From 1b8f3194e9f616f46260c849eda5a9f6c717d5fa Mon Sep 17 00:00:00 2001 From: Jonathan Druart Date: Tue, 14 Jul 2015 15:33:34 +0100 Subject: [PATCH] Bug 14509: Reject invalid passwords MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Bug 10177 rejects password with leading or trailing whitespaces, but only on the member-password page. It's not consistent to only do this check on 1 place. This patch adds the check for the 2 other places: memberentry and at the OPAC. Test plan: 1/ Edit a patron and set a password with leading and/or trailing whitespaces. You should not be allowed to do it (no server side check). 2/ Same at the OPAC ("Change you password" tab). Here there is a server side check. Followed test plan. Works as expected. Signed-off-by: Marc Véron Signed-off-by: Marcel de Rooy Signed-off-by: Tomas Cohen Arazi --- koha-tmpl/intranet-tmpl/prog/en/js/members.js | 11 +++++++++++ .../prog/en/modules/members/member-password.tt | 5 +++-- .../prog/en/modules/members/memberentrygen.tt | 1 + .../opac-tmpl/bootstrap/en/modules/opac-passwd.tt | 3 +++ opac/opac-passwd.pl | 8 +++++++- 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/koha-tmpl/intranet-tmpl/prog/en/js/members.js b/koha-tmpl/intranet-tmpl/prog/en/js/members.js index 44ea578517..75e230bd66 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/js/members.js +++ b/koha-tmpl/intranet-tmpl/prog/en/js/members.js @@ -81,6 +81,12 @@ var myDate2=document.form.dateexpiry.value.split ('/'); } //end function +function check_password( password ) { + if ( password.match(/^\s/) || password.match(/\s$/)) { + return false; + } + return true; +} // function to test all fields in forms and nav in different forms(1 ,2 or 3) function check_form_borrowers(nav){ @@ -106,6 +112,11 @@ function check_form_borrowers(nav){ statut=1; } + if ( ! check_password( document.form.password.value ) ) { + message_champ += MSG_PASSWORD_CONTAINS_TRAILING_SPACES; + statut = 1; + } + //patrons form to test if you checked no to the question of double if (statut!=1 && document.form.check_member.value > 0 ) { if (!(document.form_double.answernodouble.checked)){ diff --git a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt index 4cb04ef5d7..6b0e965575 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt +++ b/koha-tmpl/intranet-tmpl/prog/en/modules/members/member-password.tt @@ -4,13 +4,14 @@ diff --git a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt index 8c6ad5fa90..f2766c95bd 100644 --- a/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt +++ b/koha-tmpl/opac-tmpl/bootstrap/en/modules/opac-passwd.tt @@ -38,6 +38,9 @@ [% IF ( WrongPass ) %] Your current password was entered incorrectly. If this problem persists, please ask a librarian to re-set your password for you. [% END %] + [% IF PasswordContainsTrailingSpaces %] + Your password contains leading and/or trailing spaces. + [% END %]

[% END # /IF Error_messages %] diff --git a/opac/opac-passwd.pl b/opac/opac-passwd.pl index 2eaf6ccb87..56e99675e4 100755 --- a/opac/opac-passwd.pl +++ b/opac/opac-passwd.pl @@ -54,7 +54,13 @@ if ( C4::Context->preference("OpacPasswordChange") ) { && $query->param('Confirm') ) { if ( goodkey( $dbh, $borrowernumber, $query->param('Oldkey') ) ) { - if ( $query->param('Newkey') eq $query->param('Confirm') + if ( $query->param('Newkey') =~ m|^\s+| or $query->param('Newkey') =~ m|\s+$| ) { + $template->param( + Error_messages => 1, + PasswordContainsTrailingSpaces => 1, + ); + } + elsif ( $query->param('Newkey') eq $query->param('Confirm') && length( $query->param('Confirm') ) >= $minpasslen ) { # Record password my $clave = hash_password( $query->param('Newkey') ); -- 2.39.5