fix: Password Policy mismatch on user creation with random password (#28665)

Co-authored-by: gabriellsh <40830821+gabriellsh@users.noreply.github.com>

fix: Password Policy mismatch on user creation with random password (#28665)
2ad5fa13 · Matheus Barbosa Silva · GitHub · 715f2c88 · 2ad5fa13 · 2ad5fa13
Unverified Commit 2ad5fa13 authored 1 year ago by Matheus Barbosa Silva Committed by GitHub 1 year ago
--- a/apps/meteor/app/lib/server/lib/PasswordPolicyClass.js
+++ b/apps/meteor/app/lib/server/lib/PasswordPolicyClass.js
 import { Meteor } from 'meteor/meteor';
 import { Random } from '@rocket.chat/random';
+import generator from 'generate-password';
 class PasswordPolicy {
 	constructor({
@@ -158,10 +159,14 @@ class PasswordPolicy {
 	_generatePassword() {
 		const length = Math.min(Math.max(this.minLength, 12), this.maxLength > 0 ? this.maxLength : Number.MAX_SAFE_INTEGER);
-		return new Array(length)
+		return generator.generate({
-			.fill()
+			length,
-			.map(() => String.fromCharCode(Math.random() * 86 + 40))
+			...(this.mustContainAtLeastOneNumber && { numbers: true }),
-			.join('');
+			...(this.mustContainAtLeastOneSpecialCharacter && { symbols: true }),
+			...(this.mustContainAtLeastOneLowercase && { lowercase: true }),
+			...(this.mustContainAtLeastOneUppercase && { uppercase: true }),
+			strict: true,
+		});
 	}
 }

--- a/apps/meteor/client/views/admin/users/UserForm.js
+++ b/apps/meteor/client/views/admin/users/UserForm.js
@@ -166,23 +166,24 @@ export default function UserForm({ formValues, formHandlers, availableRoles, app
 			<FieldGroup is='form' onSubmit={useCallback((e) => e.preventDefault(), [])} autoComplete='off'>
 				{useMemo(
-					() => (
+					() =>
-						<Field>
+						!setRandomPassword && (
-							<Field.Label>{t('Password')}</Field.Label>
+							<Field>
-							<Field.Row>
+								<Field.Label>{t('Password')}</Field.Label>
-								<PasswordInput
+								<Field.Row>
-									errors={errors && errors.password}
+									<PasswordInput
-									flexGrow={1}
+										errors={errors && errors.password}
-									value={password}
+										flexGrow={1}
-									onChange={handlePassword}
+										value={password}
-									addon={<Icon name='key' size='x20' />}
+										onChange={handlePassword}
-									autoComplete='new-password'
+										addon={<Icon name='key' size='x20' />}
-								/>
+										autoComplete='new-password'
-							</Field.Row>
+									/>
-							{errors && errors.password && <Field.Error>{errors.password}</Field.Error>}
+								</Field.Row>
-						</Field>
+								{errors && errors.password && <Field.Error>{errors.password}</Field.Error>}
-					),
+							</Field>
-					[t, password, handlePassword, errors],
+						),
+					[t, password, handlePassword, errors, setRandomPassword],
 				)}
 				{useMemo(
 					() => (

--- a/apps/meteor/package.json
+++ b/apps/meteor/package.json
@@ -323,6 +323,7 @@
 		"file-type": "^16.5.3",
 		"filenamify": "^4.3.0",
 		"filesize": "9.0.11",
+		"generate-password": "^1.7.0",
 		"google-libphonenumber": "^3.2.28",
 		"googleapis": "^104.0.0",
 		"gravatar": "^1.8.2",

--- a/yarn.lock
+++ b/yarn.lock
@@ -7459,6 +7459,7 @@ __metadata:
    file-type: ^16.5.3
    filenamify: ^4.3.0
    filesize: 9.0.11
+    generate-password: ^1.7.0
    google-libphonenumber: ^3.2.28
    googleapis: ^104.0.0
    gravatar: ^1.8.2
@@ -20619,6 +20620,13 @@ __metadata:
  languageName: node
  linkType: hard
+"generate-password@npm:^1.7.0":
+  version: 1.7.0
+  resolution: "generate-password@npm:1.7.0"
+  checksum: c0d13e9a9c72d84adc4365a0c0dbd28463f2da1975b4ec83f34a126b95122551274755db641418e5aa11c8d94c1d216c8da8314f38e56e05378e1a43792f4614
+  languageName: node
+  linkType: hard
 "generic-pool@npm:3.8.2":
  version: 3.8.2
  resolution: "generic-pool@npm:3.8.2"