* Admin: fix bulk password reset to pick only passwords having required strength

This commit is contained in:
Ralf Becker 2017-01-27 14:27:58 +01:00
parent 6b2a8790ba
commit 7f8b81f45b
2 changed files with 36 additions and 10 deletions

View File

@ -115,7 +115,16 @@ class admin_passwordreset
//_debug_array($account); //break;
if ($content['random_pw'])
{
$password = Api\Auth::randomstring(8);
if (($minlength=$GLOBALS['egw_info']['server']['force_pwd_length']) < 8)
{
$minlength = 8;
}
$n = 0;
do {
$password = Api\Auth::randomstring($minlength,
$GLOBALS['egw_info']['server']['force_pwd_strength'] >= 4);
error_log(__METHOD__."() minlength=$minlength, n=$n, password=$password");
} while (++$n < 100 && Api\Auth::crackcheck($password, null, null, null, $account));
$old_password = null;
}
elseif ($change_pw && !preg_match('/^{plain}/i',$account['account_pwd']) &&
@ -129,11 +138,17 @@ class admin_passwordreset
$old_password = $password = preg_replace('/^{plain}/i','',$account['account_pwd']);
}
// change password, if requested
try {
if ($change_pw && !$GLOBALS['egw']->auth->change_password($old_password,$password,$account_id))
{
$msg .= lang('Failed to change password for account "%1"!',$account['account_lid'])."\n";
continue;
}
}
catch(Exception $e) {
$msg .= lang('Failed to change password for account "%1"!',$account['account_lid']).' '.$e->getMessage()."\n";
continue;
}
// force password change on next login
if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw))
{

View File

@ -45,6 +45,11 @@ class Auth
*/
private $backend;
/**
* Specialchars as considered by crackcheck method
*/
const SPECIALCHARS = '~!@#$%^&*_-+=`|\(){}[]:;"\'<>,.?/';
/**
* Constructor
*
@ -272,19 +277,25 @@ class Auth
*
* @param $size int-size of random string to return
*/
static function randomstring($size)
static function randomstring($size, $use_specialchars=false)
{
static $random_char = array(
$random_char = array(
'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f',
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L',
'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
);
// we need special chars
if ($use_specialchars)
{
$random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char);
}
$s = '';
for ($i=0; $i < $size; $i++)
{
$s .= $random_char[mt_rand(1,61)];
$s .= $random_char[mt_rand(0, count($random_char)-1)];
}
return $s;
}
@ -680,7 +691,7 @@ class Auth
{
$missing[] = lang('lowercase letters');
}
if (!preg_match('/['.preg_quote('~!@#$%^&*_-+=`|\(){}[]:;"\'<>,.?/', '/').']/', $passwd))
if (!preg_match('/['.preg_quote(self::SPECIALCHARS, '/').']/', $passwd))
{
$missing[] = lang('special characters');
}