Bug 14509: Reject invalid passwords

Bug 10177 rejects password with leading or trailing whitespaces, but only on the member-password page. It's not consistent to only do this check on 1 place. This patch adds the check for the 2 other places: memberentry and at the OPAC. Test plan: 1/ Edit a patron and set a password with leading and/or trailing whitespaces. You should not be allowed to do it (no server side check). 2/ Same at the OPAC ("Change you password" tab). Here there is a server side check. Followed test plan. Works as expected. Signed-off-by: Marc Véron <veron@veron.ch> Signed-off-by: Marcel de Rooy <m.de.rooy@rijksmuseum.nl> Signed-off-by: Tomas Cohen Arazi <tomascohen@unc.edu.ar>
2015-07-14 15:33:34 +01:00 · 2015-07-14 15:33:34 +01:00 · 1b8f3194e9
commit 1b8f3194e9
parent 2d69e143d8
5 changed files with 25 additions and 3 deletions
--- a/koha-tmpl/intranet-tmpl/prog/en/js/members.js
+++ b/koha-tmpl/intranet-tmpl/prog/en/js/members.js
@ -81,6 +81,12 @@ var myDate2=document.form.dateexpiry.value.split ('/');
 }
 //end function

+function check_password( password ) {
+    if ( password.match(/^\s/) || password.match(/\s$/)) {
+        return false;
+    }
+    return true;
+}

 // function to test all fields in forms and nav in different forms(1 ,2 or 3)
 function check_form_borrowers(nav){
@ -106,6 +112,11 @@ function check_form_borrowers(nav){
            statut=1;
    }

+    if ( ! check_password( document.form.password.value ) ) {
+        message_champ += MSG_PASSWORD_CONTAINS_TRAILING_SPACES;
+        statut = 1;
+    }
+
    //patrons form to test if you checked no to the question of double
    if (statut!=1 && document.form.check_member.value > 0 ) {
        if (!(document.form_double.answernodouble.checked)){
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt
@ -4,13 +4,14 @@
 <script type="text/JavaScript">
 //<![CDATA[
    $(document).ready(function() {
+        var MSG_PASSWORD_CONTAINS_TRAILING_SPACES = _("Password contains leading and/or trailing spaces.");
        $("#changepasswordf").submit(function(){
            if($("input[name='newpassword']").val() != $("input[name='newpassword2']").val()){
                alert(_("Passwords do not match"));
                return false;
            } else {
-                if ($("input[name='newpassword']").val().match(/^\s/) || $("input[name='newpassword']").val().match(/\s$/)) {
-                  alert(_("Password contains leading and/or trailing spaces."));
+                if ( ! check_password( $("input[name='newpassword']").val() ) ) {
+                  alert(MSG_PASSWORD_CONTAINS_TRAILING_SPACES);
                  return false;
              } else {
                return true;
--- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
+++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt
@ -156,6 +156,7 @@
        var MSG_LATE_EXPIRY = _("Warning: Expiration date falls before enrollment date");
        var MSG_DUPLICATE_SUSPICION = _("Please confirm whether this is a duplicate patron");
        var MSG_PASSWORD_MISMATCH = _("The passwords entered do not match");
+        var MSG_PASSWORD_CONTAINS_TRAILING_SPACES = _("Password contains leading and/or trailing spaces.");
 //]]>
 </script>
 <script type="text/javascript" src="[% themelang %]/js/members.js"></script>
--- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt
+++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt
@ -38,6 +38,9 @@
                                [% IF ( WrongPass ) %]
                                Your current password was entered incorrectly.  If this problem persists, please ask a librarian to re-set your password for you.
                                [% END %]
+                                [% IF PasswordContainsTrailingSpaces %]
+                                    Your password contains leading and/or trailing spaces.
+                                [% END %]
                            </p>
                        </div>
                    [% END # /IF Error_messages %]
--- a/opac/opac-passwd.pl
+++ b/opac/opac-passwd.pl
@ -54,7 +54,13 @@ if ( C4::Context->preference("OpacPasswordChange") ) {
        && $query->param('Confirm') )
    {
        if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) {
-            if ( $query->param('Newkey') eq $query->param('Confirm')
+            if ( $query->param('Newkey') =~ m|^\s+| or $query->param('Newkey') =~ m|\s+$| ) {
+                $template->param(
+                    Error_messages => 1,
+                    PasswordContainsTrailingSpaces => 1,
+                );
+            }
+            elsif ( $query->param('Newkey') eq $query->param('Confirm')
                && length( $query->param('Confirm') ) >= $minpasslen )
            {    # Record password
                my $clave = hash_password( $query->param('Newkey') );