From 6842904cb54338cf9bd5cffb048366a6e62ade40 Mon Sep 17 00:00:00 2001
From: Jeremy Angele <jeremy.angele@proton.me>
Date: Mon, 28 Oct 2024 21:57:00 +0100
Subject: [PATCH] Remove deprecated fortify password policy and add a stricter
 one

---
 app/Actions/Fortify/CreateNewUser.php          |  5 ++---
 .../Fortify/PasswordValidationRules.php        | 18 ------------------
 app/Actions/Fortify/ResetUserPassword.php      |  5 ++---
 app/Actions/Fortify/UpdateUserPassword.php     |  5 ++---
 app/Livewire/ForcePasswordReset.php            | 13 ++++++++-----
 app/Livewire/Profile/Index.php                 |  6 +++---
 app/Providers/AppServiceProvider.php           |  9 +++++++++
 7 files changed, 26 insertions(+), 35 deletions(-)
 delete mode 100644 app/Actions/Fortify/PasswordValidationRules.php

diff --git a/app/Actions/Fortify/CreateNewUser.php b/app/Actions/Fortify/CreateNewUser.php
index 481757162..9f97dd0d4 100644
--- a/app/Actions/Fortify/CreateNewUser.php
+++ b/app/Actions/Fortify/CreateNewUser.php
@@ -6,12 +6,11 @@ use App\Models\User;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\Rule;
+use Illuminate\Validation\Rules\Password;
 use Laravel\Fortify\Contracts\CreatesNewUsers;
 
 class CreateNewUser implements CreatesNewUsers
 {
-    use PasswordValidationRules;
-
     /**
      * Validate and create a newly registered user.
      *
@@ -32,7 +31,7 @@ class CreateNewUser implements CreatesNewUsers
                 'max:255',
                 Rule::unique(User::class),
             ],
-            'password' => $this->passwordRules(),
+            'password' => ['required', Password::defaults(), 'confirmed'],
         ])->validate();
 
         if (User::count() == 0) {
diff --git a/app/Actions/Fortify/PasswordValidationRules.php b/app/Actions/Fortify/PasswordValidationRules.php
deleted file mode 100644
index 92fcc7532..000000000
--- a/app/Actions/Fortify/PasswordValidationRules.php
+++ /dev/null
@@ -1,18 +0,0 @@
-<?php
-
-namespace App\Actions\Fortify;
-
-use Laravel\Fortify\Rules\Password;
-
-trait PasswordValidationRules
-{
-    /**
-     * Get the validation rules used to validate passwords.
-     *
-     * @return array<int, \Illuminate\Contracts\Validation\Rule|array|string>
-     */
-    protected function passwordRules(): array
-    {
-        return ['required', 'string', new Password, 'confirmed'];
-    }
-}
diff --git a/app/Actions/Fortify/ResetUserPassword.php b/app/Actions/Fortify/ResetUserPassword.php
index 7a57c5037..d3727a52c 100644
--- a/app/Actions/Fortify/ResetUserPassword.php
+++ b/app/Actions/Fortify/ResetUserPassword.php
@@ -5,12 +5,11 @@ namespace App\Actions\Fortify;
 use App\Models\User;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;
 use Laravel\Fortify\Contracts\ResetsUserPasswords;
 
 class ResetUserPassword implements ResetsUserPasswords
 {
-    use PasswordValidationRules;
-
     /**
      * Validate and reset the user's forgotten password.
      *
@@ -19,7 +18,7 @@ class ResetUserPassword implements ResetsUserPasswords
     public function reset(User $user, array $input): void
     {
         Validator::make($input, [
-            'password' => $this->passwordRules(),
+            'password' => ['required', Password::defaults(), 'confirmed'],
         ])->validate();
 
         $user->forceFill([
diff --git a/app/Actions/Fortify/UpdateUserPassword.php b/app/Actions/Fortify/UpdateUserPassword.php
index 700563905..0c51ec56d 100644
--- a/app/Actions/Fortify/UpdateUserPassword.php
+++ b/app/Actions/Fortify/UpdateUserPassword.php
@@ -5,12 +5,11 @@ namespace App\Actions\Fortify;
 use App\Models\User;
 use Illuminate\Support\Facades\Hash;
 use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\Rules\Password;
 use Laravel\Fortify\Contracts\UpdatesUserPasswords;
 
 class UpdateUserPassword implements UpdatesUserPasswords
 {
-    use PasswordValidationRules;
-
     /**
      * Validate and update the user's password.
      *
@@ -20,7 +19,7 @@ class UpdateUserPassword implements UpdatesUserPasswords
     {
         Validator::make($input, [
             'current_password' => ['required', 'string', 'current_password:web'],
-            'password' => $this->passwordRules(),
+            'password' => ['required', Password::defaults(), 'confirmed'],
         ], [
             'current_password.current_password' => __('The provided password does not match your current password.'),
         ])->validateWithBag('updatePassword');
diff --git a/app/Livewire/ForcePasswordReset.php b/app/Livewire/ForcePasswordReset.php
index 73ce5bcc0..61a2a20e9 100644
--- a/app/Livewire/ForcePasswordReset.php
+++ b/app/Livewire/ForcePasswordReset.php
@@ -4,6 +4,7 @@ namespace App\Livewire;
 
 use DanHarrin\LivewireRateLimiting\WithRateLimiting;
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rules\Password;
 use Livewire\Component;
 
 class ForcePasswordReset extends Component
@@ -16,11 +17,13 @@ class ForcePasswordReset extends Component
 
     public string $password_confirmation;
 
-    protected $rules = [
-        'email' => 'required|email',
-        'password' => 'required|min:8',
-        'password_confirmation' => 'required|same:password',
-    ];
+    public function rules(): array
+    {
+        return [
+            'email' => ['required', 'email'],
+            'password' => ['required', Password::defaults(), 'confirmed'],
+        ];
+    }
 
     public function mount()
     {
diff --git a/app/Livewire/Profile/Index.php b/app/Livewire/Profile/Index.php
index 3be1b05ce..483f68cf8 100644
--- a/app/Livewire/Profile/Index.php
+++ b/app/Livewire/Profile/Index.php
@@ -3,6 +3,7 @@
 namespace App\Livewire\Profile;
 
 use Illuminate\Support\Facades\Hash;
+use Illuminate\Validation\Rules\Password;
 use Livewire\Attributes\Validate;
 use Livewire\Component;
 
@@ -48,9 +49,8 @@ class Index extends Component
     {
         try {
             $this->validate([
-                'current_password' => 'required',
-                'new_password' => 'required|min:8',
-                'new_password_confirmation' => 'required|min:8|same:new_password',
+                'current_password' => ['required'],
+                'new_password' => ['required', Password::defaults(), 'confirmed'],
             ]);
             if (! Hash::check($this->current_password, auth()->user()->password)) {
                 $this->dispatch('error', 'Current password is incorrect.');
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
index 8b4c2eef2..1fffd0399 100644
--- a/app/Providers/AppServiceProvider.php
+++ b/app/Providers/AppServiceProvider.php
@@ -5,6 +5,7 @@ namespace App\Providers;
 use App\Models\PersonalAccessToken;
 use Illuminate\Support\Facades\Http;
 use Illuminate\Support\ServiceProvider;
+use Illuminate\Validation\Rules\Password;
 use Laravel\Sanctum\Sanctum;
 
 class AppServiceProvider extends ServiceProvider
@@ -15,6 +16,14 @@ class AppServiceProvider extends ServiceProvider
     {
         Sanctum::usePersonalAccessTokenModel(PersonalAccessToken::class);
 
+        Password::defaults(function () {
+            $rule = Password::min(8);
+
+            return $this->app->isProduction()
+                ? $rule->mixedCase()->letters()->numbers()->symbols()
+                : $rule;
+        });
+
         Http::macro('github', function (string $api_url, ?string $github_access_token = null) {
             if ($github_access_token) {
                 return Http::withHeaders([