Merge pull request #527 from kenjis/fix-minimumPasswordLength

fix: minimum password length check

Author: datamweb

src/Authentication/Passwords/CompositionValidator.php

@@ -32,7 +32,7 @@ public function check(string $password, ?User $user = null): Result
             throw AuthenticationException::forUnsetPasswordLength();
         }
 
-        $passed = strlen($password) >= $this->config->minimumPasswordLength;
+        $passed = mb_strlen($password, 'UTF-8') >= $this->config->minimumPasswordLength;
 
         if (! $passed) {
             return new Result([

tests/Unit/CompositionValidatorTest.php

@@ -45,7 +45,23 @@ public function testCheckFalse(): void
         $result = $this->validator->check($password);
 
         $this->assertFalse($result->isOK());
-        $this->assertSame(lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]), $result->reason());
+        $this->assertSame(
+            lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]),
+            $result->reason()
+        );
+    }
+
+    public function testCheckFalseMultibyte(): void
+    {
+        $password = '🍣😀';
+
+        $result = $this->validator->check($password);
+
+        $this->assertFalse($result->isOK());
+        $this->assertSame(
+            lang('Auth.errorPasswordLength', [$this->config->minimumPasswordLength]),
+            $result->reason()
+        );
     }
 
     public function testCheckTrue(): void