From ec4e666bc52b20089f3720d2e2d523fbdcfcf2eb Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Thu, 16 Mar 2017 23:01:34 -0300 Subject: [PATCH] Bug 18298: minPaswordLength should not be < 3 MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Indeed if RequireStrongPassword is set we need at least 3 characters to match 1 upper, 1 lower and 1 digit. We could make things more complicated to allow minPasswordLength < 3 but, really, 3 is already too low... Signed-off-by: Marc Véron Signed-off-by: Tomas Cohen Arazi Signed-off-by: Jonathan Druart --- C4/Auth.pm | 3 +++ .../prog/en/modules/members/memberentrygen.tt | 2 +- .../bootstrap/en/modules/opac-memberentry.tt | 16 ++++++---------- .../bootstrap/en/modules/opac-passwd.tt | 4 ++-- members/member-password.pl | 1 + members/memberentry.pl | 5 ++--- opac/opac-memberentry.pl | 1 + opac/opac-passwd.pl | 4 ++-- opac/opac-password-recovery.pl | 5 ++--- 9 files changed, 20 insertions(+), 21 deletions(-) diff --git a/C4/Auth.pm b/C4/Auth.pm index d22e93590a..11f57b275b 100644 --- a/C4/Auth.pm +++ b/C4/Auth.pm @@ -417,6 +417,8 @@ sub get_template_and_user { my $https = $in->{query}->https(); my $using_https = ( defined $https and $https ne 'OFF' ) ? 1 : 0; + my $minPasswordLength = C4::Context->preference('minPasswordLength'); + $minPasswordLength = 3 if not $minPasswordLength or $minPasswordLength < 3; $template->param( "BiblioDefaultView" . C4::Context->preference("BiblioDefaultView") => 1, EnhancedMessagingPreferences => C4::Context->preference('EnhancedMessagingPreferences'), @@ -438,6 +440,7 @@ sub get_template_and_user { noItemTypeImages => C4::Context->preference("noItemTypeImages"), marcflavour => C4::Context->preference("marcflavour"), OPACBaseURL => C4::Context->preference('OPACBaseURL'), + minPasswordLength => $minPasswordLength, ); if ( $in->{'type'} eq "intranet" ) { $template->param( diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt index 745fa5dc84..df84f9c982 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt @@ -911,7 +911,7 @@ $(document).ready(function() { [% END %] [% END %] [% IF ( mandatorypassword ) %]Required[% END %][% IF ( ERROR_short_password ) %]Password is too short[% END %] -[% IF ( minPasswordLength ) %]
Minimum password length: [% minPasswordLength %]
[% END %] +
Minimum password length: [% minPasswordLength %]
  • [% IF ( mandatorypassword ) %] diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt index 588ad25631..8730c47e5e 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt @@ -799,16 +799,12 @@ [% UNLESS action == 'edit' || hidden.defined('password') %]
    Password - [% IF Koha.Preference('minPasswordLength') || !mandatory.defined('password') %] -
    - [% IF Koha.Preference('minPasswordLength') %] -

    Your password must be at least [% Koha.Preference('minPasswordLength') %] characters long.

    - [% END %] - [% UNLESS mandatory.defined('password') %] -
    If you do not enter a password a system generated password will be created.
    - [% END %] -
    - [% END %] +
    +

    Your password must be at least [% Koha.Preference('minPasswordLength') %] characters long.

    + [% UNLESS mandatory.defined('password') %] +
    If you do not enter a password a system generated password will be created.
    + [% END %] +
    [% IF mandatory.defined('password') %]
      diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt index baa083b4dc..307f71d728 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt @@ -33,7 +33,7 @@ Passwords do not match. Please re-type your new password. [% END %] [% IF ( ShortPass ) %] - Your new password must be at least [% minpasslen %] characters long. + Your new password must be at least [% minPasswordLength%] characters long. [% END %] [% IF ( WrongPass ) %] Your current password was entered incorrectly. If this problem persists, please ask a librarian to reset your password for you. @@ -50,7 +50,7 @@
      - [% UNLESS ( ShortPass ) %]
      Your password must be at least [% minpasslen %] characters long.
      [% END %] + [% UNLESS ( ShortPass ) %]
      Your password must be at least [% minPasswordLength%] characters long.
      [% END %] diff --git a/members/member-password.pl b/members/member-password.pl index 037828c411..a3c36e5348 100755 --- a/members/member-password.pl +++ b/members/member-password.pl @@ -67,6 +67,7 @@ if ( ( $member ne $loggedinuser ) && ( $category_type eq 'S' ) ) { push( @errors, 'NOMATCH' ) if ( ( $newpassword && $newpassword2 ) && ( $newpassword ne $newpassword2 ) ); my $minpw = C4::Context->preference('minPasswordLength'); +$minpw = 3 if not $minpw or $minpw < 3; push( @errors, 'SHORTPASSWORD' ) if ( $newpassword && $minpw && ( length($newpassword) < $minpw ) ); if ( $newpassword && !scalar(@errors) ) { diff --git a/members/memberentry.pl b/members/memberentry.pl index c58b2a9bff..8661a59fb0 100755 --- a/members/memberentry.pl +++ b/members/memberentry.pl @@ -133,9 +133,6 @@ if ( $input->param('add_debarment') ) { $template->param("uppercasesurnames" => C4::Context->preference('uppercasesurnames')); -my $minpw = C4::Context->preference('minPasswordLength'); -$template->param("minPasswordLength" => $minpw); - # function to designate mandatory fields (visually with css) my $check_BorrowerMandatoryField=C4::Context->preference("BorrowerMandatoryField"); my @field_check=split(/\|/,$check_BorrowerMandatoryField); @@ -360,6 +357,8 @@ if ($op eq 'save' || $op eq 'insert'){ my $password = $input->param('password'); my $password2 = $input->param('password2'); push @errors, "ERROR_password_mismatch" if ( $password ne $password2 ); + my $minpw = C4::Context->preference('minPasswordLength'); + $minpw = 3 if not $minpw or $minpw < 3; push @errors, "ERROR_short_password" if( $password && $minpw && $password ne '****' && (length($password) < $minpw) ); # Validate emails diff --git a/opac/opac-memberentry.pl b/opac/opac-memberentry.pl index 9784a3deef..f7d08b65c9 100755 --- a/opac/opac-memberentry.pl +++ b/opac/opac-memberentry.pl @@ -387,6 +387,7 @@ sub CheckMandatoryFields { sub CheckForInvalidFields { my $minpw = C4::Context->preference('minPasswordLength'); + $minpw = 3 if not $minpw or $minpw < 3; my $borrower = shift; my @invalidFields; if ($borrower->{'email'}) { diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl index c21e124e60..bef1f99aae 100755 --- a/opac/opac-passwd.pl +++ b/opac/opac-passwd.pl @@ -47,6 +47,7 @@ my ( $template, $borrowernumber, $cookie ) = get_template_and_user( my $patron = Koha::Patrons->find( $borrowernumber ); my $minpasslen = C4::Context->preference("minPasswordLength"); +$minpasslen = 3 if not $minpasslen or $minpasslen < 3; if ( C4::Context->preference("OpacPasswordChange") ) { my $sth = $dbh->prepare("UPDATE borrowers SET password = ? WHERE borrowernumber=?"); if ( $query->param('Oldkey') @@ -107,8 +108,7 @@ if ( C4::Context->preference("OpacPasswordChange") ) { $template->param( firstname => $patron->firstname, surname => $patron->surname, - minpasslen => $minpasslen, - passwdview => 1 + passwdview => 1, ); diff --git a/opac/opac-password-recovery.pl b/opac/opac-password-recovery.pl index 89651b46be..1a4abf7181 100755 --- a/opac/opac-password-recovery.pl +++ b/opac/opac-password-recovery.pl @@ -28,7 +28,6 @@ my ( $template, $dummy, $cookie ) = get_template_and_user( my $email = $query->param('email') // q{}; my $password = $query->param('password'); my $repeatPassword = $query->param('repeatPassword'); -my $minPassLength = C4::Context->preference('minPasswordLength'); my $id = $query->param('id'); my $uniqueKey = $query->param('uniqueKey'); my $username = $query->param('username'); @@ -145,6 +144,8 @@ if ( $query->param('sendEmail') || $query->param('resendEmail') ) { elsif ( $query->param('passwordReset') ) { ( $borrower_number, $username ) = GetValidLinkInfo($uniqueKey); + my $minPassLength = C4::Context->preference('minPasswordLength'); + $minPassLength = 3 if not $minPassLength or $minPassLength < 3; #validate password length & match if ( ($borrower_number) && ( $password eq $repeatPassword ) @@ -169,7 +170,6 @@ elsif ( $query->param('passwordReset') ) { } $template->param( new_password => 1, - minPassLength => $minPassLength, email => $email, uniqueKey => $uniqueKey, errLinkNotValid => $errLinkNotValid, @@ -189,7 +189,6 @@ elsif ($uniqueKey) { #reset password form $template->param( new_password => 1, - minPassLength => $minPassLength, email => $email, uniqueKey => $uniqueKey, username => $username, -- 2.39.5