[#826] add simple constraints to passwords

Description

Summary:

Detailed description

Hello,

Currently, there is no validation mechanism for user passwords, except checking that they are at least 6 (branch 6.x) or 8 (branch master) characters long. This allows very weak passwords to be used, this can be a security issue.

We (inria) would like to add at least some basic password constraints.

Here's a patch adding simple password validation which ensures that passwords contain at least one lower case letter, one upper case, one digit, and one non-alphanumeric char. This is checked both when creating an account or when changing an account's password.

Related info strings and error messages for users are also added, using the localization mechanisms.

There's additionally, a few refactoring / fixes of password validation code.

Also, as this may cause some problems for particular fusionforge instances, there's a boolean config option checkpasswordstrength to deactivate this validation. By default, the password constraints are enabled.

cheers !

General Information
Submitted by:
Matthieu Imbert
Date Submitted: 2016-08-11 13:19
Last Modified by: Nobody
Last Modified: 2017-11-02 20:00
Date Closed: 2016-08-16 17:19
Permalink: https://fusionforge.org/tracker/a_follow.php/826
Actions
Monitor
Votes: 0/1 (0%)
Internal Fields
Data Type: Feature requests
Assigned to: Franck Villaume (nerville)
State: Closed
Priority: 3
Extra Fields
Resolution:
Accepted
Difficulty:
Simple
Target release:
6.1
Follow-up tabs
Message  ↓
Date: 2016-08-16 17:19
Sender: Franck Villaume

Hi,

I applied your patches. Thank you for this contribution.

Attachments:
Size Name Date By Download
2 KiB0001-add-simple-password-constraints.patch2016-08-11 13:19
Matthieu Imbert
0001-add-simple-password-constraints.patch
969 bytes0002-refactoring-remove-redundant-passwd-length-check-whe.patch2016-08-11 13:19
Matthieu Imbert
0002-refactoring-remove-redundant-passwd-length-check-whe.patch
2 KiB0003-update-password-change-length-constraint-when-changi.patch2016-08-11 13:19
Matthieu Imbert
0003-update-password-change-length-constraint-when-changi.patch
2 KiB0004-document-new-password-constraints-to-users.patch2016-08-11 13:19
Matthieu Imbert
0004-document-new-password-constraints-to-users.patch

No related commits.

Field Old Value Date By
close_dateNone2016-08-16 17:19
Franck Villaume
assigned_tonone2016-08-16 17:19
Franck Villaume
ResolutionNone2016-08-16 17:19
Franck Villaume
DifficultyNone2016-08-16 17:19
Franck Villaume
Target releaseNone2016-08-16 17:19
Franck Villaume
status_idOpen2016-08-16 17:19
Franck Villaume
File Added515: 0001-add-simple-password-constraints.patch2016-08-11 13:19
Matthieu Imbert
File Added516: 0002-refactoring-remove-redundant-passwd-length-check-whe.patch2016-08-11 13:19
Matthieu Imbert
File Added517: 0003-update-password-change-length-constraint-when-changi.patch2016-08-11 13:19
Matthieu Imbert
File Added518: 0004-document-new-password-constraints-to-users.patch2016-08-11 13:19
Matthieu Imbert

No relations found.