feat: password check hook (#11853)

* feat: filter:password.check hook

As requested on Discord, hopefully including all relevant user data

* fix: don't use caller uid

* feat: don't forward username separately

src/controllers/authentication.js

@@ -102,6 +102,8 @@ authenticationController.register = async function (req, res) {
 
 		user.isPasswordValid(userData.password);
 
+		await plugins.hooks.fire('filter:password.check', { password: userData.password, uid: 0, userData: userData });
+
 		res.locals.processLogin = true; // set it to false in plugin if you wish to just register only
 		await plugins.hooks.fire('filter:register.check', { req: req, res: res, userData: userData });
 

src/user/profile.js

@@ -310,6 +310,8 @@ module.exports = function (User) {
 			throw new Error('[[user:change_password_error_privileges]]');
 		}
 
+		await plugins.hooks.fire('filter:password.check', { password: data.newPassword, uid: data.uid });
+
 		if (isSelf && hasPassword) {
 			const correct = await User.isPasswordCorrect(data.uid, data.currentPassword, data.ip);
 			if (!correct) {

src/user/reset.js

@@ -12,6 +12,7 @@ const db = require('../database');
 const meta = require('../meta');
 const emailer = require('../emailer');
 const Password = require('../password');
+const plugins = require('../plugins');
 
 const UserReset = module.exports;
 
@@ -92,8 +93,11 @@ UserReset.commit = async function (code, password) {
 	}
 	const userData = await db.getObjectFields(
 		`user:${uid}`,
-		['password', 'passwordExpiry', 'password:shaWrapped']
+		['password', 'passwordExpiry', 'password:shaWrapped', 'username']
 	);
+
+	await plugins.hooks.fire('filter:password.check', { password: password, uid });
+
 	const ok = await Password.compare(password, userData.password, !!parseInt(userData['password:shaWrapped'], 10));
 	if (ok) {
 		throw new Error('[[error:reset-same-password]]');