStrength::STRENGTH_WEAK,
+        ];
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,7 @@ public function validate(#[\SensitiveParameter] mixed $value, Constraint $constr`
`57`	`57`	`*`
`58`	`58`	`* @return PasswordStrength::STRENGTH_*`
`59`	`59`	`*/`
`60`		`- private static function estimateStrength(#[\SensitiveParameter] string $password): int`
	`60`	`+ public static function estimateStrength(#[\SensitiveParameter] string $password): int`
`61`	`61`	`{`
`62`	`62`	`if (!$length = \strlen($password)) {`
`63`	`63`	`return PasswordStrength::STRENGTH_VERY_WEAK;`