* Admin: fix bulk password reset to pick only passwords having required strength

This commit is contained in:
Ralf Becker 2017-01-27 14:27:58 +01:00
parent 16c0fbe45c
commit c814960684
2 changed files with 36 additions and 10 deletions

View File

@ -115,7 +115,16 @@ class admin_passwordreset
//_debug_array($account); //break; //_debug_array($account); //break;
if ($content['random_pw']) if ($content['random_pw'])
{ {
$password = Api\Auth::randomstring(8); if (($minlength=$GLOBALS['egw_info']['server']['force_pwd_length']) < 8)
{
$minlength = 8;
}
$n = 0;
do {
$password = Api\Auth::randomstring($minlength,
$GLOBALS['egw_info']['server']['force_pwd_strength'] >= 4);
error_log(__METHOD__."() minlength=$minlength, n=$n, password=$password");
} while (++$n < 100 && Api\Auth::crackcheck($password, null, null, null, $account));
$old_password = null; $old_password = null;
} }
elseif ($change_pw && !preg_match('/^{plain}/i',$account['account_pwd']) && elseif ($change_pw && !preg_match('/^{plain}/i',$account['account_pwd']) &&
@ -129,11 +138,17 @@ class admin_passwordreset
$old_password = $password = preg_replace('/^{plain}/i','',$account['account_pwd']); $old_password = $password = preg_replace('/^{plain}/i','',$account['account_pwd']);
} }
// change password, if requested // change password, if requested
try {
if ($change_pw && !$GLOBALS['egw']->auth->change_password($old_password,$password,$account_id)) if ($change_pw && !$GLOBALS['egw']->auth->change_password($old_password,$password,$account_id))
{ {
$msg .= lang('Failed to change password for account "%1"!',$account['account_lid'])."\n"; $msg .= lang('Failed to change password for account "%1"!',$account['account_lid'])."\n";
continue; continue;
} }
}
catch(Exception $e) {
$msg .= lang('Failed to change password for account "%1"!',$account['account_lid']).' '.$e->getMessage()."\n";
continue;
}
// force password change on next login // force password change on next login
if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw)) if ((string)$content['mustchangepassword'] !== '' && !(!$content['mustchangepassword'] && $change_pw))
{ {

View File

@ -45,6 +45,11 @@ class Auth
*/ */
private $backend; private $backend;
/**
* Specialchars as considered by crackcheck method
*/
const SPECIALCHARS = '~!@#$%^&*_-+=`|\(){}[]:;"\'<>,.?/';
/** /**
* Constructor * Constructor
* *
@ -272,19 +277,25 @@ class Auth
* *
* @param $size int-size of random string to return * @param $size int-size of random string to return
*/ */
static function randomstring($size) static function randomstring($size, $use_specialchars=false)
{ {
static $random_char = array( $random_char = array(
'0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f', '0','1','2','3','4','5','6','7','8','9','a','b','c','d','e','f',
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v', 'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L', 'w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L',
'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z' 'M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z'
); );
// we need special chars
if ($use_specialchars)
{
$random_char = array_merge($random_char, str_split(str_replace('\\', '', self::SPECIALCHARS)), $random_char);
}
$s = ''; $s = '';
for ($i=0; $i < $size; $i++) for ($i=0; $i < $size; $i++)
{ {
$s .= $random_char[mt_rand(1,61)]; $s .= $random_char[mt_rand(0, count($random_char)-1)];
} }
return $s; return $s;
} }
@ -680,7 +691,7 @@ class Auth
{ {
$missing[] = lang('lowercase letters'); $missing[] = lang('lowercase letters');
} }
if (!preg_match('/['.preg_quote('~!@#$%^&*_-+=`|\(){}[]:;"\'<>,.?/', '/').']/', $passwd)) if (!preg_match('/['.preg_quote(self::SPECIALCHARS, '/').']/', $passwd))
{ {
$missing[] = lang('special characters'); $missing[] = lang('special characters');
} }