package EnsEMBL::Web::Filter::PasswordSecure;

use strict;
use warnings;

use EnsEMBL::Web::RegObj;

use base qw(EnsEMBL::Web::Filter);

### Checks if a password is strong enough to satisfy minimum security standards
### Also, expects two copies of the password and checks they are identical

{

sub BUILD {
  my ($self, $ident, $args) = @_;
  ## Set the messages hash here
  $self->set_messages({
    'insecure' => 'Passwords must be at least 6 characters long and include both letters and numbers.',
    'mismatch' => 'Sorry, your passwords did not match. Please try again.',
  });
}

sub catch {
  my ($self) = @_;
  $self->set_redirect('/Account/Password');
  my $object = $self->object;
  my $password_1 = $object->param('new_password_1');
  my $password_2 = $object->param('new_password_2');

  if ($password_1 eq $password_2) {
    unless (length($password_1) > 5 && $password_1 =~ /[a-zA-Z]+/ && $password_1 =~ /[0-9]+/) {
      $self->set_error_code('insecure');
    }
  }
  else {
    $self->set_error_code('mismatch');
  }
}

}

1;