https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617
Emmi Takkinen <emmi.takki...@outlook.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #110526|0 |1 is obsolete| | --- Comment #28 from Emmi Takkinen <emmi.takki...@outlook.com> --- Created attachment 111297 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=111297&action=edit Bug 12617: Koha should let admins to configure automatically generated password complexity/difficulty Adds simple password policy(with regards to complexity) management into categories: - Per category password policy: admins can configure what kind of passwords get generated in member-passwords. User-created passwords are also checked against the policy if it is defined and complexity is enforced for every user based on their set category. - Predefined policies: - simplenumeric: the digits 0-9 allowed only - alphanumeric: passwords must contain only the digits 0-9 and lowercase and uppercase characters. Special characters are not allowed. - complex: patrons are required to use complex passwords containing numbers, uppercase and lowercase characters and special characters. Old passwords for excisting patrons are not affected. To test: 1. Apply this patch and update database. 2. Navigate to categories.pl and note there is new column 'Password policies' has been added. 3. Edit some categories and set password policy for them. 4. Set some values to sysprefs 'minPasswordLength', 'minAlnumPasswordLength' and 'minComplexPasswordLength'. Staff interface: 1. Create new patron. 2. Set their password against their categorys policy and save. 3. Error message is displayed (with content depending on password policy). 4. Set acceptable password and save succesfully. 5. Repeat steps 2-3-4 on patron edit page. 6. Repeat steps 2-3-4 on 'Change password' page. OPAC: 1. Enable 'OpacPasswordChange' and 'OpacResetPassword'. 2. On OPAC, repeat what you did on staff interface (on create, edit and 'Change your password'. 3. Confirm errors are displayed correctly and saving works. 4. Log out and go to 'Forgotten password recovery' page. 5. Send and receive email for password recovery. 6. Set unacceptable password and save, confirm correct error is displayed. 7. Set acceptable password and save succesfully. REST API: 1. With your preferred REST client (curl e.g) sent POST request to /api/v1/patrons/{patron_id}/password with 'password' and 'password_2' parameters. 2. Confirm correct error message is displayed when sending password against password policy. 3. Confirm password is changed when acceptable password is send. Also prove t/AuthUtils.t and t/db_dependent/api/v1/patrons_password.t Sponsored-by: Koha-Suomi Oy -- You are receiving this mail because: You are watching all bug changes. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/