[LON-CAPA-cvs] cvs: loncom / LONCAPA.pm /enrollment Enrollment.pm /interface createaccount.pm domainprefs.pm loncommon.pm lonuserutils.pm /lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Sat Aug 24 22:43:34 EDT 2019
raeburn Sun Aug 25 02:43:34 2019 EDT
Modified files:
/loncom/interface domainprefs.pm createaccount.pm loncommon.pm
lonuserutils.pm
/loncom/enrollment Enrollment.pm
/loncom/lonnet/perl lonnet.pm
/loncom LONCAPA.pm
Log:
- Domain Configuration for passwords for internally-authenticated users.
- Default minimum password length of 7 set in a single location.
- Value for min length set in domain's configuration may not be less than
the default.
- javascript function: warnIntPass() warns aboit invalid values for
min and max length, expiration time, and number saved for domain
config for passwords.
-------------- next part --------------
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.364 loncom/interface/domainprefs.pm:1.365
--- loncom/interface/domainprefs.pm:1.364 Tue Jul 23 01:30:35 2019
+++ loncom/interface/domainprefs.pm Sun Aug 25 02:42:55 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.364 2019/07/23 01:30:35 raeburn Exp $
+# $Id: domainprefs.pm,v 1.365 2019/08/25 02:42:55 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -6256,6 +6256,7 @@
}
} elsif ($position eq 'lower') {
my ($min,$max,%chars,$expire,$numsaved);
+ $min = $Apache::lonnet::passwdmin;
if (ref($settings) eq 'HASH') {
if ($settings->{min}) {
$min = $settings->{min};
@@ -6272,8 +6273,6 @@
if ($settings->{numsaved}) {
$numsaved = $settings->{numsaved};
}
- } else {
- $min = '7';
}
my %rulenames = &Apache::lonlocal::texthash(
uc => 'At least one upper case letter',
@@ -6284,14 +6283,16 @@
$css_class = $itemcount%2?' class="LC_odd_row"':'';
$datatable .= '<tr'.$css_class.'><td>'.$titles{'min'}.'</td>'.
'<td class="LC_left_item"><span class="LC_nobreak">'.
- '<input type="text" name="passwords_min" value="'.$min.'" size="3" />'.
- '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no minimum)').'</span>'.
+ '<input type="text" name="passwords_min" value="'.$min.'" size="3" '.
+ 'onblur="javascript:warnIntPass(this);" />'.
+ '<span class="LC_fontsize_small"> '.&mt('(Enter an integer: 7 or larger)').'</span>'.
'</span></td></tr>';
$itemcount ++;
$css_class = $itemcount%2?' class="LC_odd_row"':'';
$datatable .= '<tr'.$css_class.'><td>'.$titles{'max'}.'</td>'.
'<td class="LC_left_item"><span class="LC_nobreak">'.
- '<input type="text" name="passwords_max" value="'.$max.'" size="3" />'.
+ '<input type="text" name="passwords_max" value="'.$max.'" size="3" '.
+ 'onblur="javascript:warnIntPass(this);" />'.
'<span class="LC_fontsize_small"> '.&mt('(Leave blank for no maximum)').'</span>'.
'</span></td></tr>';
$itemcount ++;
@@ -6331,7 +6332,8 @@
$css_class = $itemcount%2?' class="LC_odd_row"':'';
$datatable .= '<tr'.$css_class.'><td>'.$titles{'expire'}.'</td>'.
'<td class="LC_left_item"><span class="LC_nobreak">'.
- '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" />'.
+ '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" '.
+ 'onblur="javascript:warnIntPass(this);" />'.
'<span class="LC_fontsize_small"> '.&mt('(Leave blank for no expiration)').'</span>'.
'</span></td></tr>';
$itemcount ++;
@@ -9295,16 +9297,22 @@
}
sub passwords_javascript {
- my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
- my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
- &js_escape(\$intauthcheck);
- &js_escape(\$intauthcost);
+ my %intalert = &Apache::lonlocal::texthash (
+ authcheck => 'Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.',
+ authcost => 'Warning: bcrypt encryption cost for internal authentication must be an integer.',
+ passmin => 'Warning: minimum password length must be a positive integer greater than 6.',
+ passmax => 'Warning: maximum password length must be a positive integer (or blank).',
+ passexp => 'Warning: days before password expiration must be a positive integer (or blank).',
+ passnum => 'Warning: number of previous passwords to save must be a positive integer (or blank).',
+ );
+ &js_escape(\%intalert);
+ my $defmin = $Apache::lonnet::passwdmin;
my $intauthjs = <<"ENDSCRIPT";
function warnIntAuth(field) {
if (field.name == 'intauth_check') {
if (field.value == '2') {
- alert('$intauthcheck');
+ alert('$intalert{authcheck}');
}
}
if (field.name == 'intauth_cost') {
@@ -9312,7 +9320,60 @@
if (field.value != '') {
var regexdigit=/^\\d+\$/;
if (!regexdigit.test(field.value)) {
- alert('$intauthcost');
+ alert('$intalert{authcost}');
+ }
+ }
+ }
+ return;
+}
+
+function warnIntPass(field) {
+ field.value.replace(/^\s+/,'');
+ field.value.replace(/\s+\$/,'');
+ var regexdigit=/^\\d+\$/;
+ if (field.name == 'passwords_min') {
+ if (field.value == '') {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ } else {
+ if (!regexdigit.test(field.value)) {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ }
+ var minval = parseFloat(field.value,10);
+ if (minval < $defmin) {
+ alert('$intalert{passmin}');
+ field.value = '$defmin';
+ }
+ }
+ } else {
+ if (field.value == '0') {
+ field.value = '';
+ }
+ if (field.value != '') {
+ if (field.name == 'passwords_expire') {
+ var regexpposnum=/^\\d+(|\\.\\d*)\$/;
+ if (!regexpposnum.test(field.value)) {
+ alert('$intalert{passexp}');
+ field.value = '';
+ } else {
+ var expval = parseFloat(field.value);
+ if (expval == 0) {
+ alert('$intalert{passexp}');
+ field.value = '';
+ }
+ }
+ } else {
+ if (!regexdigit.test(field.value)) {
+ if (field.name == 'passwords_max') {
+ alert('$intalert{passmax}');
+ } else {
+ if (field.name == 'passwords_numsaved') {
+ alert('$intalert{passnum}');
+ }
+ }
+ }
+ field.value = '';
}
}
}
@@ -14490,8 +14551,8 @@
'intauth_cost' => 10,
'intauth_check' => 0,
'intauth_switch' => 0,
- 'min' => 7,
);
+ $staticdefaults{'min'} = $Apache::lonnet::passwdmin;
foreach my $type (@oktypes) {
$staticdefaults{'resetpostlink'}{$type} = ['email','username'];
}
@@ -14672,10 +14733,18 @@
$env{'form.passwords_'.$rule} =~ s/^\s+|\s+$//g;
my $ruleok;
if ($rule eq 'expire') {
- if ($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) {
+ if (($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) &&
+ ($env{'form.passwords_'.$rule} ne '0')) {
$ruleok = 1;
}
- } elsif ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+ } elsif ($rule eq 'min') {
+ if ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+ if ($env{'form.passwords_'.$rule} >= $Apache::lonnet::passwdmin) {
+ $ruleok = 1;
+ }
+ }
+ } elsif (($env{'form.passwords_'.$rule} =~ /^\d+$/) &&
+ ($env{'form.passwords_'.$rule} ne '0')) {
$ruleok = 1;
}
if ($ruleok) {
@@ -14885,7 +14954,8 @@
if ($confighash{'passwords'}{$rule} eq '') {
if ($rule eq 'min') {
$resulttext .= '<li>'.&mt('[_1] not set.',$titles{$rule});
- ' '.&mt('Default of 7 will be used').'</li>';
+ ' '.&mt('Default of [_1] will be used',
+ $Apache::lonnet::passwdmin).'</li>';
} else {
$resulttext .= '<li>'.&mt('[_1] set to none',$titles{$rule}).'</li>';
}
Index: loncom/interface/createaccount.pm
diff -u loncom/interface/createaccount.pm:1.78 loncom/interface/createaccount.pm:1.79
--- loncom/interface/createaccount.pm:1.78 Sun May 5 23:19:47 2019
+++ loncom/interface/createaccount.pm Sun Aug 25 02:42:56 2019
@@ -4,7 +4,7 @@
# kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
# username may be processed automatically, or may be queued for approval.
#
-# $Id: createaccount.pm,v 1.78 2019/05/05 23:19:47 raeburn Exp $
+# $Id: createaccount.pm,v 1.79 2019/08/25 02:42:56 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -933,30 +933,30 @@
# Check if the password entered by the user satisfies domain's requirements
my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
my ($min,$max, at chars);
+ $min = $Apache::lonnet::passwdmin;
if (ref($passwdconf{'chars'}) eq 'ARRAY') {
if ($passwdconf{'min'} =~ /^\d+$/) {
- $min = $passwdconf{'min'};
+ if ($passwdconf{'min'} > $min) {
+ $min = $passwdconf{'min'};
+ }
}
if ($passwdconf{'max'} =~ /^\d+$/) {
$max = $passwdconf{'max'};
}
@chars = @{$passwdconf{'chars'}};
- } else {
- $min = 7;
}
- if (($min ne '') || ($max ne '') || (@chars > 0)) {
- my ($plainpass,$encpass);
- my $encpass = $env{'form.upass'};
- if ($encpass eq '') {
- $msg = &mt('Password retrieved was blank.').
- '<br /><p>'.&mt('[_1]Return[_2] to the previous page to try again.',
- '<a href="javascript:document.retryemail.submit();">','</a>');
- $earlyout = 1;
- } else {
+ my $encpass = $env{'form.upass'};
+ if ($encpass eq '') {
+ $msg = &mt('Password retrieved was blank.').
+ '<br /><p>'.&mt('[_1]Return[_2] to the previous page to try again.',
+ '<a href="javascript:document.retryemail.submit();">','</a>');
+ $earlyout = 1;
+ } else {
# Split the logtoken to retrieve the DES key and decrypt the encypted password
- my ($key,$caller)=split(/&/,$tmpinfo);
- if ($caller eq 'createaccount') {
- $plainpass = &Apache::loncommon::des_decrypt($key,$encpass);
+ my ($key,$caller)=split(/&/,$tmpinfo);
+ if ($caller eq 'createaccount') {
+ my $plainpass = &Apache::loncommon::des_decrypt($key,$encpass);
+ if (($min > 0) || ($max ne '') || (@chars > 0)) {
my $warning = &Apache::loncommon::check_passwd_rules($domain,$plainpass);
if ($warning) {
$msg = $warning.
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1332 loncom/interface/loncommon.pm:1.1333
--- loncom/interface/loncommon.pm:1.1332 Sat May 11 21:34:01 2019
+++ loncom/interface/loncommon.pm Sun Aug 25 02:42:56 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common routines
#
-# $Id: loncommon.pm,v 1.1332 2019/05/11 21:34:01 raeburn Exp $
+# $Id: loncommon.pm,v 1.1333 2019/08/25 02:42:56 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3571,16 +3571,17 @@
my ($domain,$plainpass) = @_;
my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
my ($min,$max, at chars, at brokerule,$warning);
+ $min = $Apache::lonnet::passwdmin;
if (ref($passwdconf{'chars'}) eq 'ARRAY') {
if ($passwdconf{'min'} =~ /^\d+$/) {
- $min = $passwdconf{'min'};
+ if ($passwdconf{'min'} > $min) {
+ $min = $passwdconf{'min'};
+ }
}
if ($passwdconf{'max'} =~ /^\d+$/) {
$max = $passwdconf{'max'};
}
@chars = @{$passwdconf{'chars'}};
- } else {
- $min = 7;
}
if (($min) && (length($plainpass) < $min)) {
push(@brokerule,'min');
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.201 loncom/interface/lonuserutils.pm:1.202
--- loncom/interface/lonuserutils.pm:1.201 Tue Jul 23 13:58:53 2019
+++ loncom/interface/lonuserutils.pm Sun Aug 25 02:42:56 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.201 2019/07/23 13:58:53 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.202 2019/08/25 02:42:56 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -656,9 +656,14 @@
my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
my ($min,$max, at chars,$numrules,$intargjs,%alert);
$numrules = 0;
+ $min = $Apache::lonnet::passwdmin;
if (ref($passwdconf{'chars'}) eq 'ARRAY') {
if ($passwdconf{'min'} =~ /^\d+$/) {
- $min = $passwdconf{'min'};
+ if ($passwdconf{'min'} > $min) {
+ $min = $passwdconf{'min'};
+ $numrules ++;
+ }
+ } else {
$numrules ++;
}
if ($passwdconf{'max'} =~ /^\d+$/) {
@@ -670,10 +675,9 @@
$numrules ++;
}
} else {
- $min = 7;
$numrules ++;
}
- if (($min ne '') || ($max ne '') || (@chars > 0)) {
+ if (($min > 0) || ($max ne '') || (@chars > 0)) {
my $alertmsg = &mt('Initial password did not satisfy requirement(s):').'\n\n';
if ($min) {
$alert{'min'} = &mt('minimum [quant,_1,character]',$min).'\n';
@@ -4387,7 +4391,7 @@
if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) {
$genpwd=$env{'form.intarg'};
@genpwdfail =
- &Apache::loncommon::check_passwd_rules($domain,$genpwd);
+ &Apache::loncommon::check_passwd_rules($domain,$genpwd);
}
} elsif ($env{'form.login'} eq 'loc') {
$amode='localauth';
Index: loncom/enrollment/Enrollment.pm
diff -u loncom/enrollment/Enrollment.pm:1.53 loncom/enrollment/Enrollment.pm:1.54
--- loncom/enrollment/Enrollment.pm:1.53 Tue May 14 13:39:18 2019
+++ loncom/enrollment/Enrollment.pm Sun Aug 25 02:43:09 2019
@@ -1,5 +1,5 @@
# Automated Enrollment manager
-# $Id: Enrollment.pm,v 1.53 2019/05/14 13:39:18 raeburn Exp $
+# $Id: Enrollment.pm,v 1.54 2019/08/25 02:43:09 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -955,9 +955,12 @@
my ($udom) = @_;
my %passwdconf = &Apache::lonnet::get_passwdconf($udom);
my ($min,$max, at chars);
+ $min = $Apache::lonnet::passwdmin;
if (ref($passwdconf{'chars'}) eq 'ARRAY') {
if ($passwdconf{'min'} =~ /^\d+$/) {
- $min = $passwdconf{'min'};
+ if ($passwdconf{'min'} > $min) {
+ $min = $passwdconf{'min'};
+ }
}
if ($passwdconf{'max'} =~ /^\d+$/) {
$max = $passwdconf{'max'};
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1415 loncom/lonnet/perl/lonnet.pm:1.1416
--- loncom/lonnet/perl/lonnet.pm:1.1415 Tue Aug 20 03:46:09 2019
+++ loncom/lonnet/perl/lonnet.pm Sun Aug 25 02:43:21 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1415 2019/08/20 03:46:09 raeburn Exp $
+# $Id: lonnet.pm,v 1.1416 2019/08/25 02:43:21 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -79,7 +79,7 @@
use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir $deftex
$_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease
- %managerstab);
+ %managerstab $passwdmin);
my (%badServerCache, $memcache, %courselogs, %accesshash, %domainrolehash,
%userrolehash, $processmarker, $dumpcount, %coursedombuf,
@@ -15003,6 +15003,11 @@
$deftex = LONCAPA::texengine();
}
+# ------------- set default minimum length for passwords for internal auth users
+{
+ $passwdmin = LONCAPA::passwd_min();
+}
+
$memcache=new Cache::Memcached({'servers' => ['127.0.0.1:11211'],
'compress_threshold'=> 20_000,
});
Index: loncom/LONCAPA.pm
diff -u loncom/LONCAPA.pm:1.35 loncom/LONCAPA.pm:1.36
--- loncom/LONCAPA.pm:1.35 Fri Feb 15 20:56:10 2019
+++ loncom/LONCAPA.pm Sun Aug 25 02:43:33 2019
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Base routines
#
-# $Id: LONCAPA.pm,v 1.35 2019/02/15 20:56:10 raeburn Exp $
+# $Id: LONCAPA.pm,v 1.36 2019/08/25 02:43:33 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -156,6 +156,13 @@
return $distro;
}
+# Return the default password length. Can be overridden in a domain
+# by specifying a larger value (integer) in the domain configuration.
+
+sub passwd_min {
+ return 7;
+}
+
#----------------------------------------------------------------------
#
# some of these subs need a bit of documentation
More information about the LON-CAPA-cvs
mailing list