Username and Password regex added

Author: aksinha-nerdapplabs

src/ApiBundle/Controller/AuthController.php

@@ -216,8 +216,8 @@ private function validateAdminUser(Request $request) {
       *  parameters={
       *      {"name"="client_id", "dataType"="string", "required"=true, "description"="oAuth ClientId"},
       *      {"name"="client_secret", "dataType"="string", "required"=true, "description"="oAuth ClientSecret"},
-      *      {"name"="username", "dataType"="string", "required"=true, "description"="username"},
-      *      {"name"="password", "dataType"="string", "required"=true, "description"="password"},
+      *      {"name"="username", "dataType"="string", "required"=true, "description"="Username should be 3-16 characters long with any lowercase letter (a-z), number (0-9), an underscore, or a hyphen"},
+      *      {"name"="password", "dataType"="string", "required"=true, "description"="Password should be 8-15 characters long and must contain alphanumeric and @*# characters"},
       *      {"name"="firstname", "dataType"="string", "required"=true, "description"="firstname"},
       *      {"name"="lastname", "dataType"="string", "required"=true, "description"="lastname"},
       *      {"name"="dob", "dataType"="datetime", "required"=true, "description"="date of birth mm/dd/yyyy"},
@@ -314,6 +314,10 @@ private function validateUsername(Request $request) {
       if (null != $user) {
         $this->logAndThrowError(400, 'User already exists. Username: '.$user->getUsername(), $this->get('translator')->trans('api.show_error_username_taken', array(), 'messages', $request->getLocale()), $request->getLocale());
       }
+
+      if ( preg_match($this->container->getParameter('username_regex'), $username ) == false ) {
+        $this->logAndThrowError(400, 'Username should be 3-16 characters long with any lowercase letter (a-z), number (0-9), an underscore, or a hyphen.', $this->get('translator')->trans('api.show_error_username_policy', array(), 'messages', $request->getLocale()), $request->getLocale());
+      }
     }
 
     /**
@@ -326,6 +330,10 @@ private function validatePassword(Request $request) {
       if (null == $password) {
           $this->logAndThrowError(400, 'Invalid empty password', $this->get('translator')->trans('api.show_error_password', array(), 'messages', $request->getLocale()), $request->getLocale());
       }
+
+      if ( preg_match($this->container->getParameter('password_regex'), $password ) == false ) {
+        $this->logAndThrowError(400, 'Password should be 8-15 characters long and must contain alphanumeric and @*# characters.', $this->get('translator')->trans('api.show_error_password_policy', array(), 'messages', $request->getLocale()), $request->getLocale());
+      }
     }
 
     /**
@@ -382,7 +390,7 @@ private function validateDob(Request $request) {
       *  description="Change password of the user. Access token to be provided in header (Authorization = Bearer <access token>)",
       *  parameters={
       *      {"name"="old_password", "dataType"="string", "required"=true, "description"="Old password"},
-      *      {"name"="password", "dataType"="string", "required"=true, "description"="New password"},
+      *      {"name"="password", "dataType"="string", "required"=true, "description"="Password should be 8-15 characters long and must contain alphanumeric and @*# characters"},
       *      {"name"="_locale", "dataType"="string", "required"=false, "description"="User locale. Will default to en"}
       *  },
       * )

src/ApiBundle/Resources/config/config.yml

@@ -3,6 +3,13 @@ parameters:
     # app_locales: en|fr|de|es|cs|nl|ru|uk|ro|pt_BR|pl|it|ja|id|ca|sl
     app_locales: en|fr|hi
 
+    # Password matching expression. Match all alphanumeric character and predefined wild characters.
+    # Password must consists of at least 8 characters and not more than 15 characters.
+    password_regex: '/^([a-zA-Z0-9@*#]{8,15})$/'
+
+    # username at least 3 of those characters, but no more than 16, any lowercase letter (a-z), number (0-9), an underscore, or a hyphen
+    username_regex: '/^[a-z0-9_-]{3,16}$/'
+
 # Assetic Configuration
 assetic:
     debug:          '%kernel.debug%'

src/ApiBundle/Resources/translations/messages.en.yml

@@ -143,4 +143,5 @@ api:
   show_error_perm_edit:  Sorry, You are not permitted to edit user profile!
   show_error_password_reset:  Sorry, You are not permitted to request for password reset!
   show_error_reset_req:  Password reset request already received
-  show_error_server_fault:  Server Error! Please try again after some time!!
+  show_error_username_policy:  Username should be 3-16 characters long with any lowercase letter (a-z), number (0-9), an underscore, or a hyphen
+  show_error_password_policy:  Password should be 8-15 characters long and must contain alphanumeric and @*# characters

src/ApiBundle/Resources/translations/messages.fr.yml

@@ -132,3 +132,5 @@ api:
   show_error_password_reset:  Désolé, vous n'êtes pas autorisé à demander une réinitialisation du mot de passe!
   show_error_reset_req:  Réinitialisation du mot de passe déjà reçue
   show_error_server_fault:  Erreur du serveur! Veuillez réessayer après un certain temps !!
+  show_error_username_policy:  Le nom d'utilisateur doit comporter entre 3 et 16 caractères avec une lettre minuscule (a-z), un chiffre (0-9), un trait de soulignement ou un tiret
+  show_error_password_policy:  Le mot de passe doit comporter entre 8 et 15 caractères et contenir des caractères alphanumériques et @*#

src/ApiBundle/Resources/translations/messages.hi.yml

@@ -132,3 +132,5 @@ api:
   show_error_password_reset:  क्षमा करें, आप पासवर्ड रीसेट के लिए अनुरोध करने के लिए अनुमति नहीं है!
   show_error_reset_req:  पासवर्ड रीसेट अनुरोध पहले से ही प्राप्त
   show_error_server_fault:  सर्वर त्रुटि! कुछ समय के बाद फिर से कोशिश करें !!
+  show_error_username_policy:  यूजर का नाम किसी भी छोटा अक्षर (a-z), संख्या (0-9), एक अंडरस्कोर, या एक हाइफन के साथ 3-16 अक्षर का होना चाहिए
+  show_error_password_policy:  पासवर्ड 8-15 अक्षर का होना चाहिए और अल्फान्यूमेरिक और शामिल होना चाहिए @#* अक्षर