From: Moritz Bunkus <m.bunkus@linet-services.de>
Date: Tue, 18 Jan 2011 15:37:17 +0000 (+0100)
Subject: Überprüfung der Passwortrichtlinie, wenn die Administratorin eine Benutzerin ändert
X-Git-Tag: release-2.6.3~61^2~7^2~1^2~14
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=4099d0e8f2d10fecac8bdccb82c900cb7059ab98;p=kivitendo-erp.git

Überprüfung der Passwortrichtlinie, wenn die Administratorin eine Benutzerin ändert
---

diff --git a/SL/Auth/PasswordPolicy.pm b/SL/Auth/PasswordPolicy.pm
index 866e49c1e..dd7e8e9c1 100644
--- a/SL/Auth/PasswordPolicy.pm
+++ b/SL/Auth/PasswordPolicy.pm
@@ -19,10 +19,11 @@ use Rose::Object::MakeMethods::Generic
 );
 
 sub verify {
-  my ($self, $password) = @_;
+  my ($self, $password, $is_admin) = @_;
 
   my $cfg = $self->config;
   return OK() unless $cfg && %{ $cfg };
+  return OK() if $is_admin && $cfg->{disable_policy_for_admin};
 
   my $result = OK();
   $result |= TOO_SHORT()            if $cfg->{min_length}                && (length($password) < $cfg->{min_length});
@@ -144,12 +145,16 @@ The password contains an invalid character.
 
 =over 4
 
-=item C<verify $password>
+=item C<verify $password, $is_admin>
 
 Checks whether or not the password matches the policy. Returns C<OK()>
 if it does and an error code otherwise (binary or'ed of the error
 constants).
 
+If C<$is_admin> is trueish and the configuration specifies that the
+policy checks are disabled for the administrator then C<verify> will
+always return C<OK()>.
+
 =item C<errors $code>
 
 Returns an array of human-readable strings describing the issues set
diff --git a/bin/mozilla/admin.pl b/bin/mozilla/admin.pl
index eac4d083e..eee799958 100755
--- a/bin/mozilla/admin.pl
+++ b/bin/mozilla/admin.pl
@@ -42,6 +42,7 @@ use POSIX qw(strftime);
 use Sys::Hostname;
 
 use SL::Auth;
+use SL::Auth::PasswordPolicy;
 use SL::Form;
 use SL::Iconv;
 use SL::Mailer;
@@ -520,12 +521,6 @@ sub save_user {
 
   $myconfig->save_member();
 
-  if ($main::auth->can_change_password()
-      && defined $form->{new_password}
-      && ($form->{new_password} ne '********')) {
-    $main::auth->change_password($form->{login}, $form->{new_password});
-  }
-
   $form->{templates}       =~ s|.*/||;
   $form->{templates}       =  "$main::templates/$form->{templates}";
   $form->{mastertemplates} =~ s|.*/||;
@@ -578,8 +573,20 @@ sub save_user {
     }
   }
 
-  $form->redirect($locale->text('User saved!'));
+  if ($main::auth->can_change_password()
+      && defined $form->{new_password}
+      && ($form->{new_password} ne '********')) {
+    my $verifier = SL::Auth::PasswordPolicy->new;
+    my $result   = $verifier->verify($form->{new_password}, 1);
+
+    if ($result != SL::Auth::PasswordPolicy->OK()) {
+      $form->error($::locale->text('The settings were saved, but the password was not changed.') . ' ' . join(' ', $verifier->errors($result)));
+    }
 
+    $main::auth->change_password($form->{login}, $form->{new_password});
+  }
+
+  $form->redirect($locale->text('User saved!'));
 }
 
 sub save_user_as_new {