tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-09-25 10:57:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix if no password policy is set in config.ini

Browse Source
This commit is contained in:
Jolien Trog 2025-08-28 12:58:40 +02:00
parent 371bda0d25
commit 0a8716830f
6 changed files with 57 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
application/forms/Account/ChangePasswordForm.php
View File

@ -25,13 +25,6 @@ class ChangePasswordForm extends Form
*/ */
protected $backend; protected $backend;
/**
* The password policy object
*
* @var PasswordPolicyHook
*/
protected ?PasswordPolicyHook $passwordPolicyObject = null;
/** /**
* {@inheritdoc} * {@inheritdoc}
*/ */
@ -45,15 +38,19 @@ class ChangePasswordForm extends Form
*/ */
public function createElements(array $formData) public function createElements(array $formData)
{ {
$passwordPolicyObject = null;
$passwordPolicy = Config::app()->get( $passwordPolicy = Config::app()->get(
'global', 'global',
'password_policy' 'password_policy'
); );
$this->passwordPolicyObject = new $passwordPolicy();
$passwordPolicyDescription = $this->passwordPolicyObject->displayPasswordPolicy();
if ($passwordPolicyDescription != '') { if(isset($passwordPolicy)){
$this->addDescription($passwordPolicyDescription); $passwordPolicyObject = new $passwordPolicy();
$passwordPolicyDescription = $passwordPolicyObject->getDescription();
if ($passwordPolicyDescription != '') {
$this->addDescription($passwordPolicyDescription);
}
} }
$this->addElement( $this->addElement(
@ -70,9 +67,8 @@ class ChangePasswordForm extends Form
array( array(
'label' => $this->translate('New Password'), 'label' => $this->translate('New Password'),
'required' => true, 'required' => true,
'validators' => 'validators' => $passwordPolicyObject !== null ?
$this->passwordPolicyObject !== null ? [new PasswordValidator($passwordPolicyObject)] : [],
[new PasswordValidator($this->passwordPolicyObject)] : [],
) )
); );
$this->addElement( $this->addElement(

17
application/forms/Config/User/UserForm.php
View File

@ -19,10 +19,18 @@ class UserForm extends RepositoryForm
*/ */
protected function createInsertElements(array $formData) protected function createInsertElements(array $formData)
{ {
$passwordPolicy = Config::app()->get('global', 'password_policy'); $passwordPolicyObject = null;
if (isset($passwordPolicy) && class_exists($passwordPolicy)) { $passwordPolicy = Config::app()->get(
'global',
'password_policy'
);
if (isset($passwordPolicy)) {
$passwordPolicyObject = new $passwordPolicy(); $passwordPolicyObject = new $passwordPolicy();
$this->addDescription($passwordPolicyObject->displayPasswordPolicy()); $passwordPolicyDescription = $passwordPolicyObject->getDescription();
if ($passwordPolicyDescription != '') {
$this->addDescription($passwordPolicyDescription);
}
} }
$this->addElement( $this->addElement(
@ -48,7 +56,8 @@ class UserForm extends RepositoryForm
array( array(
'required' => true, 'required' => true,
'label' => $this->translate('Password'), 'label' => $this->translate('Password'),
'validators' => array(new PasswordValidator()) 'validators' => $passwordPolicyObject !== null ?
[new PasswordValidator($passwordPolicyObject)] : [],
) )
); );

8
library/Icinga/Application/Hook/PasswordPolicyHook.php
View File

@ -12,19 +12,19 @@ interface PasswordPolicyHook
*/ */
public function getName(): string; public function getName(): string;
/** /**
* Displays the rules of the password policy for users * Displays the rules of the password policy for users
* *
* @return string * @return string
*/ */
public function displayPasswordPolicy(): string; public function getDescription(): string;
/** /**
* Validate a given password against the defined policy * Validate a given password against the defined policy
* *
* @param string $password * @param string $password
* @return string|null Returns null if the password is valid, * @return array Returns an empty array if the password is valid,
* otherwise returns an error message describing the violations * otherwise returns an error message describing the violations
*/ */
public function validatePassword(string $password): ?array; public function validatePassword(string $password): array;
} }

43
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
View File

@ -25,7 +25,7 @@ class DefaultPasswordPolicy implements PasswordPolicyHook
return 'Default'; return 'Default';
} }
public function displayPasswordPolicy(): string public function getDescription(): string
{ {
$message = $message =
$this->translate( $this->translate(
@ -35,49 +35,44 @@ class DefaultPasswordPolicy implements PasswordPolicyHook
return $message; return $message;
} }
public function validatePassword(string $password): ?array public function validatePassword(string $password): array
{ {
$violations = []; $violations = [];
if (strlen($password) < 12) { if (mb_strlen($password) < 12) {
$violations[] = $violations[] = $this->translate(
$this->translate( 'Password must be at least 12 characters long'
'Password must be at least 12 characters long' );
);
} }
if (! preg_match('/[0-9]/', $password)) { if (! preg_match('/[0-9]/', $password)) {
$violations[] = $violations[] = $this->translate(
$this->translate( 'Password must contain at least one number'
'Password must contain at least one number' );
);
} }
if (! preg_match('/[^a-zA-Z0-9]/', $password)) { if (! preg_match('/[^a-zA-Z0-9]/', $password)) {
$violations[] = $violations[] = $this->translate(
$this->translate( 'Password must contain at least one special character'
'Password must contain at least one special character' );
);
} }
if (! preg_match('/[A-Z]/', $password)) { if (! preg_match('/[A-Z]/', $password)) {
$violations[] = $violations[] = $this->translate(
$this->translate( 'Password must contain at least one uppercase letter'
'Password must contain at least one uppercase letter' );
);
} }
if (! preg_match('/[a-z]/', $password)) { if (! preg_match('/[a-z]/', $password)) {
$violations[] = $violations[] = $this->translate(
$this->translate( 'Password must contain at least one lowercase letter'
'Password must contain at least one lowercase letter' );
);
} }
if (! empty($violations)) { if (! empty($violations)) {
return $violations; return $violations;
} }
return null; return [];
} }
} }

6
library/Icinga/Application/ProvidedHook/NonePasswordPolicy.php
View File

@ -15,13 +15,13 @@ class NonePasswordPolicy implements PasswordPolicyHook
return 'None'; return 'None';
} }
public function displayPasswordPolicy(): string public function getDescription(): string
{ {
return ''; return '';
} }
public function validatePassword(string $password): ?array public function validatePassword(string $password): array
{ {
return null; return [];
} }
} }

10
library/Icinga/Authentication/PasswordValidator.php
View File

@ -35,11 +35,13 @@ class PasswordValidator extends Zend_Validate_Abstract
*/ */
public function isValid($value): bool public function isValid($value): bool
{ {
if ($this->passwordPolicyObject->validatePassword($value) === null) { $message = $this->passwordPolicyObject->validatePassword($value);
return true;
if (!empty($message)) {
$this->_messages = $message;
return false;
} }
$this->_messages = $this->passwordPolicyObject->validatePassword($value); return true;
return false;
} }
} }