[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Tue Sep 22 09:14:31 CEST 2020 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen <emmi.takkinen at outlook.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #109388|0                           |1
        is obsolete|                            |

--- Comment #11 from Emmi Takkinen <emmi.takkinen at outlook.com> ---
Created attachment 110526
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=110526&action=edit
Bug 12617: Koha should let admins to configure automatically generated password
complexity/difficulty

Adds simple password policy(with regards to complexity) management into
categories:
- Per category password policy: admins can configure what kind of passwords get
generated
in member-passwords. User-created passwords are also checked against the policy
if it is
defined and complexity is enforced for every user based on their set category.
- Predefined policies:
        - simplenumeric: the digits 0-9 allowed only
        - alphanumeric: passwords must contain only the digits 0-9 and
lowercase and uppercase characters.
        Special characters are not allowed.
        - complex: patrons are required to use complex passwords containing
numbers, uppercase and lowercase
        characters and special characters.
Old passwords for excisting patrons are not affected.

To test:
1. Apply this patch and update database.
2. Navigate to categories.pl and note there is new column 'Password policies'
has been added.
3. Edit some categories and set password policy for them.
4. Set some values to sysprefs 'minPasswordLength', 'minAlnumPasswordLength'
and
'minComplexPasswordLength'.

Staff interface:
1. Create new patron.
2. Set their password against their categorys policy and save.
3. Error message is displayed (with content depending on password policy).
4. Set acceptable password and save succesfully.
5. Repeat steps 2-3-4 on patron edit page.
6. Repeat steps 2-3-4 on 'Change password' page.

OPAC:
1. Enable 'OpacPasswordChange' and 'OpacResetPassword'.
2. On OPAC, repeat what you did on staff interface (on create, edit and 'Change
your password'.
3. Confirm errors are displayed correctly and saving works.
4. Log out and go to 'Forgotten password recovery' page.
5. Send and receive email for password recovery.
6. Set unacceptable password and save, confirm correct error is displayed.
7. Set acceptable password and save succesfully.

REST API:
1. With your preferred REST client (curl e.g) sent POST request to
/api/v1/patrons/{patron_id}/password
with 'password' and 'password_2' parameters.
2. Confirm correct error message is displayed when sending password against
password policy.
3. Confirm password is changed when acceptable password is send.

Also prove t/AuthUtils.t and t/db_dependent/api/v1/patrons_password.t

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.

More information about the Koha-bugs mailing list