Skip to content

Commit

Permalink
use password policy functions from ltb-common (#968)
Browse files Browse the repository at this point in the history
* use check_password_strength and checkEntropyJSON from ltb-common
* externalize ppolicy smarty assignments into a dedicated function
* use html, js and css ppolicy code from ltb-common
  • Loading branch information
David Coutadeur committed Sep 16, 2024
1 parent 7ae0b13 commit 2ca1b28
Show file tree
Hide file tree
Showing 15 changed files with 23 additions and 1,072 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -2,3 +2,6 @@
/htdocs/vendor/
composer.lock
tests/.phpunit.result.cache
htdocs/js/ppolicy.js
htdocs/css/ppolicy.css
templates/policy.tpl
7 changes: 5 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"require": {
"ltb-project/ltb-common": "dev-main",
"ltb-project/ltb-common": "dev-36-add-password-policy",
"bjeavons/zxcvbn-php": "^1.0",
"twbs/bootstrap": "v5.3.3",
"defuse/php-encryption": "2.4.0",
Expand All @@ -22,7 +22,10 @@
"rm -rf htdocs/vendor/font-awesome",
"cp -R vendor/fortawesome/font-awesome htdocs/vendor/font-awesome",
"rm -rf htdocs/vendor/font-awesome/js htdocs/vendor/font-awesome/js-packages htdocs/vendor/font-awesome/less htdocs/vendor/font-awesome/metadata htdocs/vendor/font-awesome/otfs htdocs/vendor/font-awesome/scss htdocs/vendor/font-awesome/sprites htdocs/vendor/font-awesome/svgs",
"rm -rf vendor/fortawesome/font-awesome"
"rm -rf vendor/fortawesome/font-awesome",
"cp -f vendor/ltb-project/ltb-common/src/ppolicy/html/policy.tpl templates/policy.tpl",
"cp -f vendor/ltb-project/ltb-common/src/ppolicy/js/ppolicy.js htdocs/js/ppolicy.js",
"cp -f vendor/ltb-project/ltb-common/src/ppolicy/css/ppolicy.css htdocs/css/ppolicy.css"
]
},
"require-dev": {
Expand Down
2 changes: 1 addition & 1 deletion htdocs/change.php
Original file line number Diff line number Diff line change
Expand Up @@ -159,7 +159,7 @@
# Check password strength
#==============================================================================
if ( !$result ) {
$result = check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
$result = \Ltb\Ppolicy::check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
}

#==============================================================================
Expand Down
2 changes: 1 addition & 1 deletion htdocs/changecustompwdfield.php
Original file line number Diff line number Diff line change
Expand Up @@ -217,7 +217,7 @@ function set_default_value(&$variable, $defaultValue)
# Check password strength
#==============================================================================
if ( !$result ) {
$result = check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
$result = \Ltb\Ppolicy::check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
}

#==============================================================================
Expand Down
66 changes: 7 additions & 59 deletions htdocs/checkentropy.php
Original file line number Diff line number Diff line change
@@ -1,67 +1,15 @@
<?php

/*
Pre-requisites: install zxcvbn library
Make sure to have this in composer.json:
"require": {
"bjeavons/zxcvbn-php": "^1.0"
}
and run: composer update
*/

require_once '../vendor/autoload.php';
use ZxcvbnPhp\Zxcvbn;


try{
$zxcvbn = new Zxcvbn();
error_log("Module Zxcvbn successfully loaded");
}
catch(Throwable $e){
error_log("Could not load Zxcvbn module: ".$e);
exit(1);
}

/* Check user password against zxcvbn library
Input : new user base64-encoded password
Output: JSON response: { "level" => int, "message" => "msg" } */

function checkEntropyJSON($password_base64)
{
$response_params = array();
$zxcvbn = new Zxcvbn();

if( ! isset($password_base64) || empty($password_base64))
{
error_log("checkEntropy: missing parameter password");
$response_params["level"] = -1;
$response_params["message"] = "missing parameter password";
print json_encode($response_params);
exit(1);
}

$p = base64_decode($password_base64);
// force encoding to utf8, as iso-8859-1 is not supported by zxcvbn
$password = mb_convert_encoding($p, 'UTF-8', 'ISO-8859-1');
error_log("checkEntropy: password taken from submitted form");

$entropy = $zxcvbn->passwordStrength("$password");

$response_params["level"] = strval($entropy["score"]);
$response_params["message"] = $entropy['feedback']['warning'] ? strval($entropy['feedback']['warning']) : "";

error_log("checkEntropy: level " . $response_params["level"] . " msg: " . $response_params["message"]);

print json_encode($response_params);
exit(0);
}

// new password sent in the url, base64 encoded
$newpass = htmlspecialchars($_POST["password"]);
checkEntropyJSON($newpass);
$entropy_response = \Ltb\Ppolicy::checkEntropyJSON($newpass);
if ($debug) {
error_log("checkEntropy: ".$entropy_response);
}

print $entropy_response;
exit(0);

?>
35 changes: 0 additions & 35 deletions htdocs/css/self-service-password.css
Original file line number Diff line number Diff line change
Expand Up @@ -65,38 +65,3 @@ textarea#sshkey {
}

}

/* password entropy customization*/
#entropybar>div {
width: 0%;
/* Adjust with JavaScript */
}

#entropybar>div.levelErr {
width: 0%;
}

#entropybar>div.level0 {
width: 20%;
}

#entropybar>div.level1 {
width: 40%;
}

#entropybar>div.level2 {
width: 60%;
}

#entropybar>div.level3 {
width: 80%;
}

#entropybar>div.level4 {
width: 100%;
}

.entropyHidden {
display: none;
}

55 changes: 2 additions & 53 deletions htdocs/index.php
Original file line number Diff line number Diff line change
Expand Up @@ -295,64 +295,13 @@
if (isset($login)) { $smarty->assign('login', $login); }
if (isset($token)) { $smarty->assign('token', $token); }
if (isset($use_captcha)) { $smarty->assign('use_captcha', $use_captcha); }
// TODO : Make it clean function show_policy - START
if (isset($pwd_show_policy_pos)) {
$smarty->assign('pwd_show_policy_pos', $pwd_show_policy_pos);
$smarty->assign('pwd_show_policy', $pwd_show_policy);
$smarty->assign('pwd_show_policy_onerror', true);
if ( $pwd_show_policy === "onerror" ) {
if ( !preg_match( "/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars|sameasold|notcomplex|sameaslogin|pwned|specialatends/" , $result) ) {
$smarty->assign('pwd_show_policy_onerror', false);
} else {
$smarty->assign('pwd_show_policy_onerror', true);
}
}
if (isset($pwd_min_length)) { $smarty->assign('pwd_min_length', $pwd_min_length); }
if (isset($pwd_max_length)) { $smarty->assign('pwd_max_length', $pwd_max_length); }
if (isset($pwd_min_lower)) { $smarty->assign('pwd_min_lower', $pwd_min_lower); }
if (isset($pwd_min_upper)) { $smarty->assign('pwd_min_upper', $pwd_min_upper); }
if (isset($pwd_min_digit)) { $smarty->assign('pwd_min_digit', $pwd_min_digit); }
if (isset($pwd_min_special)) { $smarty->assign('pwd_min_special', $pwd_min_special); }
if (isset($pwd_complexity)) { $smarty->assign('pwd_complexity', $pwd_complexity); }
if (isset($pwd_diff_last_min_chars)) { $smarty->assign('pwd_diff_last_min_chars', $pwd_diff_last_min_chars); }
if (isset($pwd_forbidden_chars)) { $smarty->assign('pwd_forbidden_chars', $pwd_forbidden_chars); }
if (isset($pwd_no_reuse)) { $smarty->assign('pwd_no_reuse', $pwd_no_reuse); }
if (isset($pwd_diff_login)) { $smarty->assign('pwd_diff_login', $pwd_diff_login); }
if (isset($pwd_display_entropy)) { $smarty->assign('pwd_display_entropy', $pwd_display_entropy); }
if (isset($pwd_check_entropy)) { $smarty->assign('pwd_check_entropy', $pwd_check_entropy); }
if (isset($pwd_min_entropy)) { $smarty->assign('pwd_min_entropy', $pwd_min_entropy); }
if (isset($use_pwnedpasswords)) { $smarty->assign('use_pwnedpasswords', $use_pwnedpasswords); }
if (isset($pwd_no_special_at_ends)) { $smarty->assign('pwd_no_special_at_ends', $pwd_no_special_at_ends); }

// send policy to a JSON object usable in javascript (window.policy.[parameter])
$smarty->assign('json_policy', base64_encode(json_encode(
array(
"pwd_min_length" => $pwd_min_length,
"pwd_max_length" => $pwd_max_length,
"pwd_min_lower" => $pwd_min_lower,
"pwd_min_upper" => $pwd_min_upper,
"pwd_min_digit" => $pwd_min_digit,
"pwd_min_special" => $pwd_min_special,
"pwd_complexity" => $pwd_complexity,
"pwd_diff_last_min_chars" => $pwd_diff_last_min_chars,
"pwd_forbidden_chars" => $pwd_forbidden_chars,
"pwd_no_reuse" => $pwd_no_reuse,
"pwd_diff_login" => $pwd_diff_login,
"pwd_display_entropy" => $pwd_display_entropy,
"pwd_check_entropy" => $pwd_check_entropy,
"pwd_min_entropy" => $pwd_min_entropy,
"use_pwnedpasswords" => $use_pwnedpasswords,
"pwd_no_special_at_ends" => $pwd_no_special_at_ends,
"pwd_special_chars" => $pwd_special_chars
)
)));
}

\Ltb\Ppolicy::smarty_assign_ppolicy($smarty, $pwd_show_policy_pos, $pwd_show_policy, $result, $pwd_policy_config);

if (isset($custompwdindex)) {
$smarty->assign('custompwdindex', $custompwdindex);
if (isset($change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage'])) { $smarty->assign('msg_passwordchangedextramessage', $change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage']); }
}
// TODO : Make it clean function show_policy - END
if (isset($smsdisplay)) { $smarty->assign('smsdisplay', $smsdisplay); }
// TODO : Make it clean $prehook_return/$posthook_return - START
if (isset($prehook_return)) {
Expand Down
Loading

0 comments on commit 2ca1b28

Please sign in to comment.