git.koha-community.org Git - koha.git/commit

Bug 18298: Add server-side checks and refactor stuffs

Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron@veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>
Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>

author	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Fri, 17 Mar 2017 02:03:20 +0000 (23:03 -0300)
committer	Jonathan Druart <jonathan.druart@bugs.koha-community.org>
	Mon, 16 Oct 2017 12:44:32 +0000 (09:44 -0300)
commit	3f9da34683d7f87570e73b5c401a1a0e4a8604ac
tree	9aa8bb928bd4f09b38e4da2c9b42d2eecd8d71a5	tree \| snapshot
parent	f2a1b215dd27c6cb9ed1b45a0613886843c6ba7d	commit \| diff

Koha/AuthUtils.pm		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt		diff \| blob \| history
koha-tmpl/intranet-tmpl/prog/en/modules/members/memberentrygen.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-memberentry.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt		diff \| blob \| history
koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-password-recovery.tt		diff \| blob \| history
members/member-password.pl		diff \| blob \| history
members/memberentry.pl		diff \| blob \| history
opac/opac-memberentry.pl		diff \| blob \| history
opac/opac-passwd.pl		diff \| blob \| history
opac/opac-password-recovery.pl		diff \| blob \| history
t/AuthUtils.t		diff \| blob \| history