diff --git a/Core/Model/User.php b/Core/Model/User.php
index 3a74d3495e..b8df03a006 100644
--- a/Core/Model/User.php
+++ b/Core/Model/User.php
@@ -327,9 +327,46 @@ public function removeRole(?string $code): bool
public function setPassword($value): bool
{
- // si la contraseña tiene menos de 8 caracteres, o no tiene números o no tiene letras, devolvemos false
- if (strlen($value) < 8 || !preg_match('/[0-9]/', $value) || !preg_match('/[a-zA-Z]/', $value)) {
- return false;
+ // Password strength configurable via FS_PASSWORDS_STRENGTH (low|medium|hard)
+ $strength = defined('FS_PASSWORDS_STRENGTH') ? FS_PASSWORDS_STRENGTH : 'medium';
+
+ switch ($strength) {
+ case 'low':
+ // mínimo 6 caracteres
+ if (strlen($value) < 6) {
+ return false;
+ }
+ break;
+
+ case 'medium':
+ // mínimo 10 caracteres, con números, letras y algún signo de puntuación
+ if (strlen($value) < 10
+ || !preg_match('/[0-9]/', $value)
+ || !preg_match('/[a-zA-Z]/', $value)
+ || !preg_match('/[[:punct:]]/', $value)
+ ) {
+ return false;
+ }
+ break;
+
+ case 'hard':
+ // mínimo 12 caracteres, números, letras, mayúsculas, minúsculas y algún signo de puntuación
+ if (strlen($value) < 12
+ || !preg_match('/[0-9]/', $value)
+ || !preg_match('/[A-Z]/', $value)
+ || !preg_match('/[a-z]/', $value)
+ || !preg_match('/[[:punct:]]/', $value)
+ ) {
+ return false;
+ }
+ break;
+
+ default:
+ // Fallback a la validación histórica: mínimo 8, letras y números
+ if (strlen($value) < 8 || !preg_match('/[0-9]/', $value) || !preg_match('/[a-zA-Z]/', $value)) {
+ return false;
+ }
+ break;
}
$this->password = password_hash($value, PASSWORD_DEFAULT);
diff --git a/Test/Core/Model/UserTest.php b/Test/Core/Model/UserTest.php
index 4736a29cb8..f66d9b7f69 100644
--- a/Test/Core/Model/UserTest.php
+++ b/Test/Core/Model/UserTest.php
@@ -72,7 +72,7 @@ public function testCreateUser(): void
{
$user = new User();
$user->nick = 'test1';
- $user->setPassword('test9876');
+ $user->setPassword('testpass1!');
$this->assertTrue($user->save());
// comprobamos que se ha creado el usuario
@@ -80,7 +80,7 @@ public function testCreateUser(): void
// comprobamos la contraseña
$this->assertNotEquals('test', $user->password);
- $this->assertTrue($user->verifyPassword('test9876'));
+ $this->assertTrue($user->verifyPassword('testpass1!'));
$this->assertFalse($user->verifyPassword('test6789'));
// eliminamos
@@ -92,7 +92,7 @@ public function testEscapeHtml(): void
// creamos un usuario con html en lastbrowser y lastip
$user = new User();
$user->nick = 'test1';
- $user->setPassword('test1010');
+ $user->setPassword('testpass1!');
$user->lastbrowser = '';
$user->lastip = '123456';
$this->assertTrue($user->save());
@@ -110,7 +110,7 @@ public function testCantUseBadEmail(): void
// creamos un usuario con un email incorrecto
$user = new User();
$user->nick = 'test2';
- $user->setPassword('test2345');
+ $user->setPassword('testpass2!');
$user->email = 'bademail';
$this->assertFalse($user->save());
}
@@ -120,7 +120,7 @@ public function testCantUseBadNick(): void
// creamos un usuario con un nick incorrecto
$user = new User();
$user->nick = 'bad nick';
- $user->setPassword('password3456');
+ $user->setPassword('passw0rd1!');
$this->assertFalse($user->save());
}
@@ -129,7 +129,7 @@ public function testCantUseBadAgent(): void
// creamos un usuario con un agente que no existe
$user = new User();
$user->nick = 'test4';
- $user->setPassword('password4567');
+ $user->setPassword('passw0rd2!');
$user->codagente = 1234;
$this->assertTrue($user->save());
@@ -145,22 +145,22 @@ public function testPassword(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_password';
- $this->assertTrue($user->setPassword('password5678'));
+ $this->assertTrue($user->setPassword('Password1!'));
$this->assertTrue($user->save());
// comprobamos que se ha encriptado la contraseña
$this->assertNotEquals('password5678', $user->password);
// validamos la contraseña
- $this->assertTrue($user->verifyPassword('password5678'));
+ $this->assertTrue($user->verifyPassword('Password1!'));
$this->assertFalse($user->verifyPassword('password6789'));
// cambiamos la contraseña
- $this->assertTrue($user->setPassword('password-789'));
+ $this->assertTrue($user->setPassword('Password-789!'));
$this->assertTrue($user->save());
// validamos la nueva contraseña
- $this->assertTrue($user->verifyPassword('password-789'));
+ $this->assertTrue($user->verifyPassword('Password-789!'));
$this->assertFalse($user->verifyPassword('password8'));
// intentamos poner una contraseña débil
@@ -171,7 +171,7 @@ public function testPassword(): void
$this->assertFalse($user->setPassword('12345678'));
// comprobamos que la contraseña no ha cambiado
- $this->assertTrue($user->verifyPassword('password-789'));
+ $this->assertTrue($user->verifyPassword('Password-789!'));
// eliminamos
$this->assertTrue($user->delete());
@@ -182,7 +182,7 @@ public function testNewPassword(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_new_password';
- $user->setPassword('password-012');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// probamos 2 contraseñas mal
@@ -191,15 +191,15 @@ public function testNewPassword(): void
$this->assertFalse($user->save());
// probamos 2 contraseñas iguales
- $user->newPassword = 'password-8765';
- $user->newPassword2 = 'password-8765';
+ $user->newPassword = 'Password-8765!';
+ $user->newPassword2 = 'Password-8765!';
$this->assertTrue($user->save());
// comprobamos que se ha encriptado la contraseña
$this->assertNotEquals('password-8765', $user->password);
// validamos la contraseña
- $this->assertTrue($user->verifyPassword('password-8765'));
+ $this->assertTrue($user->verifyPassword('Password-8765!'));
$this->assertFalse($user->verifyPassword('password-9999'));
// eliminamos
@@ -211,7 +211,7 @@ public function testLogKey(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_log_key';
- $user->setPassword('password9876');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// guardamos la clave
@@ -251,7 +251,7 @@ public function testDefaultRole(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_role1';
- $user->setPassword('password101');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// comprobamos que se ha asignado el rol
@@ -316,7 +316,7 @@ public function testPermissions(): void
// creamos un usuario
$user = new User();
$user->nick = 'test6';
- $user->setPassword('password678');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// comprobamos que no tiene roles
@@ -381,7 +381,7 @@ public function testPermissionOnMultiRole(): void
// creamos un usuario
$user = new User();
$user->nick = 'test7';
- $user->setPassword('password789');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// creamos un rol
@@ -447,7 +447,7 @@ public function testAddRole(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_add_user';
- $user->setPassword('password123');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// comprobamos que el usuario no tiene roles inicialmente
@@ -494,7 +494,7 @@ public function testRemoveRole(): void
// creamos un usuario
$user = new User();
$user->nick = 'test_remove_user';
- $user->setPassword('password456');
+ $user->setPassword('Password1!');
$this->assertTrue($user->save());
// añadimos ambos roles al usuario
@@ -557,7 +557,7 @@ public function testAddRoleUpdatesHomepage(): void
// creamos un usuario sin homepage
$user = new User();
$user->nick = 'test_homepage_user';
- $user->setPassword('password789');
+ $user->setPassword('Password1!');
$user->homepage = null;
$this->assertTrue($user->save());