From c02d783f2c8645a770a91d1030f90a5477e0adeb Mon Sep 17 00:00:00 2001 From: Sebastiaan Stok Date: Thu, 30 Sep 2021 13:49:33 +0200 Subject: [PATCH] Deprecate the blacklist validator --- README.md | 21 ++++++++++++-------- UPGRADE.md | 11 ++++++++++ docs/blacklist.md | 11 ++++++++++ src/Command/BlacklistCommand.php | 3 +++ src/Validator/Constraints/Blacklist.php | 4 ++++ tests/Blacklist/ArrayProviderTest.php | 1 + tests/Blacklist/ChainProviderTest.php | 1 + tests/Blacklist/LazyChainProviderTest.php | 1 + tests/Blacklist/NoopProviderTest.php | 1 + tests/Blacklist/SqliteProviderTest.php | 1 + tests/Command/BlacklistCommandTest.php | 1 + tests/Command/BlacklistCommandTestCase.php | 4 ++++ tests/Command/BlacklistDeleteCommandTest.php | 1 + tests/Command/BlacklistListCommandTest.php | 1 + tests/Command/BlacklistPurgeCommandTest.php | 1 + tests/Command/BlacklistUpdateCommandTest.php | 1 + tests/Validator/BlacklistValidationTest.php | 1 + 17 files changed, 57 insertions(+), 8 deletions(-) create mode 100644 UPGRADE.md diff --git a/README.md b/README.md index 83555e4..2bb29cf 100644 --- a/README.md +++ b/README.md @@ -48,14 +48,23 @@ Validates the passwords strength-level (weak, medium, strong etc). Validates the passwords using explicitly configured requirements (letters, caseDiff, numbers, requireSpecialCharacter). -### [Password blacklisting](docs/blacklist.md) +### [Password blacklisting](docs/blacklist.md) (deprecated) + +⚠️ **DEPRECATED** + +> This validator is deprecated in favor of the [PasswordCommonList Validator](https://github.com/rollerworks/password-common-list). +> +> The PasswordCommonList validator contains a big list of commonly used passwords, many that are known to be insecure. +> As updating the list of forbidden passwords is not something done regularly this is recommended over manually updating. +> +> Alternatively the Symfony [NotCompromisedPassword] validator can be used for a more regularly updated list. There are times you want forbid (blacklist) a password from usage. Passwords are blacklisted using providers which can either be an array or (flat-file) database (which you can update regularly). -With the default installation the following providers can be used. +With the default installation the following providers can be used: * Noop: Default provider, does nothing. @@ -65,14 +74,9 @@ With the default installation the following providers can be used. * Pdo: Provides the blacklist using the PDO extension. -But building your own is also possible. -__Documentation on this is currently missing, -see current providers for more information.__ - ### PwnedPassword (deprecated) -⚠️ **This validator is deprecated in favor of the Symfony [NotCompromisedPassword](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html) -validator.** +⚠️ **This validator is deprecated in favor of the Symfony [NotCompromisedPassword] validator.** Validates that the requested password was not found in a trove of compromised passwords found at . @@ -107,6 +111,7 @@ please read the [Contributing Guidelines][3]. If you're submitting a pull request, please follow the guidelines in the [Submitting a Patch][4] section. [1]: https://github.com/rollerworks/PasswordStrengthBundle +[NotCompromisedPassword]: https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html [2]: https://getcomposer.org/doc/00-intro.md [3]: https://github.com/rollerworks/contributing [4]: https://contributing.readthedocs.org/en/latest/code/patches.html diff --git a/UPGRADE.md b/UPGRADE.md new file mode 100644 index 0000000..cf22cd2 --- /dev/null +++ b/UPGRADE.md @@ -0,0 +1,11 @@ +UPGRADE +======= + +## Upgrade from 1.6 to 1.7 + +* The blacklist validator was deprecated in favor of the [PasswordCommonList Validator](https://github.com/rollerworks/password-common-list). + +## Upgrade from 1.3 to 1.4 + +* The PwnedPassword validator is deprecated in favor of the Symfony [NotCompromisedPassword](https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html) validator + diff --git a/docs/blacklist.md b/docs/blacklist.md index f6750b7..46cf86b 100644 --- a/docs/blacklist.md +++ b/docs/blacklist.md @@ -1,6 +1,15 @@ Password blacklisting ===================== +⚠️ **DEPRECATED** + +> This validator is deprecated in favor of the [PasswordCommonList Validator](https://github.com/rollerworks/password-common-list). +> +> The PasswordCommonList validator contains a big list of commonly used passwords, many that are known to be insecure. +> As updating the list of forbidden passwords is not something done regularly this is recommended over manually updating. +> +> Alternatively the Symfony [NotCompromisedPassword] validator can be used for a more regularly updated list. + Usage of the `Rollerworks\Component\PasswordStrength\Validator\Constraints\Blacklist` constraint works different then other strength validators. @@ -192,3 +201,5 @@ To get started you can use the bad/leaked passwords databases provider by Its recommended to use at least the 500-worst-passwords database. Especially when not enforcing strong passwords using the [PasswordStrengthValidator](strength-validation.md). + +[NotCompromisedPassword]: https://symfony.com/doc/current/reference/constraints/NotCompromisedPassword.html diff --git a/src/Command/BlacklistCommand.php b/src/Command/BlacklistCommand.php index e42703f..bfa17bf 100644 --- a/src/Command/BlacklistCommand.php +++ b/src/Command/BlacklistCommand.php @@ -14,6 +14,7 @@ use Psr\Container\ContainerInterface; use Rollerworks\Component\PasswordStrength\Blacklist\BlacklistProviderInterface; use Rollerworks\Component\PasswordStrength\Blacklist\UpdatableBlacklistProviderInterface; +use Rollerworks\Component\PasswordStrength\Validator\Constraints\Blacklist; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; @@ -41,6 +42,8 @@ public function __construct(ContainerInterface $providers) protected function initialize(InputInterface $input, OutputInterface $output) { + trigger_deprecation('rollerworks/password-strength-validator', '1.7', 'The Blacklist validator is deprecated and will be removed in the next major version. Use the NotInPasswordCommonList from rollerworks/password-common-list package instead, or use the NotCompromisedPassword validator from the symfony/validator package instead.', Blacklist::class); + $this->blacklistProvider = $this->providers->get($input->getOption('provider')); if (! $this->blacklistProvider instanceof UpdatableBlacklistProviderInterface) { diff --git a/src/Validator/Constraints/Blacklist.php b/src/Validator/Constraints/Blacklist.php index ba6af01..45b03dd 100644 --- a/src/Validator/Constraints/Blacklist.php +++ b/src/Validator/Constraints/Blacklist.php @@ -14,9 +14,13 @@ use Attribute; use Symfony\Component\Validator\Constraint; +trigger_deprecation('rollerworks/password-strength-validator', '1.7', 'The Blacklist validator is deprecated and will be removed in the next major version. Use the NotInPasswordCommonList from rollerworks/password-common-list package instead, or use the NotCompromisedPassword validator from the symfony/validator package instead.', Blacklist::class); + /** * @Annotation * @Target({"PROPERTY", "METHOD", "ANNOTATION"}) + * + * @deprecated since rollerworks/password-strength-validator 1.7 The Blacklist validator is deprecated and will be removed in the next major version. Use the NotInPasswordCommonList from rollerworks/password-common-list package instead, or use the NotCompromisedPassword validator from the symfony/validator package instead. */ #[Attribute(Attribute::TARGET_PROPERTY | Attribute::TARGET_METHOD | Attribute::IS_REPEATABLE)] class Blacklist extends Constraint diff --git a/tests/Blacklist/ArrayProviderTest.php b/tests/Blacklist/ArrayProviderTest.php index c5431d0..38377ff 100644 --- a/tests/Blacklist/ArrayProviderTest.php +++ b/tests/Blacklist/ArrayProviderTest.php @@ -16,6 +16,7 @@ /** * @internal + * @group legacy */ final class ArrayProviderTest extends TestCase { diff --git a/tests/Blacklist/ChainProviderTest.php b/tests/Blacklist/ChainProviderTest.php index 302e3be..73babf1 100644 --- a/tests/Blacklist/ChainProviderTest.php +++ b/tests/Blacklist/ChainProviderTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class ChainProviderTest extends TestCase { diff --git a/tests/Blacklist/LazyChainProviderTest.php b/tests/Blacklist/LazyChainProviderTest.php index 46cd526..7adee1a 100644 --- a/tests/Blacklist/LazyChainProviderTest.php +++ b/tests/Blacklist/LazyChainProviderTest.php @@ -18,6 +18,7 @@ /** * @internal + * @group legacy */ final class LazyChainProviderTest extends TestCase { diff --git a/tests/Blacklist/NoopProviderTest.php b/tests/Blacklist/NoopProviderTest.php index 93ddf3f..3d213b1 100644 --- a/tests/Blacklist/NoopProviderTest.php +++ b/tests/Blacklist/NoopProviderTest.php @@ -16,6 +16,7 @@ /** * @internal + * @group legacy */ final class NoopProviderTest extends TestCase { diff --git a/tests/Blacklist/SqliteProviderTest.php b/tests/Blacklist/SqliteProviderTest.php index f103878..a13c658 100644 --- a/tests/Blacklist/SqliteProviderTest.php +++ b/tests/Blacklist/SqliteProviderTest.php @@ -16,6 +16,7 @@ /** * @internal + * @group legacy */ final class SqliteProviderTest extends TestCase { diff --git a/tests/Command/BlacklistCommandTest.php b/tests/Command/BlacklistCommandTest.php index b6bf278..71568a2 100644 --- a/tests/Command/BlacklistCommandTest.php +++ b/tests/Command/BlacklistCommandTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class BlacklistCommandTest extends BlacklistCommandTestCase { diff --git a/tests/Command/BlacklistCommandTestCase.php b/tests/Command/BlacklistCommandTestCase.php index 54d00a4..89832ec 100644 --- a/tests/Command/BlacklistCommandTestCase.php +++ b/tests/Command/BlacklistCommandTestCase.php @@ -15,6 +15,10 @@ use Rollerworks\Component\PasswordStrength\Blacklist\SqliteProvider; use Rollerworks\Component\PasswordStrength\Tests\BlackListMockProviderTrait; +/** + * @internal + * @group legacy + */ abstract class BlacklistCommandTestCase extends TestCase { use BlackListMockProviderTrait; diff --git a/tests/Command/BlacklistDeleteCommandTest.php b/tests/Command/BlacklistDeleteCommandTest.php index e1bfdf6..6ad17c8 100644 --- a/tests/Command/BlacklistDeleteCommandTest.php +++ b/tests/Command/BlacklistDeleteCommandTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class BlacklistDeleteCommandTest extends BlacklistCommandTestCase { diff --git a/tests/Command/BlacklistListCommandTest.php b/tests/Command/BlacklistListCommandTest.php index 0e28a6c..5c494d9 100644 --- a/tests/Command/BlacklistListCommandTest.php +++ b/tests/Command/BlacklistListCommandTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class BlacklistListCommandTest extends BlacklistCommandTestCase { diff --git a/tests/Command/BlacklistPurgeCommandTest.php b/tests/Command/BlacklistPurgeCommandTest.php index 66aa89a..bc54dbe 100644 --- a/tests/Command/BlacklistPurgeCommandTest.php +++ b/tests/Command/BlacklistPurgeCommandTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class BlacklistPurgeCommandTest extends BlacklistCommandTestCase { diff --git a/tests/Command/BlacklistUpdateCommandTest.php b/tests/Command/BlacklistUpdateCommandTest.php index 4aebeda..a403d4d 100644 --- a/tests/Command/BlacklistUpdateCommandTest.php +++ b/tests/Command/BlacklistUpdateCommandTest.php @@ -17,6 +17,7 @@ /** * @internal + * @group legacy */ final class BlacklistUpdateCommandTest extends BlacklistCommandTestCase { diff --git a/tests/Validator/BlacklistValidationTest.php b/tests/Validator/BlacklistValidationTest.php index 784ddf6..f57aa48 100644 --- a/tests/Validator/BlacklistValidationTest.php +++ b/tests/Validator/BlacklistValidationTest.php @@ -21,6 +21,7 @@ /** * @internal + * @group legacy */ final class BlacklistValidationTest extends ConstraintValidatorTestCase {