Allowed all special chars and rule to disable local password policy (#2266)
This commit is contained in:
Christophe Maudoux
parent
39ba25f91d
commit
0a4812203c
|
|
@ -224,14 +224,14 @@ sub defaultValues {
|
|||
'pamAuthnLevel' => 2,
|
||||
'pamService' => 'login',
|
||||
'passwordDB' => 'Demo',
|
||||
'passwordPolicy' => 1,
|
||||
'passwordPolicyMinDigit' => 0,
|
||||
'passwordPolicyMinLower' => 0,
|
||||
'passwordPolicyMinSize' => 0,
|
||||
'passwordPolicyMinSpeChar' => 0,
|
||||
'passwordPolicyMinUpper' => 0,
|
||||
'passwordPolicySpecialChar' =>
|
||||
'! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
|
||||
'passwordResetAllowedRetries' => 3,
|
||||
'passwordPolicySpecialChar' => '__ALL__',
|
||||
'passwordResetAllowedRetries' => 3,
|
||||
'persistentSessionAttributes' =>
|
||||
'_loginHistory _2fDevices notification_',
|
||||
'port' => -1,
|
||||
|
|
|
|||
|
|
@ -2483,6 +2483,13 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
],
|
||||
'type' => 'select'
|
||||
},
|
||||
'passwordPolicy' => {
|
||||
'default' => 1,
|
||||
'test' => sub {
|
||||
return perlExpr(@_);
|
||||
},
|
||||
'type' => 'text'
|
||||
},
|
||||
'passwordPolicyMinDigit' => {
|
||||
'default' => 0,
|
||||
'type' => 'int'
|
||||
|
|
@ -2504,8 +2511,8 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?:
|
|||
'type' => 'int'
|
||||
},
|
||||
'passwordPolicySpecialChar' => {
|
||||
'default' => '! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
|
||||
'test' => qr/^[\s\W_]*$/,
|
||||
'default' => '__ALL__',
|
||||
'test' => qr/^(?:__ALL__|[\S\W]*)$/,
|
||||
'type' => 'text'
|
||||
},
|
||||
'passwordResetAllowedRetries' => {
|
||||
|
|
|
|||
|
|
@ -1454,6 +1454,12 @@ sub attributes {
|
|||
type => 'bool',
|
||||
documentation => 'Hide old password in portal',
|
||||
},
|
||||
passwordPolicy => {
|
||||
type => 'text',
|
||||
test => sub { return perlExpr(@_) },
|
||||
default => 1,
|
||||
documentation => 'Enable password policy',
|
||||
},
|
||||
passwordPolicyMinSize => {
|
||||
default => 0,
|
||||
type => 'int',
|
||||
|
|
@ -1480,9 +1486,9 @@ sub attributes {
|
|||
documentation => 'Password policy: minimal special characters',
|
||||
},
|
||||
passwordPolicySpecialChar => {
|
||||
default => '! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
|
||||
default => '__ALL__',
|
||||
type => 'text',
|
||||
test => qr/^[\s\W_]*$/,
|
||||
test => qr/^(?:__ALL__|[\S\W]*)$/,
|
||||
documentation => 'Password policy: allowed special characters',
|
||||
},
|
||||
portalDisplayPasswordPolicy => {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
|
|
@ -17,7 +17,7 @@ use Lemonldap::NG::Portal::Main::Constants qw(
|
|||
|
||||
extends 'Lemonldap::NG::Portal::Main::Plugin';
|
||||
|
||||
our $VERSION = '2.0.8';
|
||||
our $VERSION = '2.0.10';
|
||||
|
||||
# INITIALIZATION
|
||||
|
||||
|
|
@ -65,7 +65,10 @@ sub _modifyPassword {
|
|||
unless ( $self->confirm( $req, $req->data->{oldpassword} ) );
|
||||
}
|
||||
|
||||
my $cpq = $self->checkPasswordQuality( $req->data->{newpassword} );
|
||||
my $cpq =
|
||||
$self->conf->{passwordPolicy}
|
||||
? $self->checkPasswordQuality( $req->data->{newpassword} )
|
||||
: PE_OK;
|
||||
return $cpq unless ( $cpq == PE_OK );
|
||||
|
||||
# Call password package
|
||||
|
|
@ -142,29 +145,38 @@ sub checkPasswordQuality {
|
|||
}
|
||||
}
|
||||
|
||||
## Special characters policy
|
||||
### Special characters policy
|
||||
my $speChars = $self->conf->{passwordPolicySpecialChar};
|
||||
$speChars =~ s/\s+//g;
|
||||
|
||||
# Min special characters
|
||||
## Min special characters
|
||||
# Just number of special characters must be checked
|
||||
if ( $self->conf->{passwordPolicyMinSpeChar} && $speChars eq '__ALL__' ) {
|
||||
my $spe = $password =~ s/\w//g;
|
||||
if ( $spe < $self->conf->{passwordPolicyMinSpeChar} ) {
|
||||
$self->logger->error("Password has not enough special characters");
|
||||
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
|
||||
}
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
# Number of special characters must be checked
|
||||
if ( $self->conf->{passwordPolicyMinSpeChar} && $speChars ) {
|
||||
my $spe = 0;
|
||||
my $test = $password;
|
||||
$spe = $test =~ s/[\Q$speChars\E]//g;
|
||||
my $spe = $test =~ s/[\Q$speChars\E]//g;
|
||||
if ( $spe < $self->conf->{passwordPolicyMinSpeChar} ) {
|
||||
$self->logger->error("Password has not enough special characters");
|
||||
return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
|
||||
}
|
||||
}
|
||||
|
||||
# Fobidden special characters
|
||||
## Fobidden special characters
|
||||
$password =~ s/[\Q$speChars\E\w]//g;
|
||||
if ($password) {
|
||||
$self->logger->error( 'Password contains '
|
||||
. length($password)
|
||||
. " forbidden character(s): $password" );
|
||||
return
|
||||
length($password) > 1
|
||||
return length($password) > 1
|
||||
? PE_PP_NOT_ALLOWED_CHARACTERS
|
||||
: PE_PP_NOT_ALLOWED_CHARACTER;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,14 +13,15 @@ my $res;
|
|||
|
||||
my $client = LLNG::Manager::Test->new( {
|
||||
ini => {
|
||||
logLevel => 'error',
|
||||
passwordDB => 'Demo',
|
||||
portalRequireOldPassword => 1,
|
||||
passwordPolicyMinSize => 6,
|
||||
passwordPolicyMinLower => 3,
|
||||
passwordPolicyMinUpper => 3,
|
||||
passwordPolicyMinDigit => 1,
|
||||
passwordPolicyMinSpeChar => 2,
|
||||
logLevel => 'error',
|
||||
passwordDB => 'Demo',
|
||||
passwordPolicy => 1,
|
||||
portalRequireOldPassword => 1,
|
||||
passwordPolicyMinSize => 6,
|
||||
passwordPolicyMinLower => 3,
|
||||
passwordPolicyMinUpper => 3,
|
||||
passwordPolicyMinDigit => 1,
|
||||
passwordPolicyMinSpeChar => 2,
|
||||
passwordPolicySpecialChar => ' [ } \ ',
|
||||
portalDisplayPasswordPolicy => 1
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user