[Koha-bugs] [Bug 18298] Enforce password complexity

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Oct 13 21:57:06 CEST 2017


https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18298

Tomás Cohen Arazi <tomascohen at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #68098|0                           |1
        is obsolete|                            |

--- Comment #64 from Tomás Cohen Arazi <tomascohen at gmail.com> ---
Created attachment 68105
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=68105&action=edit
Bug 18298: Add server-side checks and refactor stuffs

Now that we have a check client-side, nothing prevents us from a smart guy to
bypass it and force an invalid password.
This patch adds two new subroutines to Koha::AuthUtils to check the
validity of passwords and generate a password server-side. It is used
only once (self-registration) but could be useful later.

Moreover the 3 different cases of password rejection (too leak, too
short, contains leading or trailing whitespaces) were not tested
everywhere. Now they are!

This patch makes things consistent everywhere and clean up some code.

Signed-off-by: Marc Véron <veron at veron.ch>
Signed-off-by: Tomas Cohen Arazi <tomascohen at theke.io>

-- 
You are receiving this mail because:
You are watching all bug changes.


More information about the Koha-bugs mailing list