diff --git a/src/Authentication/Passwords/NothingPersonalValidator.php b/src/Authentication/Passwords/NothingPersonalValidator.php index bebf3aeb8..bcf0fc85d 100644 --- a/src/Authentication/Passwords/NothingPersonalValidator.php +++ b/src/Authentication/Passwords/NothingPersonalValidator.php @@ -59,7 +59,7 @@ public function check(string $password, $user = null): Result */ protected function isNotPersonal($password, $user) { - $userName = \strtolower($user->username); + $userName = \strtolower($user->username ?? ''); $email = \strtolower($user->email); $valid = true; @@ -164,6 +164,10 @@ protected function isNotPersonal($password, $user) */ protected function isNotSimilar($password, $user) { + if ($user->username === null) { + return true; + } + $maxSimilarity = (float) $this->config->maxSimilarity; // sanity checking - working range 1-100, 0 is off if ($maxSimilarity < 1) { diff --git a/tests/Unit/NothingPersonalValidatorTest.php b/tests/Unit/NothingPersonalValidatorTest.php index 8eedf2b4a..bba9b6711 100644 --- a/tests/Unit/NothingPersonalValidatorTest.php +++ b/tests/Unit/NothingPersonalValidatorTest.php @@ -94,6 +94,29 @@ public function testTrueWhenPasswordHasNothingPersonal() $this->assertTrue($result->isOK()); } + public function testTrueWhenNoUsername(): void + { + $config = new Auth(); + $config->maxSimilarity = 50; + $config->personalFields = [ + 'firstname', + 'lastname', + ]; + $this->validator = new NothingPersonalValidator($config); + + $user = new User([ + 'email' => 'jsmith@example.com', + 'firstname' => 'Joseph', + 'lastname' => 'Smith', + ]); + + $password = 'opensesame'; + + $result = $this->validator->check($password, $user); + + $this->assertTrue($result->isOK()); + } + /** * The dataProvider is a list of passwords to be tested. * Some of them clearly contain elements of the username.