updates

ljonesfl · ljonesfl · commit 1e2daa3f1d5b · 2026-01-15T10:22:03.000-06:00
diff --git a/src/Cms/Cli/Commands/User/ResetPasswordCommand.php b/src/Cms/Cli/Commands/User/ResetPasswordCommand.php
@@ -57,6 +57,52 @@ public function execute( array $parameters = [] ): int
 
 		$hasher = new PasswordHasher();
 
+		// Load password policy from configuration
+		try
+		{
+			$settings = Registry::getInstance()->get( RegistryKeys::SETTINGS );
+
+			if( $settings )
+			{
+				// Read password policy from auth.passwords section
+				$minLength = $settings->get( 'auth', 'passwords', 'min_length' );
+				$requireUppercase = $settings->get( 'auth', 'passwords', 'require_uppercase' );
+				$requireLowercase = $settings->get( 'auth', 'passwords', 'require_lowercase' );
+				$requireNumbers = $settings->get( 'auth', 'passwords', 'require_numbers' );
+				$requireSpecialChars = $settings->get( 'auth', 'passwords', 'require_special_chars' );
+
+				// Configure hasher with policy
+				if( $minLength !== null )
+				{
+					$hasher->setMinLength( (int)$minLength );
+				}
+
+				if( $requireUppercase !== null )
+				{
+					$hasher->setRequireUppercase( (bool)$requireUppercase );
+				}
+
+				if( $requireLowercase !== null )
+				{
+					$hasher->setRequireLowercase( (bool)$requireLowercase );
+				}
+
+				if( $requireNumbers !== null )
+				{
+					$hasher->setRequireNumbers( (bool)$requireNumbers );
+				}
+
+				if( $requireSpecialChars !== null )
+				{
+					$hasher->setRequireSpecialChars( (bool)$requireSpecialChars );
+				}
+			}
+		}
+		catch( \Exception $e )
+		{
+			// Fall back to defaults on any exception
+		}
+
 		// Get username or email from options or prompt
 		$username = $this->input->getOption( 'username' );
 		$email = $this->input->getOption( 'email' );
diff --git a/tests/Unit/Cms/Cli/Commands/User/ResetPasswordCommandTest.php b/tests/Unit/Cms/Cli/Commands/User/ResetPasswordCommandTest.php
@@ -503,4 +503,65 @@ public function testExecuteFailsWhenDatabaseUpdateFails(): void
 		// Should fail with exit code 1
 		$this->assertEquals(1, $exitCode);
 	}
+
+	public function testExecuteLoadsPasswordPolicyFromConfiguration(): void
+	{
+		$this->inputReader->addResponses([
+			'testuser',
+			'yes',
+			'abcdefghij', // 10 chars, all lowercase, no numbers - should fail with default policy
+			'abcdefghij'
+		]);
+
+		$user = new User();
+		$user->setId(1);
+		$user->setUsername('testuser');
+		$user->setEmail('test@example.com');
+		$user->setRole('admin');
+
+		$repository = $this->createMock(DatabaseUserRepository::class);
+		$repository->expects($this->once())
+			->method('findByUsername')
+			->willReturn($user);
+
+		// Mock settings to return custom password policy
+		$settings = $this->createMock(SettingManager::class);
+		$settings->method('get')
+			->willReturnCallback(function(...$args) {
+				if ($args === ['auth', 'passwords', 'min_length']) {
+					return 8;
+				}
+				if ($args === ['auth', 'passwords', 'require_uppercase']) {
+					return true; // Require uppercase - should fail
+				}
+				if ($args === ['auth', 'passwords', 'require_lowercase']) {
+					return true;
+				}
+				if ($args === ['auth', 'passwords', 'require_numbers']) {
+					return true; // Require numbers - should fail
+				}
+				if ($args === ['auth', 'passwords', 'require_special_chars']) {
+					return false;
+				}
+				return null;
+			});
+
+		Registry::getInstance()->set('Settings', $settings);
+
+		$command = $this->getMockBuilder(ResetPasswordCommand::class)
+			->onlyMethods(['getUserRepository'])
+			->getMock();
+		$command->expects($this->once())
+			->method('getUserRepository')
+			->willReturn($repository);
+
+		$command->setInput($this->input);
+		$command->setOutput($this->output);
+		$command->setInputReader($this->inputReader);
+
+		$exitCode = $command->execute();
+
+		// Should fail because password doesn't meet configured requirements
+		$this->assertEquals(1, $exitCode);
+	}
 }
