Bug 18298: minPaswordLength should not be < 3

Indeed if RequireStrongPassword is set we need at least 3 characters to
match 1 upper, 1 lower and 1 digit.
We could make things more complicated to allow minPasswordLength < 3
but, really, 3 is already too low...

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

C4/Auth.pm

@@ -417,6 +417,8 @@ sub get_template_and_user {
     my $https = $in->{query}->https();
     my $using_https = ( defined $https and $https ne 'OFF' ) ? 1 : 0;
 
+    my $minPasswordLength = C4::Context->preference('minPasswordLength');
+    $minPasswordLength = 3 if not $minPasswordLength or $minPasswordLength < 3;
     $template->param(
         "BiblioDefaultView" . C4::Context->preference("BiblioDefaultView") => 1,
         EnhancedMessagingPreferences                                       => C4::Context->preference('EnhancedMessagingPreferences'),
@@ -438,6 +440,7 @@ sub get_template_and_user {
         noItemTypeImages   => C4::Context->preference("noItemTypeImages"),
         marcflavour        => C4::Context->preference("marcflavour"),
         OPACBaseURL        => C4::Context->preference('OPACBaseURL'),
+        minPasswordLength  => $minPasswordLength,
     );
     if ( $in->{'type'} eq "intranet" ) {
         $template->param(

koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt

@@ -911,7 +911,7 @@ $(document).ready(function() {
 			[% END %]
 			[% END %]
 	  [% IF ( mandatorypassword ) %]<span class="required">Required</span>[% END %][% IF ( ERROR_short_password ) %]<span class="required">Password is too short</span>[% END %]
-[% IF ( minPasswordLength ) %]<div class="hint">Minimum password length: [% minPasswordLength %]</div>[% END %]
+    <div class="hint">Minimum password length: [% minPasswordLength %]</div>
 		</li>
 		<li>
 			[% IF ( mandatorypassword ) %]

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt

@@ -799,16 +799,12 @@
                 [% UNLESS action == 'edit' || hidden.defined('password') %]
                     <fieldset class="rows" id="memberentry_password">
                         <legend id="contact_legend">Password</legend>
-                        [% IF Koha.Preference('minPasswordLength') || !mandatory.defined('password') %]
-                            <div class="alert alert-info">
-                                [% IF Koha.Preference('minPasswordLength') %]
-                                    <p>Your password must be at least [% Koha.Preference('minPasswordLength') %] characters long.</p>
-                                [% END %]
-                                [% UNLESS mandatory.defined('password') %]
-                                    <div>If you do not enter a password a system generated password will be created.</div>
-                                [% END %]
-                            </div>
-                        [% END %]
+                        <div class="alert alert-info">
+                            <p>Your password must be at least [% Koha.Preference('minPasswordLength') %] characters long.</p>
+                            [% UNLESS mandatory.defined('password') %]
+                                <div>If you do not enter a password a system generated password will be created.</div>
+                            [% END %]
+                        </div>
 
                         [% IF mandatory.defined('password') %]
                             <ol>

koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt

@@ -33,7 +33,7 @@
                                 Passwords do not match.  Please re-type your new password.
                                 [% END %]
                                 [% IF ( ShortPass ) %]
-                                Your new password must be at least [% minpasslen %] characters long.
+                                Your new password must be at least [% minPasswordLength%] characters long.
                                 [% END %]
                                 [% IF ( WrongPass ) %]
                                 Your current password was entered incorrectly.  If this problem persists, please ask a librarian to reset your password for you.
@@ -50,7 +50,7 @@
 
                             <form action="/cgi-bin/koha/opac-passwd.pl" name="mainform" id="mainform" method="post">
                                 <fieldset>
-                                    [% UNLESS ( ShortPass ) %]<div class="alert alert-info">Your password must be at least [% minpasslen %] characters long.</div>[% END %]
+                                    [% UNLESS ( ShortPass ) %]<div class="alert alert-info">Your password must be at least [% minPasswordLength%] characters long.</div>[% END %]
                                     <label for="Oldkey">Current password:</label> <input type="password" id="Oldkey" size="25"  name="Oldkey" />
                                     <label for="Newkey">New password:</label> <input type="password" id="Newkey"  size="25"  name="Newkey" />
                                     <label for="Confirm">Re-type new password:</label> <input type="password"  id="Confirm" size="25" name="Confirm" />

members/member-password.pl

@@ -67,6 +67,7 @@ if ( ( $member ne $loggedinuser ) && ( $category_type eq 'S' ) ) {
 push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) );
 
 my $minpw = C4::Context->preference('minPasswordLength');
+$minpw = 3 if not $minpw or $minpw < 3;
 push( @errors, 'SHORTPASSWORD' ) if ( $newpassword && $minpw && ( length($newpassword) < $minpw ) );
 
 if ( $newpassword && !scalar(@errors) ) {

members/memberentry.pl

@@ -133,9 +133,6 @@ if ( $input->param('add_debarment') ) {
 
 $template->param("uppercasesurnames" => C4::Context->preference('uppercasesurnames'));
 
-my $minpw = C4::Context->preference('minPasswordLength');
-$template->param("minPasswordLength" => $minpw);
-
 # function to designate mandatory fields (visually with css)
 my $check_BorrowerMandatoryField=C4::Context->preference("BorrowerMandatoryField");
 my @field_check=split(/\|/,$check_BorrowerMandatoryField);
@@ -360,6 +357,8 @@ if ($op eq 'save' || $op eq 'insert'){
   my $password = $input->param('password');
   my $password2 = $input->param('password2');
   push @errors, "ERROR_password_mismatch" if ( $password ne $password2 );
+  my $minpw = C4::Context->preference('minPasswordLength');
+  $minpw = 3 if not $minpw or $minpw < 3;
   push @errors, "ERROR_short_password" if( $password && $minpw && $password ne '****' && (length($password) < $minpw) );
 
   # Validate emails

opac/opac-memberentry.pl

@@ -387,6 +387,7 @@ sub CheckMandatoryFields {
 
 sub CheckForInvalidFields {
     my $minpw = C4::Context->preference('minPasswordLength');
+    $minpw = 3 if not $minpw or $minpw < 3;
     my $borrower = shift;
     my @invalidFields;
     if ($borrower->{'email'}) {

opac/opac-passwd.pl

@@ -47,6 +47,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user(
 
 my $patron = Koha::Patrons->find( $borrowernumber );
 my $minpasslen = C4::Context->preference("minPasswordLength");
+$minpasslen = 3 if not $minpasslen or $minpasslen < 3;
 if ( C4::Context->preference("OpacPasswordChange") ) {
     my $sth =  $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?");
     if (   $query->param('Oldkey')
@@ -107,8 +108,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) {
 $template->param(
     firstname  => $patron->firstname,
     surname    => $patron->surname,
-    minpasslen => $minpasslen,
-    passwdview => 1
+    passwdview => 1,
 );
 
 

opac/opac-password-recovery.pl

@@ -28,7 +28,6 @@ my ( $template, $dummy, $cookie ) = get_template_and_user(
 my $email          = $query->param('email') // q{};
 my $password       = $query->param('password');
 my $repeatPassword = $query->param('repeatPassword');
-my $minPassLength  = C4::Context->preference('minPasswordLength');
 my $id             = $query->param('id');
 my $uniqueKey      = $query->param('uniqueKey');
 my $username       = $query->param('username');
@@ -145,6 +144,8 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) {
 elsif ( $query->param('passwordReset') ) {
     ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey);
 
+    my $minPassLength = C4::Context->preference('minPasswordLength');
+    $minPassLength = 3 if not $minPassLength or $minPassLength < 3;
     #validate password length & match
     if (   ($borrower_number)
         && ( $password eq $repeatPassword )
@@ -169,7 +170,6 @@ elsif ( $query->param('passwordReset') ) {
         }
         $template->param(
             new_password    => 1,
-            minPassLength   => $minPassLength,
             email           => $email,
             uniqueKey       => $uniqueKey,
             errLinkNotValid => $errLinkNotValid,
@@ -189,7 +189,6 @@ elsif ($uniqueKey) {    #reset password form
 
     $template->param(
         new_password    => 1,
-        minPassLength   => $minPassLength,
         email           => $email,
         uniqueKey       => $uniqueKey,
         username        => $username,