[LON-CAPA-cvs] cvs: loncom / LONCAPA.pm /enrollment Enrollment.pm /interface createaccount.pm domainprefs.pm loncommon.pm lonuserutils.pm /lonnet/perl lonnet.pm

raeburn raeburn at source.lon-capa.org
Sat Aug 24 22:43:34 EDT 2019


raeburn		Sun Aug 25 02:43:34 2019 EDT

  Modified files:              
    /loncom/interface	domainprefs.pm createaccount.pm loncommon.pm 
                     	lonuserutils.pm 
    /loncom/enrollment	Enrollment.pm 
    /loncom/lonnet/perl	lonnet.pm 
    /loncom	LONCAPA.pm 
  Log:
  - Domain Configuration for passwords for internally-authenticated users.
    - Default minimum password length of 7 set in a single location.
    - Value for min length set in domain's configuration may not be less than
      the default.
    - javascript function:  warnIntPass() warns aboit invalid values for
      min and max length, expiration time, and number saved for domain
      config for passwords.  
  
  
-------------- next part --------------
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.364 loncom/interface/domainprefs.pm:1.365
--- loncom/interface/domainprefs.pm:1.364	Tue Jul 23 01:30:35 2019
+++ loncom/interface/domainprefs.pm	Sun Aug 25 02:42:55 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler to set domain-wide configuration settings
 #
-# $Id: domainprefs.pm,v 1.364 2019/07/23 01:30:35 raeburn Exp $
+# $Id: domainprefs.pm,v 1.365 2019/08/25 02:42:55 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -6256,6 +6256,7 @@
         }
     } elsif ($position eq 'lower') {
         my ($min,$max,%chars,$expire,$numsaved);
+        $min = $Apache::lonnet::passwdmin;
         if (ref($settings) eq 'HASH') {
             if ($settings->{min}) {
                 $min = $settings->{min};
@@ -6272,8 +6273,6 @@
             if ($settings->{numsaved}) {
                 $numsaved = $settings->{numsaved};
             }
-        } else {
-            $min = '7';
         }
         my %rulenames = &Apache::lonlocal::texthash(
                                                      uc => 'At least one upper case letter',
@@ -6284,14 +6283,16 @@
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'min'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_min" value="'.$min.'" size="3" />'.
-                      '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no minimum)').'</span>'.
+                      '<input type="text" name="passwords_min" value="'.$min.'" size="3" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
+                      '<span class="LC_fontsize_small"> '.&mt('(Enter an integer: 7 or larger)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'max'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_max" value="'.$max.'" size="3" />'.
+                      '<input type="text" name="passwords_max" value="'.$max.'" size="3" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
                       '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no maximum)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
@@ -6331,7 +6332,8 @@
         $css_class = $itemcount%2?' class="LC_odd_row"':'';
         $datatable .= '<tr'.$css_class.'><td>'.$titles{'expire'}.'</td>'.
                       '<td class="LC_left_item"><span class="LC_nobreak">'.
-                      '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" />'.
+                      '<input type="text" name="passwords_expire" value="'.$expire.'" size="4" '.
+                      'onblur="javascript:warnIntPass(this);" />'.
                       '<span class="LC_fontsize_small"> '.&mt('(Leave blank for no expiration)').'</span>'.
                       '</span></td></tr>';
         $itemcount ++;
@@ -9295,16 +9297,22 @@
 }
 
 sub passwords_javascript {
-    my $intauthcheck = &mt('Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.');
-    my $intauthcost = &mt('Warning: bcrypt encryption cost for internal authentication must be an integer.');
-    &js_escape(\$intauthcheck);
-    &js_escape(\$intauthcost);
+    my %intalert = &Apache::lonlocal::texthash (
+        authcheck => 'Warning: disallowing login for an authenticated user if the stored cost is less than the default will require a password reset by/for the user.',
+        authcost => 'Warning: bcrypt encryption cost for internal authentication must be an integer.',
+        passmin => 'Warning: minimum password length must be a positive integer greater than 6.',
+        passmax => 'Warning: maximum password length must be a positive integer (or blank).',
+        passexp => 'Warning: days before password expiration must be a positive integer (or blank).',
+        passnum => 'Warning: number of previous passwords to save must be a positive integer (or blank).',
+    );
+    &js_escape(\%intalert);
+    my $defmin = $Apache::lonnet::passwdmin;
     my $intauthjs = <<"ENDSCRIPT";
 
 function warnIntAuth(field) {
     if (field.name == 'intauth_check') {
         if (field.value == '2') {
-            alert('$intauthcheck');
+            alert('$intalert{authcheck}');
         }
     }
     if (field.name == 'intauth_cost') {
@@ -9312,7 +9320,60 @@
         if (field.value != '') {
             var regexdigit=/^\\d+\$/;
             if (!regexdigit.test(field.value)) {
-                alert('$intauthcost');
+                alert('$intalert{authcost}');
+            }
+        }
+    }
+    return;
+}
+
+function warnIntPass(field) {
+    field.value.replace(/^\s+/,'');
+    field.value.replace(/\s+\$/,'');
+    var regexdigit=/^\\d+\$/;
+    if (field.name == 'passwords_min') {
+        if (field.value == '') {
+            alert('$intalert{passmin}');
+            field.value = '$defmin';
+        } else {
+            if (!regexdigit.test(field.value)) {
+                alert('$intalert{passmin}');
+                field.value = '$defmin';
+            }
+            var minval = parseFloat(field.value,10);
+            if (minval < $defmin) {
+                alert('$intalert{passmin}');
+                field.value = '$defmin';
+            }
+        }
+    } else {
+        if (field.value == '0') {
+            field.value = '';
+        }
+        if (field.value != '') {
+            if (field.name == 'passwords_expire') {
+                var regexpposnum=/^\\d+(|\\.\\d*)\$/; 
+                if (!regexpposnum.test(field.value)) {
+                    alert('$intalert{passexp}');
+                    field.value = '';
+                } else {
+                    var expval = parseFloat(field.value);
+                    if (expval == 0) {
+                        alert('$intalert{passexp}');
+                        field.value = '';
+                    }
+                }
+            } else {
+                if (!regexdigit.test(field.value)) {
+                    if (field.name == 'passwords_max') {
+                        alert('$intalert{passmax}');
+                    } else {
+                        if (field.name == 'passwords_numsaved') {
+                            alert('$intalert{passnum}');
+                        }
+                    }
+                }
+                field.value = '';
             }
         }
     }
@@ -14490,8 +14551,8 @@
         'intauth_cost'   => 10,
         'intauth_check'  => 0,
         'intauth_switch' => 0,
-        'min'            => 7,
     );
+    $staticdefaults{'min'} = $Apache::lonnet::passwdmin;
     foreach my $type (@oktypes) {
         $staticdefaults{'resetpostlink'}{$type} = ['email','username'];
     }
@@ -14672,10 +14733,18 @@
         $env{'form.passwords_'.$rule} =~ s/^\s+|\s+$//g;
         my $ruleok;
         if ($rule eq 'expire') {
-            if ($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) {
+            if (($env{'form.passwords_'.$rule} =~ /^\d+(|\.\d*)$/) &&
+                ($env{'form.passwords_'.$rule} ne '0')) {
                 $ruleok = 1;
             }
-        } elsif ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+        } elsif ($rule eq 'min') {
+            if ($env{'form.passwords_'.$rule} =~ /^\d+$/) {
+                if ($env{'form.passwords_'.$rule} >= $Apache::lonnet::passwdmin) {
+                    $ruleok = 1;
+                }
+            }
+        } elsif (($env{'form.passwords_'.$rule} =~ /^\d+$/) &&
+                 ($env{'form.passwords_'.$rule} ne '0')) {
             $ruleok = 1;
         }
         if ($ruleok) {
@@ -14885,7 +14954,8 @@
                             if ($confighash{'passwords'}{$rule} eq '') {
                                 if ($rule eq 'min') {
                                     $resulttext .= '<li>'.&mt('[_1] not set.',$titles{$rule});
-                                                   ' '.&mt('Default of 7 will be used').'</li>';
+                                                   ' '.&mt('Default of [_1] will be used',
+                                                           $Apache::lonnet::passwdmin).'</li>';
                                 } else {
                                     $resulttext .= '<li>'.&mt('[_1] set to none',$titles{$rule}).'</li>';
                                 }
Index: loncom/interface/createaccount.pm
diff -u loncom/interface/createaccount.pm:1.78 loncom/interface/createaccount.pm:1.79
--- loncom/interface/createaccount.pm:1.78	Sun May  5 23:19:47 2019
+++ loncom/interface/createaccount.pm	Sun Aug 25 02:42:56 2019
@@ -4,7 +4,7 @@
 # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as
 # username may be processed automatically, or may be queued for approval.
 #
-# $Id: createaccount.pm,v 1.78 2019/05/05 23:19:47 raeburn Exp $
+# $Id: createaccount.pm,v 1.79 2019/08/25 02:42:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -933,30 +933,30 @@
 # Check if the password entered by the user satisfies domain's requirements
         my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
         my ($min,$max, at chars);
+        $min = $Apache::lonnet::passwdmin;
         if (ref($passwdconf{'chars'}) eq 'ARRAY') {
             if ($passwdconf{'min'} =~ /^\d+$/) {
-                $min = $passwdconf{'min'};
+                if ($passwdconf{'min'} > $min) {
+                    $min = $passwdconf{'min'};
+                }
             }
             if ($passwdconf{'max'} =~ /^\d+$/) {
                 $max = $passwdconf{'max'};
             }
             @chars = @{$passwdconf{'chars'}};
-        } else {
-            $min = 7;
         }
-        if (($min ne '') || ($max ne '') || (@chars > 0)) {
-            my ($plainpass,$encpass);
-            my $encpass = $env{'form.upass'};
-            if ($encpass eq '') {
-                $msg = &mt('Password retrieved was blank.').
-                       '<br /><p>'.&mt('[_1]Return[_2] to the previous page to try again.',
-                                       '<a href="javascript:document.retryemail.submit();">','</a>');
-                $earlyout = 1;
-            } else {
+        my $encpass = $env{'form.upass'};
+        if ($encpass eq '') {
+            $msg = &mt('Password retrieved was blank.').
+                   '<br /><p>'.&mt('[_1]Return[_2] to the previous page to try again.',
+                                   '<a href="javascript:document.retryemail.submit();">','</a>');
+            $earlyout = 1;
+        } else {
 # Split the logtoken to retrieve the DES key and decrypt the encypted password
-                my ($key,$caller)=split(/&/,$tmpinfo);
-                if ($caller eq 'createaccount') {
-                    $plainpass = &Apache::loncommon::des_decrypt($key,$encpass);
+            my ($key,$caller)=split(/&/,$tmpinfo);
+            if ($caller eq 'createaccount') {
+                my $plainpass = &Apache::loncommon::des_decrypt($key,$encpass);
+                if (($min > 0) || ($max ne '') || (@chars > 0)) {
                     my $warning = &Apache::loncommon::check_passwd_rules($domain,$plainpass);
                     if ($warning) {
                         $msg = $warning.
Index: loncom/interface/loncommon.pm
diff -u loncom/interface/loncommon.pm:1.1332 loncom/interface/loncommon.pm:1.1333
--- loncom/interface/loncommon.pm:1.1332	Sat May 11 21:34:01 2019
+++ loncom/interface/loncommon.pm	Sun Aug 25 02:42:56 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common routines
 #
-# $Id: loncommon.pm,v 1.1332 2019/05/11 21:34:01 raeburn Exp $
+# $Id: loncommon.pm,v 1.1333 2019/08/25 02:42:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -3571,16 +3571,17 @@
     my ($domain,$plainpass) = @_;
     my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
     my ($min,$max, at chars, at brokerule,$warning);
+    $min = $Apache::lonnet::passwdmin;
     if (ref($passwdconf{'chars'}) eq 'ARRAY') {
         if ($passwdconf{'min'} =~ /^\d+$/) {
-            $min = $passwdconf{'min'};
+            if ($passwdconf{'min'} > $min) {
+                $min = $passwdconf{'min'};
+            }
         }
         if ($passwdconf{'max'} =~ /^\d+$/) {
             $max = $passwdconf{'max'};
         }
         @chars = @{$passwdconf{'chars'}};
-    } else {
-        $min = 7;
     }
     if (($min) && (length($plainpass) < $min)) {
         push(@brokerule,'min');
Index: loncom/interface/lonuserutils.pm
diff -u loncom/interface/lonuserutils.pm:1.201 loncom/interface/lonuserutils.pm:1.202
--- loncom/interface/lonuserutils.pm:1.201	Tue Jul 23 13:58:53 2019
+++ loncom/interface/lonuserutils.pm	Sun Aug 25 02:42:56 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Utility functions for managing LON-CAPA user accounts
 #
-# $Id: lonuserutils.pm,v 1.201 2019/07/23 13:58:53 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.202 2019/08/25 02:42:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -656,9 +656,14 @@
     my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
     my ($min,$max, at chars,$numrules,$intargjs,%alert);
     $numrules = 0;
+    $min = $Apache::lonnet::passwdmin;
     if (ref($passwdconf{'chars'}) eq 'ARRAY') {
         if ($passwdconf{'min'} =~ /^\d+$/) {
-            $min = $passwdconf{'min'};
+            if ($passwdconf{'min'} > $min) {
+                $min = $passwdconf{'min'};
+                $numrules ++;
+            }
+        } else {
             $numrules ++;
         }
         if ($passwdconf{'max'} =~ /^\d+$/) {
@@ -670,10 +675,9 @@
             $numrules ++;
         }
     } else {
-        $min = 7;
         $numrules ++;
     }
-    if (($min ne '') || ($max ne '') || (@chars > 0)) {
+    if (($min > 0) || ($max ne '') || (@chars > 0)) {
         my $alertmsg = &mt('Initial password did not satisfy requirement(s):').'\n\n';
         if ($min) {
             $alert{'min'} = &mt('minimum [quant,_1,character]',$min).'\n';
@@ -4387,7 +4391,7 @@
         if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) {
             $genpwd=$env{'form.intarg'};
             @genpwdfail =
-                &Apache::loncommon::check_passwd_rules($domain,$genpwd); 
+                &Apache::loncommon::check_passwd_rules($domain,$genpwd);
         }
     } elsif ($env{'form.login'} eq 'loc') {
         $amode='localauth';
Index: loncom/enrollment/Enrollment.pm
diff -u loncom/enrollment/Enrollment.pm:1.53 loncom/enrollment/Enrollment.pm:1.54
--- loncom/enrollment/Enrollment.pm:1.53	Tue May 14 13:39:18 2019
+++ loncom/enrollment/Enrollment.pm	Sun Aug 25 02:43:09 2019
@@ -1,5 +1,5 @@
 # Automated Enrollment manager
-# $Id: Enrollment.pm,v 1.53 2019/05/14 13:39:18 raeburn Exp $
+# $Id: Enrollment.pm,v 1.54 2019/08/25 02:43:09 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -955,9 +955,12 @@
     my ($udom) = @_;
     my %passwdconf = &Apache::lonnet::get_passwdconf($udom);
     my ($min,$max, at chars);
+    $min = $Apache::lonnet::passwdmin;
     if (ref($passwdconf{'chars'}) eq 'ARRAY') {
         if ($passwdconf{'min'} =~ /^\d+$/) {
-            $min = $passwdconf{'min'};
+            if ($passwdconf{'min'} > $min) {
+                $min = $passwdconf{'min'};
+            }
         }
         if ($passwdconf{'max'} =~ /^\d+$/) {
             $max = $passwdconf{'max'};
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1415 loncom/lonnet/perl/lonnet.pm:1.1416
--- loncom/lonnet/perl/lonnet.pm:1.1415	Tue Aug 20 03:46:09 2019
+++ loncom/lonnet/perl/lonnet.pm	Sun Aug 25 02:43:21 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1415 2019/08/20 03:46:09 raeburn Exp $
+# $Id: lonnet.pm,v 1.1416 2019/08/25 02:43:21 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -79,7 +79,7 @@
 
 use vars qw(%perlvar %spareid %pr %prp $memcache %packagetab $tmpdir $deftex
             $_64bit %env %protocol %loncaparevs %serverhomeIDs %needsrelease
-            %managerstab);
+            %managerstab $passwdmin);
 
 my (%badServerCache, $memcache, %courselogs, %accesshash, %domainrolehash,
     %userrolehash, $processmarker, $dumpcount, %coursedombuf,
@@ -15003,6 +15003,11 @@
     $deftex = LONCAPA::texengine();
 }
 
+# ------------- set default minimum length for passwords for internal auth users
+{
+    $passwdmin = LONCAPA::passwd_min();
+}
+
 $memcache=new Cache::Memcached({'servers'           => ['127.0.0.1:11211'],
 				'compress_threshold'=> 20_000,
  			        });
Index: loncom/LONCAPA.pm
diff -u loncom/LONCAPA.pm:1.35 loncom/LONCAPA.pm:1.36
--- loncom/LONCAPA.pm:1.35	Fri Feb 15 20:56:10 2019
+++ loncom/LONCAPA.pm	Sun Aug 25 02:43:33 2019
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Base routines
 #
-# $Id: LONCAPA.pm,v 1.35 2019/02/15 20:56:10 raeburn Exp $
+# $Id: LONCAPA.pm,v 1.36 2019/08/25 02:43:33 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -156,6 +156,13 @@
     return $distro;
 }
 
+# Return the default password length. Can be overridden in a domain
+# by specifying a larger value (integer) in the domain configuration.
+
+sub passwd_min {
+    return 7;
+}
+
 #----------------------------------------------------------------------
 #
 #  some of these subs need a bit of documentation


More information about the LON-CAPA-cvs mailing list