0

In my Symfony project I have performed simple password validation check.

What I am trying to do is to catch the Exception based on the message that is echoed in that method.

I have trouble figuring out how to implement that.

This is my pass check method:

public function validatePasswordStrength($password, $username): void
{
    $error = null;

    if ($password === '') {
        echo "Password not entered!";
    } elseif ($password === $username) {
        echo "Password and username can not be same!";
    } elseif (strlen($password) < 8) {
        echo "Password must be at least 8 characters long!";
    } elseif (!preg_match("#[a-z]+#", $password)) {
        echo "Password must include at least one lowercase letter!";
    } elseif (!preg_match("#[A-Z]+#", $password)) {
        echo "Password must include at least one uppercase letter!";
    } elseif (!preg_match("#\W+#", $password)) {
        echo "Password must include at least one symbol!";
    }

    if ($error) {
        throw new \Exception('Here I want to put echo message.');
    }
}

Actually the idea is to define any of this message and if statement is true thenthe Exception message should be the message from that statement. This was the idea.

And this is my endpoint method in Controller:

/**
 * @Route("/check-password", name="check_password")
 */
public function validatePassword(Request $request, $password = 'S0235ds-')
{
    $username = 'Apple';

    try {
        $this->methodService->validatePasswordStrength($password, $username);

        return $this->json(["message" => "SUCCESS"]);
    } catch (Exception $e) {
        return $this->json(["message" => $e->getMessage()], Response::HTTP_BAD_REQUEST);
    }
}
Improve this question
1
  • 3
    Given that you used the Symfony tag on your question, why not use the Symfony validator component? It may take you a bit to understand how to produce a custom validator but once you know how to do that it will save you a great deal of time and boilerplate code. And the suggestion below to not use exceptions is a good one. Pretty much anytime you find yourself tempted to catch an exception strongly implies an exception should not be used. Commented Dec 8, 2020 at 13:35

2 Answers 2

Reset to default
2

Don't use exceptions for validation - especially since you have no use of the Exception besides the message itself, because it contains so much more information than just the message. Exceptions are meant for something - as the name suggests - exceptional, out of the ordinary. Invalid user input is hardly exceptional, in fact it's a very common occurrence.

Rearrange your code so that it returns the error message which you can then capture in your controller:

public function validatePasswordStrength($password, $username): string
{
    if ($password === '') {
        return "Password not entered!";
    }
    if ($password === $username) {
        return "Password and username can not be same!";
    }
    if (strlen($password) < 8) {
        return "Password must be at least 8 characters long!";
    }
    if (!preg_match("#[a-z]+#", $password)) {
        return "Password must include at least one lowercase letter!";
    }
    if (!preg_match("#[A-Z]+#", $password)) {
        return "Password must include at least one uppercase letter!";
    }
    if (!preg_match("#\W+#", $password)) {
        return "Password must include at least one symbol!";
    }

    return '';
}

/**
 * @Route("/check-password", name="check_password")
 */
public function validatePassword(Request $request, $password = 'S0235ds-')
{
    $username = 'Apple';
    $errorMessage = $this->methodService->validatePasswordStrength($password, $username);
    if ($errorMessage) {
        return $this->json(["message" => $errorMessage], Response::HTTP_BAD_REQUEST);
    }
    return $this->json(["message" => "SUCCESS"]);
}

Simpler, cleaner and does not unnecessarily use a complex construct that is an Exception object.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Something like?

public function validatePasswordStrength($password, $username): void
{
    $error = null;

    if ($password === '') {
        $error = "Password not entered!";
    } elseif ($password === $username) {
        $error = "Password and username can not be same!";
    } elseif (strlen($password) < 8) {
        $error = "Password must be at least 8 characters long!";
    } elseif (!preg_match("#[a-z]+#", $password)) {
        $error = "Password must include at least one lowercase letter!";
    } elseif (!preg_match("#[A-Z]+#", $password)) {
        $error = "Password must include at least one uppercase letter!";
    } elseif (!preg_match("#\W+#", $password)) {
        $error = "Password must include at least one symbol!";
    }

    if ($error) {
        echo $error; // I am not sure you need this, but just to make it behave the same as your original code.
        throw new \Exception($error);
    }
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.