From f987caa5c26ecb1d06500454fe7cb6632bf7fc17 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Fri, 12 Aug 2016 13:46:30 +0200
Subject: [PATCH] * Admin: warn admin if passwords for new accounts / password
 reset lack in strength

---
 addressbook/js/app.js                 |  1 +
 admin/inc/class.admin_account.inc.php | 11 +++++++++++
 admin/lang/egw_de.lang                |  2 +-
 admin/lang/egw_en.lang                |  1 +
 admin/templates/default/account.xet   |  4 ++--
 5 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/addressbook/js/app.js b/addressbook/js/app.js
index 7f39efc086..ac6f1bdde9 100644
--- a/addressbook/js/app.js
+++ b/addressbook/js/app.js
@@ -900,6 +900,7 @@ app.classes.addressbook = AppJS.extend(
 			case 'account_lid':
 			case 'n_family':
 			case 'n_given':
+			case 'account_passwd':
 			case 'account_passwd_2':
 				var values = this.et2._inst.getValues(this.et2);
 				var data = {
diff --git a/admin/inc/class.admin_account.inc.php b/admin/inc/class.admin_account.inc.php
index b68cebffd8..4e825ed06f 100644
--- a/admin/inc/class.admin_account.inc.php
+++ b/admin/inc/class.admin_account.inc.php
@@ -265,6 +265,17 @@ class admin_account
 	 */
 	public static function ajax_check(array $data, $changed)
 	{
+		// for 1. password field just check password complexity
+		if ($changed == 'account_passwd')
+		{
+			$data['account_fullname'] = $data['account_firstname'].' '.$data['account_lastname'];
+			if (($error = Api\Auth::crackcheck($data['account_passwd'], null, null, null, $data)))
+			{
+				$error .= "\n\n".lang('If you ignore that error as admin, you should check "%1"!', lang('Must change password upon next login'));
+			}
+			Api\Json\Response::get()->data($error);
+			return;
+		}
 		// generate default email address, but only for new Api\Accounts
 		if (!$data['account_id'] && in_array($changed, array('n_given', 'n_family', 'account_lid')))
 		{
diff --git a/admin/lang/egw_de.lang b/admin/lang/egw_de.lang
index cd777042b5..657dd707ca 100644
--- a/admin/lang/egw_de.lang
+++ b/admin/lang/egw_de.lang
@@ -233,7 +233,6 @@ delete application	admin	de	Anwendung löschen
 delete category	admin	de	Kategorie löschen
 delete group	admin	de	Gruppe löschen
 delete identity	admin	de	Identität löschen
-delete including sub-enteries	admin	de	Löschen mit Unter-Kategorie(en)
 delete peer server	admin	de	Server von Serververbund löschen
 delete selected entries	admin	de	Ausgewählte Einträge löschen
 delete the category	admin	de	Kategorie löschen
@@ -443,6 +442,7 @@ if different from email address	admin	de	falls unterschiedlich zu E-Mail-Adresse
 if no acl records for user or any group the user is a member of	admin	de	Wenn es keinen ACL-Eintrag für einen Benutzer oder eine Gruppe, der er angehört, gibt
 if using ldap, do you want to manage homedirectory and loginshell attributes?	admin	de	Wenn Sie LDAP verwenden, möchten Sie Benutzerverzeichnisse und Kommandointerpreter verwalten ?
 if using ssl or tls, you must have the php openssl extension loaded.	admin	de	Wenn Sie SSL oder TLS benutzen, müssen Sie die openssl PHP Erweiterung geladen haben.
+if you ignore that error as admin, you should check "%1"!	admin	de	Falls Sie den Fehler als Administrator ignorieren, sollten Sie "%1" abhacken!
 if you specify port 5190 as sieve server port, you enforce ssl for sieve (server must support that)	admin	de	Wenn Sie als SIEVE Server Port 5190 eintragen, wird für die Kommunikation mit dem SIEVE-Server eine SSL-Verbindung verwendet (der Server muss das natürlich unterstützen)
 imap admin password	admin	de	IMAP Administrator Passwort
 imap admin user	admin	de	IMAP Administrator Benutzer
diff --git a/admin/lang/egw_en.lang b/admin/lang/egw_en.lang
index 8d72a718f1..91cf904c42 100644
--- a/admin/lang/egw_en.lang
+++ b/admin/lang/egw_en.lang
@@ -442,6 +442,7 @@ if different from email address	admin	en	if different from EMail address
 if no acl records for user or any group the user is a member of	admin	en	If no ACL records for user or any group the user is a member of
 if using ldap, do you want to manage homedirectory and loginshell attributes?	admin	en	If using LDAP, do you want to manage home directory and loginshell attributes?
 if using ssl or tls, you must have the php openssl extension loaded.	admin	en	If using SSL or TLS, you must have the PHP openssl extension loaded.
+if you ignore that error as admin, you should check "%1"!	admin	en	If you ignore that error as admin, you should check "%1"!
 if you specify port 5190 as sieve server port, you enforce ssl for sieve (server must support that)	admin	en	if you specify port 5190 as sieve server port, you enforce ssl for sieve (server must support that)
 imap admin password	admin	en	IMAP admin password
 imap admin user	admin	en	IMAP admin user
diff --git a/admin/templates/default/account.xet b/admin/templates/default/account.xet
index ed370123e2..f5bafee778 100644
--- a/admin/templates/default/account.xet
+++ b/admin/templates/default/account.xet
@@ -26,7 +26,7 @@
 				</row>
 				<row>
 					<description value="Password" for="account_passwd"/>
-					<passwd id="account_passwd" class="et2_fullWidth"/>
+					<passwd id="account_passwd" class="et2_fullWidth" onchange="app.addressbook.account_change"/>
 					<description/>
 					<description value="Re-enter password" for="account_passwd_2"/>
 					<passwd id="account_passwd_2" class="et2_fullWidth" onchange="app.addressbook.account_change"/>
@@ -74,7 +74,7 @@
 					<description value="Last password change"/>
 					<date-time id="account_lastpwd_change" readonly="true"/>
 					<description/>
-				</row> 
+				</row>
 			</rows>
 		</grid>
 	</template>