[4.2] パスワードの要件を PCI DSS ver4.0 に準拠させる

app/config/eccube/packages/eccube.yaml

@@ -49,7 +49,7 @@ parameters:
     eccube_csv_size: 5                 # post_max_size, upload_max_filesize に任せればよい？
     eccube_csv_temp_realdir: '%kernel.cache_dir%/%kernel.environment%/eccube' # upload_tmp_dir に任せればよい？
     eccube_csv_split_lines: 100
-    eccube_default_password: '**********'
+    eccube_default_password: 'abc********123'
     eccube_deliv_addr_max: 20
     eccube_deliv_date_end_max: 21
     eccube_id_max_len: 50
@@ -106,8 +106,10 @@ parameters:
     eccube_price_max: 2147483647
     eccube_tel_len_max: 14
     eccube_postal_code: 8
-    eccube_password_min_len: 8
+    eccube_password_min_len: 12
     eccube_password_max_len: 32
+    # see https://github.com/EC-CUBE/ec-cube2/blob/87e269314f92ebb169ea212bf304c9371bb12fd2/data/class/SC_CheckError.php#L889
+    eccube_password_pattern: '/\A(?=.*?[a-z])(?=.*?\d)[!-~]+\z/i'
     eccube_composer_memory_limit: 1536M
     eccube_order_mail_template_id: 1 #注文受付メール
     eccube_entry_confirm_mail_template_id: 2 #会員仮登録メール

codeception/_support/Page/Admin/SystemMemberEditPage.php

@@ -42,8 +42,8 @@ public function メンバー登録($form)
             'name' => 'name',
             'department' => 'department',
             'login_id' => 'id',
-            'password' => 'password',
-            'password_second' => 'password',
+            'password' => 'password1234',
+            'password_second' => 'password1234',
             'authority' => 'システム管理者',
             'work' => 1,
         ];

codeception/_support/Page/Front/EntryPage.php

@@ -45,8 +45,8 @@ public function 新規会員登録($form = [])
             'entry[phone_number]' => '1234567890',
             'entry[email][first]' => $email,
             'entry[email][second]' => $email,
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
             'entry[user_policy_check]' => '1',
         ];
         $this->tester->submitForm(['css' => '.ec-layoutRole__main form'], $form, ['css' => 'button.ec-blockBtn--action']);

codeception/acceptance/EA05CustomerCest.php

@@ -117,11 +117,11 @@ public function customer_会員登録(AcceptanceTester $I)
             ->入力_番地_ビル名('ブリーゼタワー13F')
             ->入力_Eメール($email)
             ->入力_電話番号('111-111-111')
-            ->入力_パスワード('password')
-            ->入力_パスワード確認('password');
+            ->入力_パスワード('password1234')
+            ->入力_パスワード確認('password1234');
 
         $findPluginByCode = Fixtures::get('findPluginByCode');
-        $Plugin = $findPluginByCode('MailMagazine');
+        $Plugin = $findPluginByCode('MailMagazine42');
         if ($Plugin) {
             $I->amGoingTo('メルマガプラグインを発見したため、メルマガを購読します');
             $I->click('#admin_customer_mailmaga_flg_0');

codeception/acceptance/EA08SysteminfoCest.php

@@ -91,8 +91,8 @@ public function systeminfo_メンバー管理登録実施(AcceptanceTester $I)
         $I->fillField(['id' => 'admin_member_name'], 'admintest');
         $I->fillField(['id' => 'admin_member_department'], 'admintest department');
         $I->fillField(['id' => 'admin_member_login_id'], 'admintest');
-        $I->fillField(['id' => 'admin_member_plain_password_first'], 'password');
-        $I->fillField(['id' => 'admin_member_plain_password_second'], 'password');
+        $I->fillField(['id' => 'admin_member_plain_password_first'], 'password1234');
+        $I->fillField(['id' => 'admin_member_plain_password_second'], 'password1234');
         $I->selectOption(['id' => 'admin_member_Authority'], 'システム管理者');
         $I->selectOption(['id' => 'admin_member_Work_1'], '稼働');
         $I->click('#member_form .c-conversionArea__container button');
@@ -119,8 +119,8 @@ public function systeminfo_メンバー管理登録未実施(AcceptanceTester $I
         $I->fillField(['id' => 'admin_member_name'], 'admintest2');
         $I->fillField(['id' => 'admin_member_department'], 'admintest department');
         $I->fillField(['id' => 'admin_member_login_id'], 'admintest');
-        $I->fillField(['id' => 'admin_member_plain_password_first'], 'password');
-        $I->fillField(['id' => 'admin_member_plain_password_second'], 'password');
+        $I->fillField(['id' => 'admin_member_plain_password_first'], 'password1234');
+        $I->fillField(['id' => 'admin_member_plain_password_second'], 'password1234');
         $I->selectOption(['id' => 'admin_member_Authority'], 'システム管理者');
         $I->selectOption(['id' => 'admin_member_Work_1'], '稼働');
         $I->click('#member_form .c-conversionArea__container .c-conversionArea__leftBlockItem a');
@@ -380,7 +380,7 @@ public function systeminfo_権限管理登録(AcceptanceTester $I)
 
         // 店舗オーナーでログインし、ナビに表示されないことを確認
         $I->logoutAsAdmin();
-        $I->loginAsAdmin('shop_owner', 'password');
+        $I->loginAsAdmin('shop_owner', 'password1234');
         $I->click(['css' => 'a[href="#nav-setting"]']);
         $I->wait(1);
         $I->dontSee('システム設定', '#nav-setting');
@@ -401,7 +401,7 @@ public function systeminfo_権限管理登録(AcceptanceTester $I)
 
         // 店舗オーナーアカウントでアクセスできることを確認
         $I->logoutAsAdmin();
-        $I->loginAsAdmin('shop_owner', 'password');
+        $I->loginAsAdmin('shop_owner', 'password1234');
 
         $I->click(['css' => 'a[href="#nav-setting"]']);
         $I->wait(1);

codeception/acceptance/EF04CustomerCest.php

@@ -46,8 +46,8 @@ public function customer_会員登録正常(AcceptanceTester $I)
             'entry[phone_number]' => '111-111-111',
             'entry[email][first]' => $new_email,
             'entry[email][second]' => $new_email,
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
             'entry[job]' => ['value' => '1'],
             'entry[user_policy_check]' => '1',
         ];
@@ -125,8 +125,8 @@ public function customer_会員登録異常1(AcceptanceTester $I)
             'entry[phone_number]' => '111-111-111',
             'entry[email][first]' => $customer->getEmail(), // 会員登録済みのメールアドレスを入力する
             'entry[email][second]' => $customer->getEmail(),
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
         ], ['css' => 'button.ec-blockBtn--action']);
 
         // 入力した会員情報を確認する。
@@ -155,8 +155,8 @@ public function customer_会員登録異常2(AcceptanceTester $I)
             'entry[phone_number]' => '111-111-111',
             'entry[email][first]' => $new_email,
             'entry[email][second]' => $new_email,
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
         ], ['css' => 'button.ec-blockBtn--action']);
 
         // 入力した会員情報を確認する。
@@ -197,8 +197,8 @@ public function customer_会員登録戻る(AcceptanceTester $I)
             'entry[phone_number]' => '111-111-111',
             'entry[email][first]' => $new_email,
             'entry[email][second]' => $new_email,
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
             'entry[job]' => ['value' => '1'],
             'entry[user_policy_check]' => '1',
         ];

codeception/acceptance/EF05MypageCest.php

@@ -153,8 +153,8 @@ public function mypage_会員情報編集(AcceptanceTester $I)
             'entry[phone_number]' => '111-111-111',
             'entry[email][first]' => $new_email,
             'entry[email][second]' => $new_email,
-            'entry[plain_password][first]' => 'password',
-            'entry[plain_password][second]' => 'password',
+            'entry[plain_password][first]' => 'password1234',
+            'entry[plain_password][second]' => 'password1234',
         ];
 
         $findPluginByCode = Fixtures::get('findPluginByCode');

src/Eccube/Form/Type/Admin/ChangePasswordType.php

@@ -66,8 +66,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                         'max' => $this->eccubeConfig['eccube_password_max_len'],
                     ]),
                     new Assert\Regex([
-                        'pattern' => '/^[[:graph:][:space:]]+$/i',
-                        'message' => 'form_error.graph_only',
+                        'pattern' => $this->eccubeConfig['eccube_password_pattern'],
+                        'message' => 'form_error.password_pattern_invalid',
                     ]),
                 ],
             ])

src/Eccube/Form/Type/Install/Step3Type.php

@@ -96,8 +96,8 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                         'max' => $this->eccubeConfig['eccube_password_max_len'],
                     ]),
                     new Assert\Regex([
-                        'pattern' => '/^[[:graph:][:space:]]+$/i',
-                        'message' => 'form_error.graph_only',
+                        'pattern' => $this->eccubeConfig['eccube_password_pattern'],
+                        'message' => 'form_error.password_pattern_invalid',
                     ]),
                 ],
             ])

src/Eccube/Form/Type/RepeatedPasswordType.php

@@ -57,8 +57,8 @@ public function configureOptions(OptionsResolver $resolver)
                         'max' => $this->eccubeConfig['eccube_password_max_len'],
                     ]),
                     new Assert\Regex([
-                        'pattern' => '/^[[:graph:][:space:]]+$/i',
-                        'message' => 'form_error.graph_only',
+                        'pattern' => $this->eccubeConfig['eccube_password_pattern'],
+                        'message' => 'form_error.password_pattern_invalid',
                     ]),
                 ],
             ],

src/Eccube/Resource/locale/validators.en.yaml

@@ -42,6 +42,7 @@ form_error.same_email: Please enter the same email address.
 form_error.admin_is_not_available: Do not use "admin" as the directory name.
 form_error.member_already_exists: This ID is already registered.
 form_error.customer_already_exists:  This email address can not be used.
+form_error.password_pattern_invalid: Please use one alphanumeric character each.
 
 #------------------------------------------------------------------------------------
 # Deplicated

src/Eccube/Resource/locale/validators.ja.yaml

@@ -42,6 +42,7 @@ form_error.same_email: 同じメールアドレスを入力してください。
 form_error.admin_is_not_available: ディレクトリ名に「admin」を使用することはできません。
 form_error.member_already_exists: 既に利用されているログインIDです。
 form_error.customer_already_exists:  このメールアドレスは利用できません。
+form_error.password_pattern_invalid: 英数字をそれぞれ1種類使用してください。
 
 #------------------------------------------------------------------------------------
 # Deplicated

tests/Eccube/Tests/Form/Type/Admin/CustomerTypeTest.php

@@ -38,13 +38,13 @@ class CustomerTypeTest extends \Eccube\Tests\Form\Type\AbstractTypeTestCase
             'addr02' => '梅田',
         ],
         'phone_number' => '012-345-6789',
-        'email' => 'default@example.com',
+        'email' => 'default1@example.com',
         'sex' => 1,
         'job' => 1,
         'birth' => '1983-2-14',
         'plain_password' => [
-            'first' => 'password',
-            'second' => 'password',
+            'first' => 'password1234',
+            'second' => 'password1234',
         ],
         'status' => 1,
         'note' => 'note',
@@ -200,8 +200,8 @@ public function testInvalidPasswordBlank()
 
     public function testValidPasswordMinLength()
     {
-        $this->formData['plain_password']['first'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len']);
-        $this->formData['plain_password']['second'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len']);
+        $this->formData['plain_password']['first'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len'] - 1).'1';
+        $this->formData['plain_password']['second'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len'] - 1).'1';
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());
@@ -220,8 +220,8 @@ public function testInvalidPasswordMinLength()
 
     public function testValidPasswordMaxLength()
     {
-        $this->formData['plain_password']['first'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
-        $this->formData['plain_password']['second'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
+        $this->formData['plain_password']['first'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len'] - 1).'1';
+        $this->formData['plain_password']['second'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len'] - 1).'1';
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());
@@ -238,6 +238,28 @@ public function testInvalidPasswordMaxLength()
         $this->assertFalse($this->form->isValid());
     }
 
+    public function testInvalidPasswordAlphabetOnly()
+    {
+        $password = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
+
+        $this->formData['plain_password']['first'] = $password;
+        $this->formData['plain_password']['second'] = $password;
+        $this->form->submit($this->formData);
+
+        $this->assertFalse($this->form->isValid());
+    }
+
+    public function testInvalidPasswordNumericOnly()
+    {
+        $password = str_repeat('1', $this->eccubeConfig['eccube_password_max_len']);
+
+        $this->formData['plain_password']['first'] = $password;
+        $this->formData['plain_password']['second'] = $password;
+        $this->form->submit($this->formData);
+
+        $this->assertFalse($this->form->isValid());
+    }
+
     public function testInvalidPasswordEqualEmail()
     {
         $this->formData['plain_password']['first'] = $this->formData['email'];

tests/Eccube/Tests/Form/Type/Admin/MemberTypeTest.php

@@ -28,8 +28,8 @@ class MemberTypeTest extends AbstractTypeTestCase
         'department' => 'EC-CUBE事業部',
         'login_id' => 'takahashi',
         'plain_password' => [
-            'first' => 'password',
-            'second' => 'password',
+            'first' => 'password1234',
+            'second' => 'password1234',
         ],
         'Authority' => 1,
         'Work' => 1,

tests/Eccube/Tests/Form/Type/Front/EntryTypeTest.php

@@ -39,12 +39,12 @@ class EntryTypeTest extends \Eccube\Tests\Form\Type\AbstractTypeTestCase
         ],
         'phone_number' => '012-345-6789',
         'email' => [
-            'first' => 'eccube@example.com',
-            'second' => 'eccube@example.com',
+            'first' => 'eccube1@example.com',
+            'second' => 'eccube1@example.com',
         ],
         'plain_password' => [
-            'first' => '12345678',
-            'second' => '12345678',
+            'first' => '1234567890ab',
+            'second' => '1234567890ab',
         ],
         'birth' => [
             'year' => '1980',

tests/Eccube/Tests/Form/Type/Front/PasswordResetTypeTest.php

@@ -24,8 +24,8 @@ class PasswordResetTypeTest extends \Eccube\Tests\Form\Type\AbstractTypeTestCase
     protected $formData = [
         'login_email' => '[email protected]',
         'password' => [
-            'first' => 'password',
-            'second' => 'password',
+            'first' => 'password1234',
+            'second' => 'password1234',
         ],
     ];
 

tests/Eccube/Tests/Form/Type/Install/Step3TypeTest.php

@@ -30,7 +30,7 @@ class Step3TypeTest extends AbstractTypeTestCase
         'shop_name' => '店舗名',
         'email' => '[email protected]',
         'login_id' => 'administrator',
-        'login_pass' => 'administrator',
+        'login_pass' => 'administrator1',
         'admin_dir' => 'administrator',
         'admin_force_ssl' => true,
         'admin_allow_hosts' => '1.1.1.1',
@@ -150,15 +150,15 @@ public function testInvalidLoginPassMax()
 
     public function testVallidLoginPassMin()
     {
-        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len']);
+        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len'] - 1).'1';
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());
     }
 
     public function testVallidLoginPassMax()
     {
-        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
+        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len'] - 1).'1';
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());
@@ -172,6 +172,26 @@ public function testInvalidLoginPassHiragana()
         $this->assertFalse($this->form->isValid());
     }
 
+    public function testInvalidAlphabetOnly()
+    {
+        $password = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
+
+        $this->formData['login_pass'] = $password;
+        $this->form->submit($this->formData);
+
+        $this->assertFalse($this->form->isValid());
+    }
+
+    public function testInvalidNumericOnly()
+    {
+        $password = str_repeat('1', $this->eccubeConfig['eccube_password_max_len']);
+
+        $this->formData['login_pass'] = $password;
+        $this->form->submit($this->formData);
+
+        $this->assertFalse($this->form->isValid());
+    }
+
     public function testInvalidAdminDirBlank()
     {
         $this->formData['login_pass'] = '';
@@ -198,15 +218,15 @@ public function testInvalidAdminDirMax()
 
     public function testVallidAdminDirMin()
     {
-        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len']);
+        $this->formData['admin_dir'] = str_repeat('a', $this->eccubeConfig['eccube_password_min_len']);
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());
     }
 
-    public function testVallidAdminDirMax()
+    public function testValidAdminDirMax()
     {
-        $this->formData['login_pass'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
+        $this->formData['admin_dir'] = str_repeat('a', $this->eccubeConfig['eccube_password_max_len']);
 
         $this->form->submit($this->formData);
         $this->assertTrue($this->form->isValid());