[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2023-09-19 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

   Assignee|emmi.takki...@koha-suomi.fi |koha-b...@lists.koha-commun
   ||ity.org

--- Comment #32 from Emmi Takkinen  ---
I'm unable to continue working with this. I'm setting assignee as default, so
someone interested/able to continue work here can adopt this.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2021-08-24 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #31 from Fridolin Somers  ---
Note that there is now a plugin hook :
Bug 22706

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-06 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #110528|0   |1
is obsolete||

--- Comment #30 from Emmi Takkinen  ---
Created attachment 111299
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=111299=edit
Bug 12617: Add new regex patterns to password_check.inc

This patch adds new regex patterns to follow into password_check.inc
files.

To test:
1. Create or find existing patron.
2. Set or edit invalid password for patron in OPAC and staff interfaces:
a) create and edit patron pages
b) 'Change password' pages
3. Confirm alert text next to input field is displayed and it follows
set passwordpolicy.

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-06 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #110527|0   |1
is obsolete||

--- Comment #29 from Emmi Takkinen  ---
Created attachment 111298
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=111298=edit
Bug 12617: DO NOT PUSH! Schema change

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-06 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #110526|0   |1
is obsolete||

--- Comment #28 from Emmi Takkinen  ---
Created attachment 111297
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=111297=edit
Bug 12617: Koha should let admins to configure automatically generated password
complexity/difficulty

Adds simple password policy(with regards to complexity) management into
categories:
- Per category password policy: admins can configure what kind of passwords get
generated
in member-passwords. User-created passwords are also checked against the policy
if it is
defined and complexity is enforced for every user based on their set category.
- Predefined policies:
- simplenumeric: the digits 0-9 allowed only
- alphanumeric: passwords must contain only the digits 0-9 and
lowercase and uppercase characters.
Special characters are not allowed.
- complex: patrons are required to use complex passwords containing
numbers, uppercase and lowercase
characters and special characters.
Old passwords for excisting patrons are not affected.

To test:
1. Apply this patch and update database.
2. Navigate to categories.pl and note there is new column 'Password policies'
has been added.
3. Edit some categories and set password policy for them.
4. Set some values to sysprefs 'minPasswordLength', 'minAlnumPasswordLength'
and
'minComplexPasswordLength'.

Staff interface:
1. Create new patron.
2. Set their password against their categorys policy and save.
3. Error message is displayed (with content depending on password policy).
4. Set acceptable password and save succesfully.
5. Repeat steps 2-3-4 on patron edit page.
6. Repeat steps 2-3-4 on 'Change password' page.

OPAC:
1. Enable 'OpacPasswordChange' and 'OpacResetPassword'.
2. On OPAC, repeat what you did on staff interface (on create, edit and 'Change
your password'.
3. Confirm errors are displayed correctly and saving works.
4. Log out and go to 'Forgotten password recovery' page.
5. Send and receive email for password recovery.
6. Set unacceptable password and save, confirm correct error is displayed.
7. Set acceptable password and save succesfully.

REST API:
1. With your preferred REST client (curl e.g) sent POST request to
/api/v1/patrons/{patron_id}/password
with 'password' and 'password_2' parameters.
2. Confirm correct error message is displayed when sending password against
password policy.
3. Confirm password is changed when acceptable password is send.

Also prove t/AuthUtils.t and t/db_dependent/api/v1/patrons_password.t

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-06 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #27 from Emmi Takkinen  ---
(In reply to David Cook from comment #26)
> Does Koha-Suomi Oy already have these patches running in Koha?
> 
> I'm going to mark as Failed QA, as I think the current password policies
> won't be workable for many Koha implementations.

Thanks David for looking into this! There's a lot to consider there... 

We've had the first patch running in Koha for a quite while now (not as it's
implemented here of course, this is a rebased patch against master). We run
version 17.05 and don't have password_check.inc so second patch applies to
current community master. 

I'm thinking of scraping those äöåÄÖÅ's from the first patch (and fixing that
spelling error in the second) for now. Then I'll add new patch with improved
regexs (that is if we need them). If someone has more opinions on this please
comment!

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-05 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

David Cook  changed:

   What|Removed |Added

 Status|Needs Signoff   |Failed QA

--- Comment #26 from David Cook  ---
Does Koha-Suomi Oy already have these patches running in Koha?

I'm going to mark as Failed QA, as I think the current password policies won't
be workable for many Koha implementations.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-10-05 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #25 from David Cook  ---
For what it's worth, I've tested Keycloak again and now my Chinese software
keyboard is working for inputting passwords.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #24 from David Cook  ---
One very last thing... 

Perl also has the Unicode::UCD module, which also allows us to interrogate the
properties of Unicode characters without using regular expressions. (This would
be more in the Java path I mentioned before.)

You can read more at https://perldoc.pl/perluniprops.

I reckon supporting Unicode for passwords isn't a bad thing. We support UTF-8
encoded characters throughout Koha, so may as well for the passwords, yes? 

It could also help users of Koha that use non-Latin alphabets, which would
improve Koha usability globally.

Final 2 cents ;).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #23 from David Cook  ---
I mention Keycloak as well, since Keycloak is actually an Angular app which
uses Java for its backend. 

When I set a password policy and try to set a password that doesn't match it, I
get a 400 error, so it's clearly sending the password to the backend for
validation. 

We may want to do the same thing here so that we can centralize the password
validation code in Perl (rather than trying to have equivalents in both Perl
and Javascript).

Note also that Perl has \p{} and \P{} constructs for matching Unicode
properties. For example, \p{Uppercase}, although of course you could just use
the [:upper:] POSIX construct instead.

That said, it turns out that Javascript (unsure of versions) does have support
for \p and \P in regular expressions as well..., so a person can do the
following to check if a character is uppercase:

function is_upper(value){
  return /\p{Uppercase}/u.test(value);
}

Likewise to detect a "letter":
function is_letter(value){
  return /\p{Letter}/u.test(value);
}
This matches alphabetic characters as well as Chinese characters it appears.
According to https://www.compart.com/en/unicode/U+6211, 我 is a member of the
"Other Letter" category. 

Take a look at https://www.regular-expressions.info/unicode.html for a full
list of Unicode categories. 

To get the equivalent of Java Character.isLetterOrDigit, we'd basically just
need a regular expression like the following (the difference being that the
following includes the Cased_Letter category too which is OK as it's already
covered by Lowercase_Letter and Uppercase_Letter):

(\p{Letter}|\p{Decimal_Digit_Number}). 

Going back to Javascript and browser compatibility:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions#Browser_compatibility

It looks like Unicode property escapes are supported in Javascript except
for... "Internet Explorer" and "Firefox for Android". There is also a note
about case folding for Edge, although I think that's for the pre-Chromium Edge. 

Anyway, again, just my 2 cents. It was interesting research/experiments, and
hopefully it is useful. If not for this patch then at least other parts of
Koha.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #22 from David Cook  ---
Apologies if people find this uninteresting.

Keycloak's LowerCasePasswordPolicyProvider.java file uses Java's
Character.isLowerCase() function...

Looking at OpenJDK 8...

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/file/dc4322602480/src/share/classes/java/lang/Character.java#l5451

That appears to use Unicode code points (as integers)...

With CharacterData, it does some bit math to use some generated character class
lookups it seems... 
https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/java/lang/CharacterData.java

It's a rabbit hole, but Java really does seem to be king when it comes to
working with character data...

Going back to Keycloak, SpecialCharsPasswordPolicyProvider.java seems to
indicate that anything that doesn't return true for Character.isLetterOrDigit
is a "special character". 

According to Java, "Not all letters have case. Many characters are letters but
are neither uppercase nor lowercase nor titlecase". Interesting. Apparently
that's in regards to the "Lo" "Other Letter" Unicode category
(https://www.compart.com/en/unicode/category/Lo) with Arabic being one of the
most obvious examples. 

And according to Java, "isLetter" is only uppercase letters, lowercase letters,
title case letters, modifier letters, and other letters with "modifier letters"
being the "Lm" category (https://www.compart.com/en/unicode/category/Lm). 

Java has an isIdeographic function for checking CJKV characters, but that seems
to rely on a generated code point lookup table (although I haven't fully
explored that path).

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #21 from David Cook  ---
The following is incomplete but could be useful for testing individual
characters (you'd just have to iterate through the password string). 

Tangentially, Chinese characters will pass both the "is_upper" and "is_lower"
case tests. In terms of pam_cracklib, it seems that Chinese characters would
give uppercase credits but not lowercase credits (since a character can only be
classed with 1 class). 

Unfortunately, special characters also pass the "is_upper" and "is_lower"
tests, so that algorithm isn't really good enough. THat said, C implementations
for isupper is super problematic too as they're ASCII based...
(https://git.musl-libc.org/cgit/musl/tree/include/ctype.h). 

But I guess that goes back to supporting ASCII-only passwords... 




function is_upper(value){
var is_upper = false;
if (value.toUpperCase() === value){
is_upper = true;
}
return is_upper;
}
function is_lower(value){
var is_lower = false;
if (value.toLowerCase() === value){
is_lower = true;
}
return is_lower;
}
function is_digit(value){
return /\d/.test(value);
}
alert(is_lower('?'));
/*
alert(is_digit('A'));
alert(is_digit('1'));
alert(is_lower('我'));
alert(is_lower('ä'));
alert(is_lower('Ä'));
*/




-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #20 from David Cook  ---
Ok because I'm insufferable...

The following passes:




var min_lenght = 3;
var regex_text =
"(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%\^&*(){}[\\]<>?/|\-]).{"+min_lenght+",}";
var pattern_regex = new RegExp(regex_text);
var output = pattern_regex.test("Aa1!");
alert(output);




The following fails:




var min_lenght = 3;
var regex_text =
"(?=.*\\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[!@#$%\^&*(){}[\\]<>?/|\-]).{"+min_lenght+",}";
var pattern_regex = new RegExp(regex_text);
var output = pattern_regex.test("Ää1!");
alert(output);




That's not good.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #19 from David Cook  ---
Comment on attachment 110528
  --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=110528
Bug 12617: Add new regex patterns to password_check.inc

Review of attachment 110528:
 --> 
(https://bugs.koha-community.org/bugzilla3/page.cgi?id=splinter.html=12617=110528)
-

::: koha-tmpl/opac-tmpl/bootstrap/en/includes/password_check.inc
@@ +13,5 @@
>  
>  if(category_selector && $('select'+category_selector).length) {
>  jQuery.validator.addMethod("password_strong", function(value, 
> element){
>  var require_strong = $('select'+category_selector+' 
> option:selected').data('pwdStrong');
>  var min_lenght = $('select'+category_selector+' 
> option:selected').data('pwdLength');

Btw this should be min_length, although it does look like you've used the
misspelled variable consistently...

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #18 from David Cook  ---
(In reply to Fridolin SOMERS from comment #16)
> > However Javascript doesn't seem to support POSIX
> Ah ok good point.
> 
> But why are öäåÄÖÅ not in :
>   if ( password_policy == 'complex' ){
> chars =
> '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}!
> @#$%^&*()_-+?';
> 
> In my opinion, for a heavy international software like Koha you may stick to
> [a-zA-Z] as the only alphabetic characters.
> 
> Or create lang-based policies complex-en, complex-fi ...

Based on my earlier comment, especially regarding Red Hat's Keycloak password
policies, I think that limiting to
'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}!@#$%^&*()_-+?'
might not be wise for a "complex" policy.

Look at pam_cracklib too which is used by massive international Linux providers
(https://linux.die.net/man/8/pam_cracklib and
https://github.com/linux-pam/linux-pam/blob/master/modules/pam_cracklib/pam_cracklib.c).
There complexity is determined by "minlen, maxclassrepeat, dcredit, ucredit,
lcredit, and ocredit". 

Looking at
https://github.com/linux-pam/linux-pam/blob/master/modules/pam_cracklib/pam_cracklib.c,
it looks like the ctype library includes functions for isupper, islower, 
isdigit, etc. "ocredit" for "other characters" is just whatever isn't a digit,
uppercase letter, or lowercase letter. The Javascript would be more verbose,
but it should be doable using a similar algorithm. 

Chinese is probably still an issue if your password policy has uppercase and
lowercase requirements, but that's probably why there are so many Chinese ASCII
passwords as per my previous post, but Latin characters with diacritics should
be fine using this kind of complexity.

But... that's just my 2 cents. I'm not the one writing this patch. I also
haven't extensively tested it, so maybe I'm missing the current point of the
conversaton.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #17 from David Cook  ---
(In reply to Fridolin SOMERS from comment #16)
> > However Javascript doesn't seem to support POSIX
> Ah ok good point.
> 
> But why are öäåÄÖÅ not in :
>   if ( password_policy == 'complex' ){
> chars =
> '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}!
> @#$%^&*()_-+?';
> 
> In my opinion, for a heavy international software like Koha you may stick to
> [a-zA-Z] as the only alphabetic characters.
> 
> Or create lang-based policies complex-en, complex-fi ...

I think the default with password managers tend to be printable ASCII
characters (ie: Upper-case, Lower-case, Digits, Special). That said, I have
seen "High ANSI characters" as an option...

But then I thought about Chinese password habits
(https://medium.com/@ye.sunnia/an-analysis-of-chinese-passwords-e49b97b91919 or
https://www.theverge.com/tldr/2019/3/5/18252150/bad-password-security-data-breach-taiwan-ji32k7au4a83-have-i-been-pwned),
which seem to fall into ASCII. 

I just spun up a Keycloak container (an Identity Provider created by Red Hat),
and I'm trying to reset my password (as a user) to a Chinese password in
Windows Chrome, but it seems to be preventing my software-based pinyin input
from working. It seems to be forcing my hardware keyboard. (Like if I type in
"wo", I see 2 masked characters appearing in the password field, rather than
being able to select the 1 我 character.)

That said, as a Keycloak admin, I was able to input a 我 character into the
user's password field. I wasn't able to manually enter it as a user, but if I
copied and pasted 我 into the password field as a user, it worked. 

Going back to the user view, I notice when I move from the username field to
the password field, my software keyboard changes modes from Chinese mode to
English mode. If manually change the mode... it doesn't seem to make a
difference. 

Here's some reading on Keycloak password policies:
https://www.keycloak.org/docs/latest/server_admin/#password-policy-types, which
might be useful.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #16 from Fridolin SOMERS  ---
> However Javascript doesn't seem to support POSIX
Ah ok good point.

But why are öäåÄÖÅ not in :
  if ( password_policy == 'complex' ){
chars =
'0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ|[]{}!@#$%^&*()_-+?';

In my opinion, for a heavy international software like Koha you may stick to
[a-zA-Z] as the only alphabetic characters.

Or create lang-based policies complex-en, complex-fi ...

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-29 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #15 from Emmi Takkinen  ---
(In reply to Fridolin SOMERS from comment #14)
> Hi, nice work.
> 
> Just a question :
> I see in first patch : $password =~ /[a-zA-ZöäåÖÄÅ]/
> I don't see the caracters öäå in patch on password_check.inc.
> 
> Should we use POSIX =character class like [:alnum:] ?
> https://www.regular-expressions.info/posixbrackets.html

With Perl we could yes. However Javascript doesn't seem to support POSIX.
[a-zäöå] and [A-ZÄÖÅ] seem to work. 

I guess we could also use POSIX in first patch and Unicode on
password_check.inc e.g \u00DF-\u00FF and allow characters like éëêẽ etc.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-25 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Fridolin SOMERS  changed:

   What|Removed |Added

 CC||fridolin.som...@biblibre.co
   ||m

--- Comment #14 from Fridolin SOMERS  ---
Hi, nice work.

Just a question :
I see in first patch : $password =~ /[a-zA-ZöäåÖÄÅ]/
I don't see the caracters öäå in patch on password_check.inc.

Should we use POSIX =character class like [:alnum:] ?
https://www.regular-expressions.info/posixbrackets.html

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-22 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Status|Patch doesn't apply |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-22 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #12 from Emmi Takkinen  ---
Created attachment 110527
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=110527=edit
Bug 12617: DO NOT PUSH! Schema change

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-22 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #109389|0   |1
is obsolete||

--- Comment #13 from Emmi Takkinen  ---
Created attachment 110528
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=110528=edit
Bug 12617: Add new regex patterns to password_check.inc

This patch adds new regex patterns to follow into password_check.inc
files.

To test:
1. Create or find existing patron.
2. Set or edit invalid password for patron in OPAC and staff interfaces:
a) create and edit patron pages
b) 'Change password' pages
3. Confirm alert text next to input field is displayed and it follows
set passwordpolicy.

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-22 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #109388|0   |1
is obsolete||

--- Comment #11 from Emmi Takkinen  ---
Created attachment 110526
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=110526=edit
Bug 12617: Koha should let admins to configure automatically generated password
complexity/difficulty

Adds simple password policy(with regards to complexity) management into
categories:
- Per category password policy: admins can configure what kind of passwords get
generated
in member-passwords. User-created passwords are also checked against the policy
if it is
defined and complexity is enforced for every user based on their set category.
- Predefined policies:
- simplenumeric: the digits 0-9 allowed only
- alphanumeric: passwords must contain only the digits 0-9 and
lowercase and uppercase characters.
Special characters are not allowed.
- complex: patrons are required to use complex passwords containing
numbers, uppercase and lowercase
characters and special characters.
Old passwords for excisting patrons are not affected.

To test:
1. Apply this patch and update database.
2. Navigate to categories.pl and note there is new column 'Password policies'
has been added.
3. Edit some categories and set password policy for them.
4. Set some values to sysprefs 'minPasswordLength', 'minAlnumPasswordLength'
and
'minComplexPasswordLength'.

Staff interface:
1. Create new patron.
2. Set their password against their categorys policy and save.
3. Error message is displayed (with content depending on password policy).
4. Set acceptable password and save succesfully.
5. Repeat steps 2-3-4 on patron edit page.
6. Repeat steps 2-3-4 on 'Change password' page.

OPAC:
1. Enable 'OpacPasswordChange' and 'OpacResetPassword'.
2. On OPAC, repeat what you did on staff interface (on create, edit and 'Change
your password'.
3. Confirm errors are displayed correctly and saving works.
4. Log out and go to 'Forgotten password recovery' page.
5. Send and receive email for password recovery.
6. Set unacceptable password and save, confirm correct error is displayed.
7. Set acceptable password and save succesfully.

REST API:
1. With your preferred REST client (curl e.g) sent POST request to
/api/v1/patrons/{patron_id}/password
with 'password' and 'password_2' parameters.
2. Confirm correct error message is displayed when sending password against
password policy.
3. Confirm password is changed when acceptable password is send.

Also prove t/AuthUtils.t and t/db_dependent/api/v1/patrons_password.t

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-10 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Joonas Kylmälä  changed:

   What|Removed |Added

 CC||joonas.kylm...@helsinki.fi
 Status|Needs Signoff   |Patch doesn't apply

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-01 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Status|ASSIGNED|Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-01 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #107383|0   |1
is obsolete||

--- Comment #10 from Emmi Takkinen  ---
Created attachment 109389
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109389=edit
Bug 12617: Add new regex patterns to password_check.inc

Rebased and reworked patch.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-09-01 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Attachment #107382|0   |1
is obsolete||
 Attachment #107384|0   |1
is obsolete||

--- Comment #9 from Emmi Takkinen  ---
Created attachment 109388
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=109388=edit
Bug 12617: Koha should let admins to configure automatically generated password
complexity/difficulty

Rebased and reworked patch against bug 23816. Changes made
'PasswordLengthsForCategories' syspref obsolete so patch for it is dropped.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-08-19 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Jonathan Druart  changed:

   What|Removed |Added

 Depends on||23816
 CC||jonathan.dru...@bugs.koha-c
   ||ommunity.org
   See Also|https://bugs.koha-community |
   |.org/bugzilla3/show_bug.cgi |
   |?id=23816   |
 Status|Needs Signoff   |ASSIGNED

--- Comment #8 from Jonathan Druart  
---
This is going to conflict with bug 23816, it needs to be rebuilt on top of it.


Referenced Bugs:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=23816
[Bug 23816] Allow to have different password strength and length settings for
different patron categories
-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-27 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #7 from Emmi Takkinen  ---
Created attachment 107384
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107384=edit
Bug 12617: Add syspref PasswordLengthsForCategories

Sometimes different patron categories using same password policy would
require different lengths in their passwords. In these cases having one
length per policy isn't always ideal.

This patch adds new syspref 'PasswordLengthsForCategories' to define
password lengths for different patron categories in YAML format and removes
use of 'minAlnumPasswordLength' and 'minComplexPasswordLength'. If category
has no rule set syspref 'minPasswordLength' is used.

To test:
1. Run updatedatabase.pl
2. Define some rules to 'PasswordLengthsForCategories' (e.g example provided)
3. Try setting and changing password in different pages (basically follow test
plans from previous patches).
4. Confirm error messages are displayed correctly.

Also prove t/AuthUtils.t.

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-27 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 Status|ASSIGNED|Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-27 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #6 from Emmi Takkinen  ---
Created attachment 107383
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107383=edit
Bug 12617: Add new regex patterns to password_check.inc

This patch adds new regex patterns to follow into password_check.inc
files.

To test:
1. Create or find existing patron.
2. Set or edit invalid password for patron in OPAC and staff interfaces:
a) create and edit patron pages
b) 'Change password' pages
3. Confirm alert text next to input field is displayed and it follows
set passwordpolicy.

Sponsored-by: Koha-Suomi Oy

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-27 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

  Attachment #37740|0   |1
is obsolete||

--- Comment #5 from Emmi Takkinen  ---
Created attachment 107382
  -->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=107382=edit
Bug 12617: Koha should let admins to configure automatically generated password
complexity/difficulty

Adds simple password policy(with regards to complexity) management into
categories:
- Per category password policy: admins can configure what kind of passwords get
generated
in member-passwords. User-created passwords are also checked against the policy
if it is
defined and complexity is enforced for every user based on their set category.
- Predefined policies:
- simplenumeric: the digits 0-9 allowed only
- alphanumeric: passwords must contain only the digits 0-9 and
lowercase and uppercase characters.
Special characters are not allowed.
- complex: patrons are required to use complex passwords containing
numbers, uppercase and lowercase
characters and special characters.
Old passwords for excisting patrons are not affected.

To test:
1. Apply this patch and update database.
2. Navigate to categories.pl and note there is new column 'Password policies'
has been added.
3. Edit some categories and set password policy for them.
4. Set some values to sysprefs 'minPasswordLength', 'minAlnumPasswordLength'
and
'minComplexPasswordLength'.

Staff interface:
1. Create new patron.
2. Set their password against their categorys policy and save.
3. Error message is displayed (with content depending on password policy).
4. Set acceptable password and save succesfully.
5. Repeat steps 2-3-4 on patron edit page.
6. Repeat steps 2-3-4 on 'Change password' page.

OPAC:
1. Enable 'OpacPasswordChange' and 'OpacResetPassword'.
2. On OPAC, repeat what you did on staff interface (on create, edit and 'Change
your password'.
3. Confirm errors are displayed correctly and saving works.
4. Log out and go to 'Forgotten password recovery' page.
5. Send and receive email for password recovery.
6. Set unacceptable password and save, confirm correct error is displayed.
7. Set acceptable password and save succesfully.

REST API:
1. With your preferred REST client (curl e.g) sent POST request to
/api/v1/patrons/{patron_id}/password
with 'password' and 'password_2' parameters.
2. Confirm correct error message is displayed when sending password against
password policy.
3. Confirm password is changed when acceptable password is send.

Also prove t/AuthUtils.t and t/db_dependent/api/v1/patrons_password.t

Sponsored-by: Koha-Suomi Oy

---

NOTE: Unlike in original patch, no App::GenPass is used due it's complex
dependencies. I've instead added new patterns to follow in sub
generate_password and member-password.tt when generating password successions.

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-22 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Emmi Takkinen  changed:

   What|Removed |Added

 CC||emmi.takki...@outlook.com
   Assignee|koha-b...@lists.koha-commun |emmi.takki...@outlook.com
   |ity.org |
 Status|Patch doesn't apply |ASSIGNED

--- Comment #4 from Emmi Takkinen  ---
I've been working with rebase of this patch (or technically it's patch fetched
from https://github.com/KohaSuomi/Koha including changes to OPAC and API).
Hopefully I'll be able to provide it and some additional changes during this
week.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-08 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=23816

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-08 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

David Cook  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=25934
 CC||dc...@prosentient.com.au

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2020-07-08 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

koha-US bug tracker  changed:

   What|Removed |Added

 CC||bugzi...@koha-us.org

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2019-04-15 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Owen Leonard  changed:

   What|Removed |Added

 Status|Needs Signoff   |Patch doesn't apply

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2019-04-15 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Owen Leonard  changed:

   What|Removed |Added

 Status|NEW |Needs Signoff

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2019-04-15 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Magnus Enger  changed:

   What|Removed |Added

 CC||mag...@libriotech.no

--- Comment #3 from Magnus Enger  ---
Changing to NSO since there is a 4 years old patch.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity /difficulty

2017-07-31 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #2 from Marc Véron  ---
*** Bug 18424 has been marked as a duplicate of this bug. ***

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity /difficulty

2017-06-13 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Olli-Antti Kivilahti  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=18424

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity /difficulty

2017-06-13 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Lari Taskula  changed:

   What|Removed |Added

 CC||lari.task...@jns.fi

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity /difficulty

2017-06-13 Thread bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Olli-Antti Kivilahti  changed:

   What|Removed |Added

   See Also||https://bugs.koha-community
   ||.org/bugzilla3/show_bug.cgi
   ||?id=18298

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2015-04-13 Thread bugzilla-daemon
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

--- Comment #1 from Olli-Antti Kivilahti olli-antti.kivila...@jns.fi ---
Created attachment 37740
  --
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=37740action=edit
Bug 12617 - Koha should let admins to configure automatically generated
password complexity/difficulty

Adds simple password policy(with regards to complexity) management into
categories:
- Per category password policy: admins can configure what kind of passwords get
generated
in member-passwords. User-created passwords are also checked against the policy
if it is
defined and complexity is enforced for every user based on their set category.
- Reworks the old custom password generation code in member-password to use a
pretty powerful perl
module from the CPAN: App::Genpass

- Predefined policies:
- simplenumeric: the digits 0-9 allowed only
- alphanumeric: passwords must contain only the digits 0-9 and lowercase
and uppercase characters.
Special characters are not allowed.
- complex: patrons are required to use complex passwords containing
numbers, uppercase and lowercase
characters and special characters.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2014-08-04 Thread bugzilla-daemon
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Katrin Fischer katrin.fisc...@bsz-bw.de changed:

   What|Removed |Added

 CC||katrin.fisc...@bsz-bw.de

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/


[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2014-07-28 Thread bugzilla-daemon
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Marc Véron ve...@veron.ch changed:

   What|Removed |Added

 CC||ve...@veron.ch

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

[Koha-bugs] [Bug 12617] Koha should let admins to configure automatically generated password complexity/difficulty

2014-07-21 Thread bugzilla-daemon
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12617

Jacek Ablewicz a...@biblos.pk.edu.pl changed:

   What|Removed |Added

 CC||a...@biblos.pk.edu.pl

-- 
You are receiving this mail because:
You are watching all bug changes.
___
Koha-bugs mailing list
Koha-bugs@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/