use parent qw(Rose::Object);
-use constant OK => 0;
-use constant TOO_SHORT => 1;
-use constant TOO_LONG => 2;
-use constant MISSING_LOWERCASE => 4;
-use constant MISSING_UPPERCASE => 8;
-use constant MISSING_DIGIT => 16;
-use constant MISSING_SPECIAL_CHAR => 32;
-use constant INVALID_CHAR => 64;
+use constant OK => 0;
+use constant TOO_SHORT => 1;
+use constant TOO_LONG => 2;
+use constant MISSING_LOWERCASE => 4;
+use constant MISSING_UPPERCASE => 8;
+use constant MISSING_DIGIT => 16;
+use constant MISSING_SPECIAL_CHAR => 32;
+use constant INVALID_CHAR => 64;
+use constant WEAK => 128;
use Rose::Object::MakeMethods::Generic
(
);
sub verify {
- my ($self, $password) = @_;
+ my ($self, $password, $is_admin) = @_;
my $cfg = $self->config;
return OK() unless $cfg && %{ $cfg };
+ return OK() if $is_admin && $cfg->{disable_policy_for_admin};
my $result = OK();
$result |= TOO_SHORT() if $cfg->{min_length} && (length($password) < $cfg->{min_length});
$result |= MISSING_SPECIAL_CHAR() if $cfg->{require_special_character} && $password !~ $cfg->{special_characters_re};
$result |= INVALID_CHAR() if $cfg->{invalid_characters_re} && $password =~ $cfg->{invalid_characters_re};
+ if ($cfg->{use_cracklib}) {
+ require Crypt::Cracklib;
+ $result |= WEAK() if !Crypt::Cracklib::check($password);
+ }
+
return $result;
}
push @errors, $::locale->text('A lower-case character is required.') if $result & MISSING_LOWERCASE();
push @errors, $::locale->text('An upper-case character is required.') if $result & MISSING_UPPERCASE();
push @errors, $::locale->text('A digit is required.') if $result & MISSING_DIGIT();
+ push @errors, $::locale->text('The password is weak (e.g. it can be found in a dictionary).') if $result & WEAK();
if ($result & MISSING_SPECIAL_CHAR()) {
my $char_list = join ' ', sort split(m//, $self->config->{special_characters});
sub init_config {
my ($self) = @_;
- my %cfg = %{ $::emmvee_conf{password_policy} || {} };
+ my %cfg = %{ $::lx_office_conf{password_policy} || {} };
$cfg{valid_characters} =~ s/[ \n\r]//g if $cfg{valid_characters};
$cfg{invalid_characters} =~ s/[ \n\r]//g if $cfg{invalid_characters};
$cfg{invalid_characters_re} = '[' . quotemeta($cfg{invalid_characters}) . ']' if $cfg{invalid_characters};
$cfg{special_characters} = '!@#$%^&*()_+=[]{}<>\'"|\\,;.:?-';
$cfg{special_characters_re} = '[' . quotemeta($cfg{special_characters}) . ']';
- print $cfg{special_characters_re}, "\n";
map { $cfg{"require_${_}"} = $cfg{"require_${_}"} =~ m/^(?:1|true|t|yes|y)$/i } qw(lowercase uppercase digit special_char);
=over 4
-=item C<verify $password>
+=item C<verify $password, $is_admin>
Checks whether or not the password matches the policy. Returns C<OK()>
if it does and an error code otherwise (binary or'ed of the error
constants).
+If C<$is_admin> is trueish and the configuration specifies that the
+policy checks are disabled for the administrator then C<verify> will
+always return C<OK()>.
+
=item C<errors $code>
Returns an array of human-readable strings describing the issues set