X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=SL%2FAuth%2FPasswordPolicy.pm;h=5e0a9a42b09ba01b930793873cd42eda063d88de;hb=8084ef359515031ec8429b49baf0ab09858f55d2;hp=866e49c1ea2840bf161d36e02f6619663b7803d9;hpb=03c526b3b946d62f95ce78420552d62b39e03bed;p=kivitendo-erp.git diff --git a/SL/Auth/PasswordPolicy.pm b/SL/Auth/PasswordPolicy.pm index 866e49c1e..5e0a9a42b 100644 --- a/SL/Auth/PasswordPolicy.pm +++ b/SL/Auth/PasswordPolicy.pm @@ -4,14 +4,15 @@ use strict; use parent qw(Rose::Object); -use constant OK => 0; -use constant TOO_SHORT => 1; -use constant TOO_LONG => 2; -use constant MISSING_LOWERCASE => 4; -use constant MISSING_UPPERCASE => 8; -use constant MISSING_DIGIT => 16; -use constant MISSING_SPECIAL_CHAR => 32; -use constant INVALID_CHAR => 64; +use constant OK => 0; +use constant TOO_SHORT => 1; +use constant TOO_LONG => 2; +use constant MISSING_LOWERCASE => 4; +use constant MISSING_UPPERCASE => 8; +use constant MISSING_DIGIT => 16; +use constant MISSING_SPECIAL_CHAR => 32; +use constant INVALID_CHAR => 64; +use constant WEAK => 128; use Rose::Object::MakeMethods::Generic ( @@ -19,10 +20,11 @@ use Rose::Object::MakeMethods::Generic ); sub verify { - my ($self, $password) = @_; + my ($self, $password, $is_admin) = @_; my $cfg = $self->config; return OK() unless $cfg && %{ $cfg }; + return OK() if $is_admin && $cfg->{disable_policy_for_admin}; my $result = OK(); $result |= TOO_SHORT() if $cfg->{min_length} && (length($password) < $cfg->{min_length}); @@ -33,6 +35,11 @@ sub verify { $result |= MISSING_SPECIAL_CHAR() if $cfg->{require_special_character} && $password !~ $cfg->{special_characters_re}; $result |= INVALID_CHAR() if $cfg->{invalid_characters_re} && $password =~ $cfg->{invalid_characters_re}; + if ($cfg->{use_cracklib}) { + require Crypt::Cracklib; + $result |= WEAK() if !Crypt::Cracklib::check($password); + } + return $result; } @@ -46,6 +53,7 @@ sub errors { push @errors, $::locale->text('A lower-case character is required.') if $result & MISSING_LOWERCASE(); push @errors, $::locale->text('An upper-case character is required.') if $result & MISSING_UPPERCASE(); push @errors, $::locale->text('A digit is required.') if $result & MISSING_DIGIT(); + push @errors, $::locale->text('The password is weak (e.g. it can be found in a dictionary).') if $result & WEAK(); if ($result & MISSING_SPECIAL_CHAR()) { my $char_list = join ' ', sort split(m//, $self->config->{special_characters}); @@ -65,7 +73,7 @@ sub errors { sub init_config { my ($self) = @_; - my %cfg = %{ $::emmvee_conf{password_policy} || {} }; + my %cfg = %{ $::lx_office_conf{password_policy} || {} }; $cfg{valid_characters} =~ s/[ \n\r]//g if $cfg{valid_characters}; $cfg{invalid_characters} =~ s/[ \n\r]//g if $cfg{invalid_characters}; @@ -73,7 +81,6 @@ sub init_config { $cfg{invalid_characters_re} = '[' . quotemeta($cfg{invalid_characters}) . ']' if $cfg{invalid_characters}; $cfg{special_characters} = '!@#$%^&*()_+=[]{}<>\'"|\\,;.:?-'; $cfg{special_characters_re} = '[' . quotemeta($cfg{special_characters}) . ']'; - print $cfg{special_characters_re}, "\n"; map { $cfg{"require_${_}"} = $cfg{"require_${_}"} =~ m/^(?:1|true|t|yes|y)$/i } qw(lowercase uppercase digit special_char); @@ -144,12 +151,16 @@ The password contains an invalid character. =over 4 -=item C +=item C Checks whether or not the password matches the policy. Returns C if it does and an error code otherwise (binary or'ed of the error constants). +If C<$is_admin> is trueish and the configuration specifies that the +policy checks are disabled for the administrator then C will +always return C. + =item C Returns an array of human-readable strings describing the issues set