This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 5d01665016154d7aa2702d79fb05522ba9358f5b (commit)
via aecc54f81ef890ec1c16329ea1a2eff998463204 (commit)
via ac8f92471d86a7a341e58868dfec3bd929160b78 (commit)
via 99d92881e4cd852e2b65eafcb06b84032cd62f4b (commit)
via 57987dfc146412d662803652f344f7f530f5de55 (commit)
via 37b6b840df3ea4deca5ddb62cb5971937052a498 (commit)
from 46ff278ce60099cf680d927ecd36421b1c10c8ce (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=5d01665016154d7aa2702d79fb05522ba9358f5b
commit 5d01665016154d7aa2702d79fb05522ba9358f5b
Author: Franck Villaume <[email protected]>
Date: Tue Aug 16 19:16:38 2016 +0200
[#826] disable by default password strength
diff --git a/src/etc/config.ini.d/defaults.ini
b/src/etc/config.ini.d/defaults.ini
index eac35c1..d16da3e 100644
--- a/src/etc/config.ini.d/defaults.ini
+++ b/src/etc/config.ini.d/defaults.ini
@@ -92,6 +92,7 @@ forge_homepage_widget = no
use_quicknav_default = yes
use_home = yes
use_my = yes
+check_password_strength = no
scm_single_host = yes
system_user=fusionforge
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=aecc54f81ef890ec1c16329ea1a2eff998463204
commit aecc54f81ef890ec1c16329ea1a2eff998463204
Author: Franck Villaume <[email protected]>
Date: Tue Aug 16 19:07:39 2016 +0200
sync CHANGES
diff --git a/src/CHANGES b/src/CHANGES
index 5779333..254df27 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,6 @@
FusionForge 6.X:
* Accounts: minimum password length is now 8 (Sylvain Beucler)
+* Accounts: add minimal constraints to password (upper-case, lower-case,
non-alphanumeric check) [#826] (Inria)
* Docman: limit number of returned documents on search query. Use paging
system [#794] (TrivialDev)
* Docman: limit search using from & to dates [#798] (TrivialDev)
* Docman: use standard search engine: unify results between 'search in
project' & search in the docs tab (TrivialDev)
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=ac8f92471d86a7a341e58868dfec3bd929160b78
commit ac8f92471d86a7a341e58868dfec3bd929160b78
Author: Matthieu Imbert <[email protected]>
Date: Thu Aug 11 15:18:05 2016 +0200
document new password constraints to users
Signed-off-by: Franck Villaume <[email protected]>
diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index 0455517..5085848 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -73,8 +73,11 @@ if (getStringFromRequest('submit')) {
echo html_e('p', array(), _('Old
Password')._(':').utils_requiredField().
html_e('br').
html_e('label', array('for' => 'old_passwd'),
html_e('input',array('id' => 'old_passwd', 'type' => 'password', 'name' =>
'old_passwd', 'required'=> 'required'))));
- echo html_e('p', array(), _('New Password (at least 8
characters)')._(':').utils_requiredField().
+ echo html_e('p', array(), _('New
Password')._(':').utils_requiredField().
html_e('br').
+ html_e('em', array(),
+ _('Minimum 8 characters.').html_e('br').
+
(forge_get_config('check_password_strength') ? _('Must contain at least one
uppercase letter, one lowercase, one digit, one non-alphanumeric
character.').html_e('br') : '')).
html_e('label', array('for' => 'passwd'),
html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' =>
'passwd', 'required' => 'required', 'pattern' => '.{8,}'))));
echo html_e('p', array(), _('New Password
(repeat)')._(':').utils_requiredField().
html_e('br').
diff --git a/src/www/account/register.php b/src/www/account/register.php
index 6d933b0..75f5ea0 100644
--- a/src/www/account/register.php
+++ b/src/www/account/register.php
@@ -155,7 +155,15 @@ if (forge_get_config('require_unique_email')) {
</label>
</p>
<p>
-<?php echo _('Password (min. 8 chars)').utils_requiredField()._(':'); ?><br />
+<?php echo _('Password').utils_requiredField()._(':'); ?><br />
+<em>
+<?php printf(_('Minimum 8 characters.')); ?><br/>
+<?php
+if (forge_get_config('check_password_strength')) {
+ printf(_('Must contain at least one uppercase letter, one lowercase,
one digit, one non-alphanumeric character.').'<br/>');
+}
+?>
+</em>
<label for="password1">
<input id="password1" type="password" required="required"
name="password1"/>
</label>
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=99d92881e4cd852e2b65eafcb06b84032cd62f4b
commit 99d92881e4cd852e2b65eafcb06b84032cd62f4b
Author: Matthieu Imbert <[email protected]>
Date: Thu Aug 11 11:15:25 2016 +0200
update password change length constraint when changing password
Signed-off-by: Franck Villaume <[email protected]>
diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index b55fcbc..0455517 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -73,12 +73,12 @@ if (getStringFromRequest('submit')) {
echo html_e('p', array(), _('Old
Password')._(':').utils_requiredField().
html_e('br').
html_e('label', array('for' => 'old_passwd'),
html_e('input',array('id' => 'old_passwd', 'type' => 'password', 'name' =>
'old_passwd', 'required'=> 'required'))));
- echo html_e('p', array(), _('New Password (at least 6
characters)')._(':').utils_requiredField().
+ echo html_e('p', array(), _('New Password (at least 8
characters)')._(':').utils_requiredField().
html_e('br').
- html_e('label', array('for' => 'passwd'),
html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' =>
'passwd', 'required' => 'required', 'pattern' => '.{6,}'))));
+ html_e('label', array('for' => 'passwd'),
html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' =>
'passwd', 'required' => 'required', 'pattern' => '.{8,}'))));
echo html_e('p', array(), _('New Password
(repeat)')._(':').utils_requiredField().
html_e('br').
- html_e('label', array('for' => 'passwd2'),
html_e('input', array('id' => 'passwd2', 'type' => 'password', 'name' =>
'passwd2', 'required' => 'required', 'pattern' => '.{6,}'))));
+ html_e('label', array('for' => 'passwd2'),
html_e('input', array('id' => 'passwd2', 'type' => 'password', 'name' =>
'passwd2', 'required' => 'required', 'pattern' => '.{8,}'))));
echo html_e('p', array(), html_e('input', array('type' => 'submit',
'name' => 'submit', 'value' => _('Update password'))));
echo $HTML->closeForm();
echo $HTML->addRequiredFieldsInfoBox();
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=57987dfc146412d662803652f344f7f530f5de55
commit 57987dfc146412d662803652f344f7f530f5de55
Author: Matthieu Imbert <[email protected]>
Date: Thu Aug 11 11:11:47 2016 +0200
refactoring: remove redundant passwd length check when changing passwd
(already done in setPasswd)
Signed-off-by: Franck Villaume <[email protected]>
diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index 6b0408b..b55fcbc 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -51,11 +51,6 @@ if (getStringFromRequest('submit')) {
exit_error(_('Old password is incorrect'),'my');
}
- if (strlen($passwd)<6) {
- form_release_key(getStringFromRequest('form_key'));
- exit_error(_('You must supply valid password (at least 6
characters).'),'my');
- }
-
if ($passwd != $passwd2) {
form_release_key(getStringFromRequest('form_key'));
exit_error(_('New passwords do not match.'),'my');
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=37b6b840df3ea4deca5ddb62cb5971937052a498
commit 37b6b840df3ea4deca5ddb62cb5971937052a498
Author: Matthieu Imbert <[email protected]>
Date: Thu Aug 11 11:11:09 2016 +0200
add simple password constraints
Signed-off-by: Franck Villaume <[email protected]>
diff --git a/src/common/include/account.php b/src/common/include/account.php
index 593ffa0..01dd569 100644
--- a/src/common/include/account.php
+++ b/src/common/include/account.php
@@ -23,6 +23,33 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
+forge_define_config_item('check_password_strength', 'core', 'true');
+forge_set_config_item_bool('check_password_strength', 'core');
+
+/**
+ * pw_weak() - checks if password is weak
+ *
+ * @param string $pw the password
+ * @return false if password ok, string with description of problem if
password ko.
+ *
+ */
+function pw_weak($pw) {
+ // password ok if contains at least 1 uppercase letter, 1 lowercase, 1
digit and 1 non-alphanumeric
+ if (!preg_match('/[[:lower:]]/', $pw)) {
+ return _("Password must contain at least one lowercase
letter.");
+ }
+ if (!preg_match('/[[:upper:]]/', $pw)) {
+ return _("Password must contain at least one uppercase
letter.");
+ }
+ if (!preg_match('/[[:digit:]]/', $pw)) {
+ return _("Password must contain at least one digit.");
+ }
+ if (!preg_match('/[^[:alnum:]]/', $pw)) {
+ return _("Password must contain at least one non-alphanumeric
character.");
+ }
+ return false;
+}
+
/**
* account_pwvalid() - Validates a password
*
@@ -35,6 +62,12 @@ function account_pwvalid($pw) {
$GLOBALS['register_error'] = _('Password must be at least 8
characters.');
return 0;
}
+ if (forge_get_config('check_password_strength')) {
+ if ($msg = pw_weak($pw)) {
+ $GLOBALS['register_error'] = $msg;
+ return 0;
+ }
+ }
return 1;
}
-----------------------------------------------------------------------
Summary of changes:
src/CHANGES | 1 +
src/common/include/account.php | 33 +++++++++++++++++++++++++++++++++
src/etc/config.ini.d/defaults.ini | 1 +
src/www/account/change_pw.php | 14 ++++++--------
src/www/account/register.php | 10 +++++++++-
5 files changed, 50 insertions(+), 9 deletions(-)
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
