From 48bf229cc804b0624555137687527e1e23fa22f8 Mon Sep 17 00:00:00 2001 From: Alex Buckley Date: Sat, 21 Oct 2017 00:54:23 +0000 Subject: [PATCH] Bug 19514: Implement password restrictions into onboarding tool Test plan: 1. Drop and recreate your database 2. Restart memcached 3. Go through the web installer 4. In the onboarding tool create a patron with a password of only 2 characters in length 5. Notice the patron is successfully created and no warning message is displayed 6. Repeat step 1,2,3 and create a patron with a password of 3 characters none of which are a uppercase letter or number and notice the patron is successfully created and no warning message is displayed 7. Apply patch 8. Repeat steps 1,2,3 and create a patron with a password consisting of 2 characters, notice that after submitting the form the same form is loaded again and there is a warning message at the top of the page informing you the patron wasn't created 9. Repeat steps 1,2,3 and create a patron with a password consisting of 3 characters (all lower case) and submit the form, notice the same form is reloaded and a warning message at the top of the page informs you that the patron wasn't created because the password was weak 10. Repeat steps 1,2,3 and create a patron with a password consisting of 3 characters (one lower case letter, one upper case letter and one number) and submit the form and notice this time the next form in the onboarding is displayed with the message at the top of the screen informing you that the patron was successfully created Sponsored-By: Catalyst IT Signed-off-by: Marcel de Rooy Signed-off-by: David Bourgault Signed-off-by: Josef Moravec Signed-off-by: Jonathan Druart --- installer/onboarding.pl | 9 ++++++++- .../prog/en/includes/onboarding_messages.inc | 6 ++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/installer/onboarding.pl b/installer/onboarding.pl index 8b032c999b..76cc70810a 100755 --- a/installer/onboarding.pl +++ b/installer/onboarding.pl @@ -146,6 +146,8 @@ if ( $step == 3 ) { my $cardnumber = $input->param('cardnumber'); my $userid = $input->param('userid'); + my ( $is_valid, $passworderror) = Koha::AuthUtils::is_password_valid( $firstpassword ); + if ( my $error_code = checkcardnumber($cardnumber) ) { if ( $error_code == 1 ) { push @messages, { code => 'ERROR_cardnumber_already_exists' }; @@ -158,8 +160,13 @@ if ( $step == 3 ) { push @messages, { code => 'ERROR_password_mismatch' }; } - else { + elsif ( $passworderror) { + push @messages, { code => 'ERROR_password_too_short'} if $passworderror eq 'too_short'; + push @messages, { code => 'ERROR_password_too_weak'} if $passworderror eq 'too_weak'; + push @messages, { code => 'ERROR_password_has_whitespaces'} if $passworderror eq 'has_whitespaces'; + } + else { my $patron_data = { surname => scalar $input->param('surname'), firstname => scalar $input->param('firstname'), diff --git a/koha-tmpl/intranet-tmpl/prog/en/includes/onboarding_messages.inc b/koha-tmpl/intranet-tmpl/prog/en/includes/onboarding_messages.inc index d817401964..fbe0d3a635 100644 --- a/koha-tmpl/intranet-tmpl/prog/en/includes/onboarding_messages.inc +++ b/koha-tmpl/intranet-tmpl/prog/en/includes/onboarding_messages.inc @@ -26,6 +26,12 @@
Circulation rule created!
[% CASE 'error_on_insert_circ_rule' %]
Circulation rule not created!
+ [% CASE 'ERROR_password_too_short' %] +
The patron has not been created the entered password was too short
+ [% CASE 'ERROR_password_too_weak' %] +
The patron has not been created the entered password was too weak, must contain at least one uppercase, and lower case letter and one number
+ [% CASE 'ERROR_password_has_whitespaces' %] +
The patron has not been created the entered password contained whitespaces
[% CASE %][% message %] [% END %] [% END %] -- 2.39.5