[Fusionforge-commits] FusionForge branch master updated. 6.0.4-772-g5d01665

Franck Villaume nerville at libremir.placard.fr.eu.org
Tue Aug 16 19:17:24 CEST 2016


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".

The branch, master has been updated
       via  5d01665016154d7aa2702d79fb05522ba9358f5b (commit)
       via  aecc54f81ef890ec1c16329ea1a2eff998463204 (commit)
       via  ac8f92471d86a7a341e58868dfec3bd929160b78 (commit)
       via  99d92881e4cd852e2b65eafcb06b84032cd62f4b (commit)
       via  57987dfc146412d662803652f344f7f530f5de55 (commit)
       via  37b6b840df3ea4deca5ddb62cb5971937052a498 (commit)
      from  46ff278ce60099cf680d927ecd36421b1c10c8ce (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=5d01665016154d7aa2702d79fb05522ba9358f5b

commit 5d01665016154d7aa2702d79fb05522ba9358f5b
Author: Franck Villaume <franck.villaume at trivialdev.com>
Date:   Tue Aug 16 19:16:38 2016 +0200

    [#826] disable by default password strength

diff --git a/src/etc/config.ini.d/defaults.ini b/src/etc/config.ini.d/defaults.ini
index eac35c1..d16da3e 100644
--- a/src/etc/config.ini.d/defaults.ini
+++ b/src/etc/config.ini.d/defaults.ini
@@ -92,6 +92,7 @@ forge_homepage_widget = no
 use_quicknav_default = yes
 use_home = yes
 use_my = yes
+check_password_strength = no
 
 scm_single_host = yes
 system_user=fusionforge

https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=aecc54f81ef890ec1c16329ea1a2eff998463204

commit aecc54f81ef890ec1c16329ea1a2eff998463204
Author: Franck Villaume <franck.villaume at trivialdev.com>
Date:   Tue Aug 16 19:07:39 2016 +0200

    sync CHANGES

diff --git a/src/CHANGES b/src/CHANGES
index 5779333..254df27 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,6 @@
 FusionForge 6.X:
 * Accounts: minimum password length is now 8 (Sylvain Beucler)
+* Accounts: add minimal constraints to password (upper-case, lower-case, non-alphanumeric check) [#826] (Inria)
 * Docman: limit number of returned documents on search query. Use paging system [#794] (TrivialDev)
 * Docman: limit search using from & to dates [#798] (TrivialDev)
 * Docman: use standard search engine: unify results between 'search in project' & search in the docs tab (TrivialDev)

https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=ac8f92471d86a7a341e58868dfec3bd929160b78

commit ac8f92471d86a7a341e58868dfec3bd929160b78
Author: Matthieu Imbert <matthieu.imbert at inria.fr>
Date:   Thu Aug 11 15:18:05 2016 +0200

    document new password constraints to users
    
    Signed-off-by: Franck Villaume <franck.villaume at trivialdev.com>

diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index 0455517..5085848 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -73,8 +73,11 @@ if (getStringFromRequest('submit')) {
 	echo html_e('p', array(), _('Old Password')._(':').utils_requiredField().
 				html_e('br').
 				html_e('label', array('for' => 'old_passwd'), html_e('input',array('id' => 'old_passwd', 'type' => 'password', 'name' => 'old_passwd', 'required'=> 'required'))));
-	echo html_e('p', array(), _('New Password (at least 8 characters)')._(':').utils_requiredField().
+	echo html_e('p', array(), _('New Password')._(':').utils_requiredField().
 				html_e('br').
+				html_e('em', array(),
+					_('Minimum 8 characters.').html_e('br').
+					(forge_get_config('check_password_strength') ? _('Must contain at least one uppercase letter, one lowercase, one digit, one non-alphanumeric character.').html_e('br') : '')).
 				html_e('label', array('for' => 'passwd'), html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' => 'passwd', 'required' => 'required', 'pattern' => '.{8,}'))));
 	echo html_e('p', array(), _('New Password (repeat)')._(':').utils_requiredField().
 				html_e('br').
diff --git a/src/www/account/register.php b/src/www/account/register.php
index 6d933b0..75f5ea0 100644
--- a/src/www/account/register.php
+++ b/src/www/account/register.php
@@ -155,7 +155,15 @@ if (forge_get_config('require_unique_email')) {
     </label>
 </p>
 <p>
-<?php echo _('Password (min. 8 chars)').utils_requiredField()._(':'); ?><br />
+<?php echo _('Password').utils_requiredField()._(':'); ?><br />
+<em>
+<?php printf(_('Minimum 8 characters.')); ?><br/>
+<?php
+if (forge_get_config('check_password_strength')) {
+	printf(_('Must contain at least one uppercase letter, one lowercase, one digit, one non-alphanumeric character.').'<br/>');
+}
+?>
+</em>
     <label for="password1">
         <input id="password1" type="password" required="required" name="password1"/>
     </label>

https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=99d92881e4cd852e2b65eafcb06b84032cd62f4b

commit 99d92881e4cd852e2b65eafcb06b84032cd62f4b
Author: Matthieu Imbert <matthieu.imbert at inria.fr>
Date:   Thu Aug 11 11:15:25 2016 +0200

    update password change length constraint when changing password
    
    Signed-off-by: Franck Villaume <franck.villaume at trivialdev.com>

diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index b55fcbc..0455517 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -73,12 +73,12 @@ if (getStringFromRequest('submit')) {
 	echo html_e('p', array(), _('Old Password')._(':').utils_requiredField().
 				html_e('br').
 				html_e('label', array('for' => 'old_passwd'), html_e('input',array('id' => 'old_passwd', 'type' => 'password', 'name' => 'old_passwd', 'required'=> 'required'))));
-	echo html_e('p', array(), _('New Password (at least 6 characters)')._(':').utils_requiredField().
+	echo html_e('p', array(), _('New Password (at least 8 characters)')._(':').utils_requiredField().
 				html_e('br').
-				html_e('label', array('for' => 'passwd'), html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' => 'passwd', 'required' => 'required', 'pattern' => '.{6,}'))));
+				html_e('label', array('for' => 'passwd'), html_e('input', array('id' => 'passwd', 'type' => 'password', 'name' => 'passwd', 'required' => 'required', 'pattern' => '.{8,}'))));
 	echo html_e('p', array(), _('New Password (repeat)')._(':').utils_requiredField().
 				html_e('br').
-				html_e('label', array('for' => 'passwd2'), html_e('input', array('id' => 'passwd2', 'type' => 'password', 'name' => 'passwd2', 'required' => 'required', 'pattern' => '.{6,}'))));
+				html_e('label', array('for' => 'passwd2'), html_e('input', array('id' => 'passwd2', 'type' => 'password', 'name' => 'passwd2', 'required' => 'required', 'pattern' => '.{8,}'))));
 	echo html_e('p', array(), html_e('input', array('type' => 'submit', 'name' => 'submit', 'value' => _('Update password'))));
 	echo $HTML->closeForm();
 	echo $HTML->addRequiredFieldsInfoBox();

https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=57987dfc146412d662803652f344f7f530f5de55

commit 57987dfc146412d662803652f344f7f530f5de55
Author: Matthieu Imbert <matthieu.imbert at inria.fr>
Date:   Thu Aug 11 11:11:47 2016 +0200

    refactoring: remove redundant passwd length check when changing passwd (already done in setPasswd)
    
    Signed-off-by: Franck Villaume <franck.villaume at trivialdev.com>

diff --git a/src/www/account/change_pw.php b/src/www/account/change_pw.php
index 6b0408b..b55fcbc 100644
--- a/src/www/account/change_pw.php
+++ b/src/www/account/change_pw.php
@@ -51,11 +51,6 @@ if (getStringFromRequest('submit')) {
 		exit_error(_('Old password is incorrect'),'my');
 	}
 
-	if (strlen($passwd)<6) {
-		form_release_key(getStringFromRequest('form_key'));
-		exit_error(_('You must supply valid password (at least 6 characters).'),'my');
-	}
-
 	if ($passwd != $passwd2) {
 		form_release_key(getStringFromRequest('form_key'));
 		exit_error(_('New passwords do not match.'),'my');

https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=37b6b840df3ea4deca5ddb62cb5971937052a498

commit 37b6b840df3ea4deca5ddb62cb5971937052a498
Author: Matthieu Imbert <matthieu.imbert at inria.fr>
Date:   Thu Aug 11 11:11:09 2016 +0200

    add simple password constraints
    
    Signed-off-by: Franck Villaume <franck.villaume at trivialdev.com>

diff --git a/src/common/include/account.php b/src/common/include/account.php
index 593ffa0..01dd569 100644
--- a/src/common/include/account.php
+++ b/src/common/include/account.php
@@ -23,6 +23,33 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
+forge_define_config_item('check_password_strength', 'core', 'true');
+forge_set_config_item_bool('check_password_strength', 'core');
+
+/**
+ * pw_weak() - checks if password is weak
+ *
+ * @param	string	$pw	the password
+ * @return	false if password ok, string with description of problem if password ko.
+ *
+ */
+function pw_weak($pw) {
+	// password ok if contains at least 1 uppercase letter, 1 lowercase, 1 digit and 1 non-alphanumeric
+	if (!preg_match('/[[:lower:]]/', $pw)) {
+		return _("Password must contain at least one lowercase letter.");
+	}
+	if (!preg_match('/[[:upper:]]/', $pw)) {
+		return _("Password must contain at least one uppercase letter.");
+	}
+	if (!preg_match('/[[:digit:]]/', $pw)) {
+		return _("Password must contain at least one digit.");
+	}
+	if (!preg_match('/[^[:alnum:]]/', $pw)) {
+		return _("Password must contain at least one non-alphanumeric character.");
+	}
+	return false;
+}
+
 /**
  * account_pwvalid() - Validates a password
  *
@@ -35,6 +62,12 @@ function account_pwvalid($pw) {
 		$GLOBALS['register_error'] = _('Password must be at least 8 characters.');
 		return 0;
 	}
+	if (forge_get_config('check_password_strength')) {
+		if ($msg = pw_weak($pw)) {
+			$GLOBALS['register_error'] = $msg;
+			return 0;
+		}
+	}
 	return 1;
 }
 

-----------------------------------------------------------------------

Summary of changes:
 src/CHANGES                       |  1 +
 src/common/include/account.php    | 33 +++++++++++++++++++++++++++++++++
 src/etc/config.ini.d/defaults.ini |  1 +
 src/www/account/change_pw.php     | 14 ++++++--------
 src/www/account/register.php      | 10 +++++++++-
 5 files changed, 50 insertions(+), 9 deletions(-)


hooks/post-receive
-- 
FusionForge



More information about the Fusionforge-commits mailing list