Ticket #897 : Can configure password requirements

Author: habarthierry-hue

formbuilder/FormBuilder/Components/Form/FormViewer.razor

@@ -51,24 +51,33 @@
 
                 @if (Context.Execution != null)
                 {
-                    if (Context.Execution.ErrorMessages != null)
+                    if (Context.Execution.ErrorMessages != null && Context.Execution.ErrorMessages.Any())
                     {
-                        @foreach (var errorMessage in Context.Execution.ErrorMessages)
-                        {
-                            <RadzenAlert AlertStyle="AlertStyle.Danger" Variant="Variant.Flat" Shade="Shade.Lighter">
-                                @TranslateErrorMessage(errorMessage)
-                            </RadzenAlert>
-                        }
+                        <RadzenAlert AlertStyle="AlertStyle.Danger" Variant="Variant.Flat" Shade="Shade.Lighter">
+                            <ul>
+                                @foreach (var errorMessage in Context.Execution.ErrorMessages)
+                                {
+                                    <li>
+                                        @TranslateErrorMessage(errorMessage)
+                                    </li>
+
+                                }
+                            </ul>
+                        </RadzenAlert>
                     }
 
-                    if (Context.Execution.SuccessMessages != null)
+                    if (Context.Execution.SuccessMessages != null && Context.Execution.SuccessMessages.Any())
                     {
-                        @foreach (var successMessage in Context.Execution.SuccessMessages)
-                        {
-                            <RadzenAlert AlertStyle="AlertStyle.Success" Variant="Variant.Flat" Shade="Shade.Lighter">
-                                @TranslateSuccessMessage(successMessage)
-                            </RadzenAlert>
-                        }
+                        <RadzenAlert AlertStyle="AlertStyle.Success" Variant="Variant.Flat" Shade="Shade.Lighter">
+                            <ul>
+                                @foreach (var successMessage in Context.Execution.SuccessMessages)
+                                {
+                                    <li>
+                                        @TranslateSuccessMessage(successMessage)
+                                    </li>
+                                }
+                            </ul>
+                        </RadzenAlert>
                     }
                 }
 
@@ -203,25 +212,27 @@
     private string TranslateSuccessMessage(string message)
     {
         var currentCulture = Thread.CurrentThread.CurrentUICulture.TwoLetterISOLanguageName;
-        var translation = Form.SuccessMessageTranslations.SingleOrDefault(t => t.Code == message && t.Language == currentCulture);
+        var translationKey = TranslationKeyParser.Parse(message);
+        var translation = Form.SuccessMessageTranslations.SingleOrDefault(t => t.Code == translationKey.Code && t.Language == currentCulture);
         if(translation == null)
         {
             return message;
         }
 
-        return translation.Value;
+        return string.Format(translation.Value, translationKey.Args);
     }
 
     private string TranslateErrorMessage(string message)
     {
         var currentCulture = Thread.CurrentThread.CurrentUICulture.TwoLetterISOLanguageName;
-        var translation = Form.ErrorMessageTranslations.SingleOrDefault(t => t.Code == message && t.Language == currentCulture);
+        var translationKey = TranslationKeyParser.Parse(message);
+        var translation = Form.ErrorMessageTranslations.SingleOrDefault(t => t.Code == translationKey.Code && t.Language == currentCulture);
         if (translation == null)
         {
             return message;
         }
 
-        return translation.Value;
+        return string.Format(translation.Value, translationKey.Args);
     }
 
     private void Init()

formbuilder/FormBuilder/Helpers/TranslationKeyParser.cs

@@ -0,0 +1,29 @@
+namespace FormBuilder.Helpers
+{
+    public class TranslationKeyParser
+    {
+        public static string Serialize(string code, params string[] args)
+        {
+            var lst = new List<string> { code };
+            if(args != null)
+            {
+                lst.AddRange(args);
+            }
+
+            return string.Join(".", lst);
+        }
+
+        public static (string Code, string[] Args) Parse(string translationKey)
+        {
+            var parts = translationKey.Split('.');
+            var code = parts[0];
+            if (parts.Length == 1)
+            {
+                return (code, Array.Empty<string>());
+            }
+
+            var args = parts.Skip(1).ToArray();
+            return (code, args);
+        }
+    }
+}

src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerBuilderExtensions.cs

@@ -3,6 +3,7 @@
 
 using DataSeeder;
 using FormBuilder;
+using Microsoft.Extensions.DependencyInjection.Extensions;
 using SimpleIdServer.IdServer;
 using SimpleIdServer.IdServer.Options;
 using SimpleIdServer.IdServer.Pwd;
@@ -26,6 +27,7 @@ public static class IdServerBuilderExtensions
     public static IdServerBuilder AddPwdAuthentication(this IdServerBuilder idServerBuilder, bool isDefaultAuthMethod = false)
     {
         idServerBuilder.MvcBuilder.AddApplicationPart(typeof(AuthenticateController).Assembly);
+        idServerBuilder.Services.RemoveAll<IPasswordValidationService>();
         idServerBuilder.Services.AddTransient<IAuthenticationMethodService, PwdAuthenticationMethodService>();
         idServerBuilder.Services.AddTransient<IPasswordAuthenticationService, PasswordAuthenticationService>();
         idServerBuilder.Services.AddTransient<IUserAuthenticationService, PasswordAuthenticationService>();
@@ -39,6 +41,7 @@ public static IdServerBuilder AddPwdAuthentication(this IdServerBuilder idServer
         idServerBuilder.Services.AddTransient<IDataSeeder, InitPwdConfigurationDefDataseeder>();
         idServerBuilder.Services.AddTransient<IDataSeeder, UpdatePwdFormDataseeder>();
         idServerBuilder.Services.AddTransient<IFakerDataService, PwdAuthFakerService>();
+        idServerBuilder.Services.AddTransient<IPasswordValidationService, PasswordValidationService>();
         idServerBuilder.AutomaticConfigurationOptions.Add(typeof(IdServerPasswordOptions));
         if (isDefaultAuthMethod)
         {

src/IdServer/SimpleIdServer.IdServer.Pwd/IdServerPasswordOptions.cs

@@ -26,4 +26,50 @@ public class IdServerPasswordOptions
     /// </summary>
     [ConfigurationRecord("Expiration time", "Expiration time in seconds of the reset link", order: 3)]
     public int ResetPasswordLinkExpirationInSeconds { get; set; } = 30;
+
+    /// <summary>
+    /// Enable password validation.
+    /// </summary>
+    [ConfigurationRecord("Password validation", "Enable or disable the password validation", order: 4)]
+    public bool EnableValidation { get; set; } = false;
+
+    /// <summary>
+    /// Gets or sets the minimum length a password must be. Defaults to 6.
+    /// </summary>
+    [ConfigurationRecord("Required length", "Gets or sets the minimum length a password must be", order: 5, displayCondition: "EnableValidation=true")]
+    public int RequiredLength { get; set; } = 6;
+
+    /// <summary>
+    /// Gets or sets the minimum number of unique characters which a password must contain. Defaults to 1.
+    /// </summary>
+    [ConfigurationRecord("Required unique chars", "Gets or sets the minimum number of unique characters which a password must contain", order: 6, displayCondition: "EnableValidation=true")]
+    public int RequiredUniqueChars { get; set; } = 1;
+
+    /// <summary>
+    /// Gets or sets a flag indicating if passwords must contain a non-alphanumeric character. Defaults to true.
+    /// </summary>
+    /// <value>True if passwords must contain a non-alphanumeric character, otherwise false.</value>
+    [ConfigurationRecord("Require non alpha numeric", "Gets or sets a flag indicating if passwords must contain a non-alphanumeric character", order: 7, displayCondition: "EnableValidation=true")]
+    public bool RequireNonAlphanumeric { get; set; } = true;
+
+    /// <summary>
+    /// Gets or sets a flag indicating if passwords must contain a lower case ASCII character. Defaults to true.
+    /// </summary>
+    /// <value>True if passwords must contain a lower case ASCII character.</value>
+    [ConfigurationRecord("Require lower case", "Gets or sets a flag indicating if passwords must contain a lower case ASCII character.", order: 8, displayCondition: "EnableValidation=true")]
+    public bool RequireLowercase { get; set; } = true;
+
+    /// <summary>
+    /// Gets or sets a flag indicating if passwords must contain a upper case ASCII character. Defaults to true.
+    /// </summary>
+    /// <value>True if passwords must contain a upper case ASCII character.</value>
+    [ConfigurationRecord("Require upper case", "Gets or sets a flag indicating if passwords must contain a upper case ASCII character.", order: 9, displayCondition: "EnableValidation=true")]
+    public bool RequireUppercase { get; set; } = true;
+
+    /// <summary>
+    /// Gets or sets a flag indicating if passwords must contain a digit. Defaults to true.
+    /// </summary>
+    /// <value>True if passwords must contain a digit.</value>
+    [ConfigurationRecord("Require digit", "Gets or sets a flag indicating if passwords must contain a digit.", order: 10, displayCondition: "EnableValidation=true")]
+    public bool RequireDigit { get; set; } = true;
 }

src/IdServer/SimpleIdServer.IdServer.Pwd/Services/PasswordValidationService.cs

@@ -0,0 +1,105 @@
+// Copyright (c) SimpleIdServer. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
+using FormBuilder.Helpers;
+using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Configuration;
+using SimpleIdServer.IdServer.Layout.AuthFormLayout;
+using SimpleIdServer.IdServer.Resources;
+
+namespace SimpleIdServer.IdServer.Pwd.Services
+{
+    public class PasswordValidationService : IPasswordValidationService
+    {
+        private readonly IConfiguration _configuration;
+
+        public PasswordValidationService(IConfiguration configuration)
+        {
+            _configuration = configuration;
+        }
+
+        public IdentityErrorDescriber Describer { get; private set; }
+
+        public List<(string code, string errorMessage)>? Validate(string password)
+        {
+            var options = GetOptions();
+            if (!options.EnableValidation)
+            {
+                return null;
+            }
+
+            var pwdOptions = new PasswordOptions
+            {
+                RequiredLength = options.RequiredLength,
+                RequiredUniqueChars = options.RequiredUniqueChars,
+                RequireNonAlphanumeric = options.RequireNonAlphanumeric,
+                RequireLowercase = options.RequireLowercase,
+                RequireUppercase = options.RequireUppercase,
+                RequireDigit = options.RequireDigit
+            };
+            return Validate(password, pwdOptions);
+        }
+
+        private List<(string code, string errorMessage)>? Validate(string password, PasswordOptions options)
+        {
+            List<(string code, string errorMessage)>? errors = null;
+            if (string.IsNullOrWhiteSpace(password) || password.Length < options.RequiredLength)
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((TranslationKeyParser.Serialize(AuthFormErrorMessages.PasswordTooShort, options.RequiredLength.ToString()), string.Format(Global.PasswordTooShort, options.RequiredLength)));
+            }
+            if (options.RequireNonAlphanumeric && password.All(IsLetterOrDigit))
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((AuthFormErrorMessages.PasswordRequiresNonAlphanumeric, Global.PasswordRequiresNonAlphanumeric));
+            }
+            if (options.RequireDigit && !password.Any(IsDigit))
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((AuthFormErrorMessages.PasswordRequiresDigit, Global.PasswordRequiresDigit));
+            }
+            if (options.RequireLowercase && !password.Any(IsLower))
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((AuthFormErrorMessages.PasswordRequiresLower, Global.PasswordRequiresLower));
+            }
+            if (options.RequireUppercase && !password.Any(IsUpper))
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((AuthFormErrorMessages.PasswordRequiresUpper, Global.PasswordRequiresUpper));
+            }
+            if (options.RequiredUniqueChars >= 1 && password.Distinct().Count() < options.RequiredUniqueChars)
+            {
+                errors ??= new List<(string code, string errorMessage)>();
+                errors.Add((TranslationKeyParser.Serialize(AuthFormErrorMessages.RequiredUniqueChars, options.RequiredLength.ToString()), string.Format(Global.RequiredUniqueChars, options.RequiredUniqueChars)));
+            }
+
+            return errors;
+        }
+
+        public virtual bool IsDigit(char c)
+        {
+            return c >= '0' && c <= '9';
+        }
+
+        public virtual bool IsLower(char c)
+        {
+            return c >= 'a' && c <= 'z';
+        }
+
+        public virtual bool IsUpper(char c)
+        {
+            return c >= 'A' && c <= 'Z';
+        }
+
+        public virtual bool IsLetterOrDigit(char c)
+        {
+            return IsUpper(c) || IsLower(c) || IsDigit(c);
+        }
+
+        private IdServerPasswordOptions GetOptions()
+        {
+            var section = _configuration.GetSection(typeof(IdServerPasswordOptions).Name);
+            return section.Get<IdServerPasswordOptions>() ?? new IdServerPasswordOptions();
+        }
+    }
+}

src/IdServer/SimpleIdServer.IdServer.Pwd/StandardPwdAuthForms.cs

@@ -253,6 +253,12 @@ public class StandardPwdAuthForms
         .AddErrorMessage(AuthFormErrorMessages.MissingConfirmedPassword, Global.MissingConfirmedPassword)
         .AddErrorMessage(AuthFormErrorMessages.PasswordMismatch, Global.PasswordMismatch)
         .AddErrorMessage(AuthFormErrorMessages.OtpCodeIsInvalid, Global.OtpCodeIsInvalid)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordTooShort, Global.PasswordTooShort)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresNonAlphanumeric, Global.PasswordRequiresNonAlphanumeric)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresDigit, Global.PasswordRequiresDigit)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresLower, Global.PasswordRequiresLower)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresUpper, Global.PasswordRequiresUpper)
+        .AddErrorMessage(AuthFormErrorMessages.RequiredUniqueChars, Global.RequiredUniqueChars)
         .AddSuccessMessage(AuthFormSuccessMessages.PasswordIsUpdated, Global.PasswordIsUpdated)
         .Build();
 
@@ -303,5 +309,11 @@ public class StandardPwdAuthForms
         .AddErrorMessage(AuthFormErrorMessages.CannotResolveUser, Global.CannotResolveUser)
         .AddErrorMessage(AuthFormErrorMessages.NoActivePassword, Global.NoActivePassword)
         .AddErrorMessage(AuthFormErrorMessages.PasswordIsNotTemporary, Global.PasswordIsNotTemporary)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordTooShort, Global.PasswordTooShort)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresNonAlphanumeric, Global.PasswordRequiresNonAlphanumeric)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresDigit, Global.PasswordRequiresDigit)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresLower, Global.PasswordRequiresLower)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresUpper, Global.PasswordRequiresUpper)
+        .AddErrorMessage(AuthFormErrorMessages.RequiredUniqueChars, Global.RequiredUniqueChars)
         .Build();
 }

src/IdServer/SimpleIdServer.IdServer.Pwd/StandardPwdRegisterForms.cs

@@ -3,6 +3,7 @@
 using FormBuilder.Components.FormElements.StackLayout;
 using FormBuilder.Models;
 using SimpleIdServer.IdServer.Layout;
+using SimpleIdServer.IdServer.Layout.AuthFormLayout;
 using SimpleIdServer.IdServer.Layout.RegisterFormLayout;
 using SimpleIdServer.IdServer.Pwd.UI.ViewModels;
 using SimpleIdServer.IdServer.Resources;
@@ -45,6 +46,12 @@ public static class StandardPwdRegisterForms
         .AddErrorMessage(RegisterFormErrorMessages.MissingConfirmedPassword, Global.MissingConfirmedPassword)
         .AddErrorMessage(RegisterFormErrorMessages.PasswordMismatch, Global.PasswordMismatch)
         .AddErrorMessage(RegisterFormErrorMessages.UserWithSameLoginAlreadyExists, Global.UserWithSameLoginAlreadyExists)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordTooShort, Global.PasswordTooShort)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresNonAlphanumeric, Global.PasswordRequiresNonAlphanumeric)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresDigit, Global.PasswordRequiresDigit)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresLower, Global.PasswordRequiresLower)
+        .AddErrorMessage(AuthFormErrorMessages.PasswordRequiresUpper, Global.PasswordRequiresUpper)
+        .AddErrorMessage(AuthFormErrorMessages.RequiredUniqueChars, Global.RequiredUniqueChars)
         .AddSuccessMessage(RegisterFormSuccessMessages.UserIsUpdated, Global.UserIsUpdated)
         .AddSuccessMessage(RegisterFormSuccessMessages.UserIsCreated, Global.UserIsCreated)
         .Build(DateTime.UtcNow);

src/IdServer/SimpleIdServer.IdServer.Pwd/UI/RegisterController.cs

@@ -15,7 +15,6 @@
 using SimpleIdServer.IdServer.Layout.RegisterFormLayout;
 using SimpleIdServer.IdServer.Options;
 using SimpleIdServer.IdServer.Pwd.UI.ViewModels;
-using SimpleIdServer.IdServer.Resources;
 using SimpleIdServer.IdServer.Stores;
 using SimpleIdServer.IdServer.UI;
 using SimpleIdServer.IdServer.UI.ViewModels;
@@ -26,6 +25,8 @@ namespace SimpleIdServer.IdServer.Pwd;
 [Area(Constants.AreaPwd)]
 public class RegisterController : BaseRegisterController<PwdRegisterViewModel>
 {
+    private readonly IPasswordValidationService _passwordValidationService;
+
     public RegisterController(
         IOptions<IdServerHostOptions> options, 
         IOptions<FormBuilderOptions> formOptions,
@@ -40,8 +41,10 @@ public RegisterController(
         ILanguageRepository languageRepository,
         IRealmStore realmStore,
         ITemplateStore templateStore,
-        IWorkflowHelper workflowHelper) : base(options, formOptions, distributedCache, userRepository, tokenRepository, transactionBuilder, jwtBuilder, antiforgery, formStore, workflowStore, languageRepository, realmStore, templateStore, workflowHelper)
+        IWorkflowHelper workflowHelper,
+        IPasswordValidationService passwordValidationService) : base(options, formOptions, distributedCache, userRepository, tokenRepository, transactionBuilder, jwtBuilder, antiforgery, formStore, workflowStore, languageRepository, realmStore, templateStore, workflowHelper)
     {
+        _passwordValidationService = passwordValidationService;
     }
 
     protected override string Amr => Constants.AreaPwd;
@@ -105,12 +108,21 @@ public async Task<IActionResult> Index([FromRoute] string prefix, PwdRegisterVie
             return View(result);
         }
 
+        // 4. Validate the password.
+        var validationResult = _passwordValidationService.Validate(viewModel.Password);
+        if(validationResult != null)
+        {
+            result.SetInput(viewModel);
+            result.SetErrorMessages(validationResult.Select(v => v.code).ToList());
+            return View(result);
+        }
+
         if (!isAuthenticated) return await CreateUser();
         return await UpdateUser();
 
         async Task<IActionResult> CreateUser()
         {
-            // 4. Check a user already exists.
+            // 5. Check a user already exists.
             var isUserExists = await UserRepository.IsSubjectExists(viewModel.Login, prefix, cancellationToken);
             if(isUserExists)
             {