Commit 64f0a1ef authored by Côme Bernigaud's avatar Côme Bernigaud Committed by Benoit Mortier
Browse files

Fixes #3397 Applying ppolicy by hand

parent 18fa2c99
......@@ -301,16 +301,10 @@ class userManagement extends management
}
// Check posted passwords now.
$message = array();
if ($new_password != $repeated_password) {
$message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
} elseif ($new_password == "") {
$message[] = msgPool::required(_("New password"));
}
// Display errors
if (count($message) != 0) {
msg_dialog::displayChecks($message);
$problem = password::reportPasswordProblems($this->dn, $new_password, $repeated_password);
if ($problem) {
// Display errors
msg_dialog::displayChecks(array($problem));
return $smarty->fetch(get_template_path('password.tpl', TRUE));
}
......
......@@ -96,32 +96,13 @@ class password extends plugin
$repeated_password = $_POST['repeated_password'];
}
/* Should we check different characters in new password */
$check_differ = ($this->config->get_cfg_value("passwordMinDiffer") != "");
$differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
/* Enable length check ? */
$check_length = ($this->config->get_cfg_value("passwordMinLength") != "");
$length = $this->config->get_cfg_value("passwordMinLength", 0);
// Perform FusionDirectory password policy checks
$message = array();
if (empty($current_password)) {
$message[] = _("You need to specify your current password in order to proceed.");
} elseif ($new_password != $repeated_password) {
$message[] = _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
} elseif ($new_password == "") {
$message[] = _("The password you've entered as 'New password' is empty.");
} elseif ($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))) {
$message[] = _("The password used as new and current are too similar.");
} elseif ($check_length && (strlen($new_password) < $length)) {
$message[] = _("The password used as new is to short.");
} elseif (!passwordMethod::is_harmless($new_password)) {
$message[] = _("The password contains possibly problematic Unicode characters!");
}
/* Call external password quality hook ?*/
if (!count($message)) {
$problem = self::reportPasswordProblems($ui->dn, $new_password, $repeated_password, $current_password);
if ($problem) {
$message[] = $problem;
} else {
/* Call external password quality hook ?*/
$check_hook = $this->config->get_cfg_value("passwordHook") != "";
$hook = $this->config->get_cfg_value("passwordHook")." ".
escapeshellarg($ui->username)." ".escapeshellarg($new_password)." ".escapeshellarg($current_password);
......@@ -210,5 +191,65 @@ class password extends plugin
);
}
static function reportPasswordProblems ($user, $new_password, $repeated_password, $current_password = NULL)
{
global $config, $ui;
/* Should we check different characters in new password */
$check_differ = ($this->config->get_cfg_value("passwordMinDiffer") != "");
$differ = $this->config->get_cfg_value("passwordMinDiffer", 0);
if ($current_password === NULL) {
$check_differ = FALSE;
}
/* Enable length check ? */
$check_length = ($this->config->get_cfg_value("passwordMinLength") != "");
$length = $this->config->get_cfg_value("passwordMinLength", 0);
$ldap = $config->get_ldap_link();
$ldap->cat($user, array('pwdPolicySubentry', 'pwdHistory', 'pwdChangedTime'));
$attrs = $ldap->fetch();
if (isset($attrs['pwdPolicySubentry'])) {
$ldap->cat($attrs['pwdPolicySubentry'], array('pwdAllowUserChange', 'pwdMinLength', 'pwdMinAge', 'pwdSafeModify'));
$policy = $ldap->fetch();
if (isset($policy['pwdAllowUserChange']) && ($policy['pwdAllowUserChange'] == 'FALSE') && ($ui->dn == $user)) {
return _('You are not allowed to change your own password');
}
if (isset($policy['pwdMinLength'])) {
$check_length = TRUE;
$length = $policy['pwdMinLength'];
}
if (isset($policy['pwdMinAge']) && isset($attrs['pwdChangedTime'])) {
$date = DateTime::createFromFormat('YmdHis\Z', $attrs['pwdChangedTime'], new DateTimeZone('UTC'));
$now = new DateTime('now');
if ($now->getTimeStamp() < $date->getTimeStamp() + $policy['pwdMinAge']) {
return sprintf(_('You must wait %d seconds before changing your password again'), $policy['pwdMinAge'] - ($now->getTimeStamp() - $date->getTimeStamp()));
}
}
if (isset($policy['pwdSafeModify']) && ($policy['pwdSafeModify'] == 'FALSE')) {
if (empty($current_password)) {
$current_password = NULL;
}
} elseif (isset($attrs['pwdHistory'])) {
}
}
// Perform FusionDirectory password policy checks
if (($current_password !== NULL) && empty($current_password)) {
return _("You need to specify your current password in order to proceed.");
} elseif ($new_password != $repeated_password) {
return _("The passwords you've entered as 'New password' and 'Repeated new password' do not match.");
} elseif ($new_password == "") {
return msgPool::required(_("New password"));
} elseif ($check_differ && (substr($current_password, 0, $differ) == substr($new_password, 0, $differ))) {
return _("The password used as new and current are too similar.");
} elseif ($check_length && (strlen($new_password) < $length)) {
return _("The password used as new is to short.");
} elseif (!passwordMethod::is_harmless($new_password)) {
return _("The password contains possibly problematic Unicode characters!");
}
return FALSE;
}
}
?>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment