From b9b3c91f3fa24855aa8fa792ed1922c05431c1b7 Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Sun, 26 Oct 2025 21:31:29 +0100
Subject: [PATCH] Added user password validation, Fixed new user localization
 issue

---
 src/Controllers/UsersController.cs     |  4 ++++
 src/Resources/Views.Home.Users.de.resx |  3 +++
 src/Views/Home/Users.cshtml            | 22 ++++++++++++++++------
 src/wwwroot/js/site.js                 |  7 +++++++
 4 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/Controllers/UsersController.cs b/src/Controllers/UsersController.cs
index 630c41b..bdc7782 100644
--- a/src/Controllers/UsersController.cs
+++ b/src/Controllers/UsersController.cs
@@ -63,6 +63,10 @@ public class UsersController : Controller
     [HttpPost("Create")]
     public async Task<UsersCreateResponseModel> Create([FromBody] UsersCreateRequestModel requestModel)
     {
+        if (requestModel is null)
+        {
+            return new() { Success = false, Exception = "The request model is null" };
+        }
         try
         {
             string? jpegPhoto = requestModel.JpegPhoto;
diff --git a/src/Resources/Views.Home.Users.de.resx b/src/Resources/Views.Home.Users.de.resx
index a779788..828b8ed 100644
--- a/src/Resources/Views.Home.Users.de.resx
+++ b/src/Resources/Views.Home.Users.de.resx
@@ -127,4 +127,7 @@
     <data name="Confirm Delete" xml:space="preserve">
         <value>Löschen bestätigen</value>
     </data>
+    <data name="Password must be at least 8 characters long and include upper, lower, number, and special character" xml:space="preserve">
+        <value>Passwörter müssen mindestens 8 Zeichen lang sein und Groß- und Kleinbuchstaben, sowie mindestens eine Zahl und mindestens ein Sonderzeichen enthalten</value>
+    </data>
 </root>
diff --git a/src/Views/Home/Users.cshtml b/src/Views/Home/Users.cshtml
index ca68980..13cee5b 100644
--- a/src/Views/Home/Users.cshtml
+++ b/src/Views/Home/Users.cshtml
@@ -112,10 +112,8 @@
         deleteModal.addEventListener('show.bs.modal', event => {
             currentButton = event.relatedTarget; // Button that triggered the modal
             const userId = currentButton.getAttribute('data-user-id');
-            const userName = currentButton.getAttribute('data-user-name');
 
             deleteModal.querySelector('#userId').textContent = userId;
-            deleteModal.querySelector('#userName').textContent = userName;
 
         });
 
@@ -123,7 +121,6 @@
         const deleteForm = document.getElementById('deleteForm');
         deleteForm.addEventListener('submit', async e => {
             e.preventDefault();
-            console.log(deleteForm);
             const userId = deleteModal.querySelector('#userId').textContent;
             const url = `/Users/Delete?uid=${userId}`;
 
@@ -298,6 +295,12 @@
 
         updateForm.addEventListener('submit', async e => {
             e.preventDefault();
+
+            const password = updateForm.querySelector('input[name="UserPassword"]').value;
+            if (password.length > 0 && !validatePassword(password)) {
+                showToast('@T["Password must be at least 8 characters long and include upper, lower, number, and special character"]', 'danger');
+                return;
+            }
             var dataFromEntries = Object.fromEntries(new FormData(updateForm).entries());
             var data = unflatten(dataFromEntries);
             data.Description.Groups = Array.from(updateForm.querySelector('#updateGroups').selectedOptions).map(option => option.value);
@@ -543,6 +546,13 @@
         // Submit create form
         createForm.addEventListener('submit', async e => {
             e.preventDefault();
+
+            const password = createForm.querySelector('input[name="UserPassword"]').value;
+            if (password == null || !validatePassword(password)) {
+                showToast('@T["Password must be at least 8 characters long and include upper, lower, number, and special character"]', 'danger');
+                return;
+            }
+
             const dataFromEntries = Object.fromEntries(new FormData(createForm).entries());
             const data = unflatten(dataFromEntries);
             data.Description.Groups = Array.from(createGroupsSelect.selectedOptions).map(o => o.value);
@@ -564,7 +574,7 @@
                     const newRow = document.createElement('tr');
                     newRow.innerHTML = `
                         <td><img class="rounded-circle user-icon" src="data:image/jpeg;base64,${data.JpegPhoto || ''}" alt="Photo" style="max-width:300px;" /></td>
-                        <td>${result.NewUid || ''}</td>
+                        <td>${result.Uid || ''}</td>
                         <td>${data.Title || ''}</td>
                         <td>${data.Cn || ''}</td>
                         <td>${data.Sn || ''}</td>
@@ -580,14 +590,14 @@
                                     data-user-groups='${JSON.stringify(data.Description?.Groups || [])}'
                                     data-bs-toggle="modal"
                                     data-bs-target="#updateModal">
-                                    Update
+                                    @T["Update"]
                                 </button>
                                 <button class="btn btn-sm btn-danger btn-delete"
                                     data-user-id="${result.NewUid || ''}"
                                     data-user-name="${data.Cn || ''}"
                                     data-bs-toggle="modal"
                                     data-bs-target="#deleteModal">
-                                    Delete
+                                    @T["Delete"]
                                 </button>
                             </div>
                         </td>
diff --git a/src/wwwroot/js/site.js b/src/wwwroot/js/site.js
index 801cd64..57d910d 100644
--- a/src/wwwroot/js/site.js
+++ b/src/wwwroot/js/site.js
@@ -187,4 +187,11 @@ async function loadUsersIntoSelect(selectElement, selectedValue = null) {
         console.error('Error loading users:', err);
         showToast(appTranslations.errorLoadingUsers, 'danger');
     }
+}
+
+function validatePassword(password) {
+    // Regex: min 8 chars, one uppercase, one lowercase, one number, one special char
+    const strongPasswordRegex =
+        /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[!@#$%^&*()_\-+=\[{\]};:'",<.>/?\\|`~]).{8,}$/;
+    return strongPasswordRegex.test(password);
 }
\ No newline at end of file