Revision 03c526b3
Von Moritz Bunkus vor fast 14 Jahren hinzugefügt
| SL/Auth/PasswordPolicy.pm | ||
|---|---|---|
| 1 |
package SL::Auth::PasswordPolicy; |
|
| 2 |
|
|
| 3 |
use strict; |
|
| 4 |
|
|
| 5 |
use parent qw(Rose::Object); |
|
| 6 |
|
|
| 7 |
use constant OK => 0; |
|
| 8 |
use constant TOO_SHORT => 1; |
|
| 9 |
use constant TOO_LONG => 2; |
|
| 10 |
use constant MISSING_LOWERCASE => 4; |
|
| 11 |
use constant MISSING_UPPERCASE => 8; |
|
| 12 |
use constant MISSING_DIGIT => 16; |
|
| 13 |
use constant MISSING_SPECIAL_CHAR => 32; |
|
| 14 |
use constant INVALID_CHAR => 64; |
|
| 15 |
|
|
| 16 |
use Rose::Object::MakeMethods::Generic |
|
| 17 |
( |
|
| 18 |
'scalar --get_set_init' => 'config', |
|
| 19 |
); |
|
| 20 |
|
|
| 21 |
sub verify {
|
|
| 22 |
my ($self, $password) = @_; |
|
| 23 |
|
|
| 24 |
my $cfg = $self->config; |
|
| 25 |
return OK() unless $cfg && %{ $cfg };
|
|
| 26 |
|
|
| 27 |
my $result = OK(); |
|
| 28 |
$result |= TOO_SHORT() if $cfg->{min_length} && (length($password) < $cfg->{min_length});
|
|
| 29 |
$result |= TOO_LONG() if $cfg->{max_length} && (length($password) > $cfg->{max_length});
|
|
| 30 |
$result |= MISSING_LOWERCASE() if $cfg->{require_lowercase} && $password !~ m/[a-z]/;
|
|
| 31 |
$result |= MISSING_UPPERCASE() if $cfg->{require_uppercase} && $password !~ m/[A-Z]/;
|
|
| 32 |
$result |= MISSING_DIGIT() if $cfg->{require_digit} && $password !~ m/[0-9]/;
|
|
| 33 |
$result |= MISSING_SPECIAL_CHAR() if $cfg->{require_special_character} && $password !~ $cfg->{special_characters_re};
|
|
| 34 |
$result |= INVALID_CHAR() if $cfg->{invalid_characters_re} && $password =~ $cfg->{invalid_characters_re};
|
|
| 35 |
|
|
| 36 |
return $result; |
|
| 37 |
} |
|
| 38 |
|
|
| 39 |
sub errors {
|
|
| 40 |
my ($self, $result) = @_; |
|
| 41 |
|
|
| 42 |
my @errors; |
|
| 43 |
|
|
| 44 |
push @errors, $::locale->text('The password is too short (minimum length: #1).', $self->config->{min_length}) if $result & TOO_SHORT();
|
|
| 45 |
push @errors, $::locale->text('The password is too long (maximum length: #1).', $self->config->{max_length}) if $result & TOO_LONG();
|
|
| 46 |
push @errors, $::locale->text('A lower-case character is required.') if $result & MISSING_LOWERCASE();
|
|
| 47 |
push @errors, $::locale->text('An upper-case character is required.') if $result & MISSING_UPPERCASE();
|
|
| 48 |
push @errors, $::locale->text('A digit is required.') if $result & MISSING_DIGIT();
|
|
| 49 |
|
|
| 50 |
if ($result & MISSING_SPECIAL_CHAR()) {
|
|
| 51 |
my $char_list = join ' ', sort split(m//, $self->config->{special_characters});
|
|
| 52 |
push @errors, $::locale->text('A special character is required (valid characters: #1).', $char_list);
|
|
| 53 |
} |
|
| 54 |
|
|
| 55 |
if (($result & INVALID_CHAR())) {
|
|
| 56 |
my $char_list = join ' ', sort split(m//, $self->config->{ $self->config->{invalid_characters} ? 'invalid_characters' : 'valid_characters' });
|
|
| 57 |
push @errors, $::locale->text('An invalid character was used (invalid characters: #1).', $char_list) if $self->config->{invalid_characters};
|
|
| 58 |
push @errors, $::locale->text('An invalid character was used (valid characters: #1).', $char_list) if $self->config->{valid_characters};
|
|
| 59 |
} |
|
| 60 |
|
|
| 61 |
return @errors; |
|
| 62 |
} |
|
| 63 |
|
|
| 64 |
|
|
| 65 |
sub init_config {
|
|
| 66 |
my ($self) = @_; |
|
| 67 |
|
|
| 68 |
my %cfg = %{ $::emmvee_conf{password_policy} || {} };
|
|
| 69 |
|
|
| 70 |
$cfg{valid_characters} =~ s/[ \n\r]//g if $cfg{valid_characters};
|
|
| 71 |
$cfg{invalid_characters} =~ s/[ \n\r]//g if $cfg{invalid_characters};
|
|
| 72 |
$cfg{invalid_characters_re} = '[^' . quotemeta($cfg{valid_characters}) . ']' if $cfg{valid_characters};
|
|
| 73 |
$cfg{invalid_characters_re} = '[' . quotemeta($cfg{invalid_characters}) . ']' if $cfg{invalid_characters};
|
|
| 74 |
$cfg{special_characters} = '!@#$%^&*()_+=[]{}<>\'"|\\,;.:?-';
|
|
| 75 |
$cfg{special_characters_re} = '[' . quotemeta($cfg{special_characters}) . ']';
|
|
| 76 |
print $cfg{special_characters_re}, "\n";
|
|
| 77 |
|
|
| 78 |
map { $cfg{"require_${_}"} = $cfg{"require_${_}"} =~ m/^(?:1|true|t|yes|y)$/i } qw(lowercase uppercase digit special_char);
|
|
| 79 |
|
|
| 80 |
$self->config(\%cfg); |
|
| 81 |
} |
|
| 82 |
|
|
| 83 |
1; |
|
| 84 |
__END__ |
|
| 85 |
|
|
| 86 |
=pod |
|
| 87 |
|
|
| 88 |
=encoding utf8 |
|
| 89 |
|
|
| 90 |
=head1 NAME |
|
| 91 |
|
|
| 92 |
SL::Auth::PasswordPolicy - Verify a given password against the policy |
|
| 93 |
set in the configuration file |
|
| 94 |
|
|
| 95 |
=head1 SYNOPSIS |
|
| 96 |
|
|
| 97 |
my $verifier = SL::Auth::PasswordPolicy->new; |
|
| 98 |
my $result = $verifier->verify($password); |
|
| 99 |
if ($result != SL::Auth::PasswordPolicy->OK()) {
|
|
| 100 |
print "Errors: " . join(' ', $verifier->errors($result)) . "\n";
|
|
| 101 |
} |
|
| 102 |
|
|
| 103 |
=head1 CONSTANTS |
|
| 104 |
|
|
| 105 |
=over 4 |
|
| 106 |
|
|
| 107 |
=item C<OK> |
|
| 108 |
|
|
| 109 |
Password is OK. |
|
| 110 |
|
|
| 111 |
=item C<TOO_SHORT> |
|
| 112 |
|
|
| 113 |
The password is too short. |
|
| 114 |
|
|
| 115 |
=item C<TOO_LONG> |
|
| 116 |
|
|
| 117 |
The password is too long. |
|
| 118 |
|
|
| 119 |
=item C<MISSING_LOWERCASE> |
|
| 120 |
|
|
| 121 |
The password is missing a lower-case character. |
|
| 122 |
|
|
| 123 |
=item C<MISSING_UPPERCASE> |
|
| 124 |
|
|
| 125 |
The password is missing an upper-case character. |
|
| 126 |
|
|
| 127 |
=item C<MISSING_DIGIT> |
|
| 128 |
|
|
| 129 |
The password is missing a digit. |
|
| 130 |
|
|
| 131 |
=item C<MISSING_SPECIAL_CHAR> |
|
| 132 |
|
|
| 133 |
The password is missing a special character. Special characters are |
|
| 134 |
the following: ! " # $ % & ' ( ) * + , - . : ; E<lt> = E<gt> ? @ [ \ ] |
|
| 135 |
^ _ { | }
|
|
| 136 |
|
|
| 137 |
=item C<INVALID_CHAR> |
|
| 138 |
|
|
| 139 |
The password contains an invalid character. |
|
| 140 |
|
|
| 141 |
=back |
|
| 142 |
|
|
| 143 |
=head1 FUNCTIONS |
|
| 144 |
|
|
| 145 |
=over 4 |
|
| 146 |
|
|
| 147 |
=item C<verify $password> |
|
| 148 |
|
|
| 149 |
Checks whether or not the password matches the policy. Returns C<OK()> |
|
| 150 |
if it does and an error code otherwise (binary or'ed of the error |
|
| 151 |
constants). |
|
| 152 |
|
|
| 153 |
=item C<errors $code> |
|
| 154 |
|
|
| 155 |
Returns an array of human-readable strings describing the issues set |
|
| 156 |
in C<$code> which should be the result of L</verify>. |
|
| 157 |
|
|
| 158 |
=back |
|
| 159 |
|
|
| 160 |
=head1 BUGS |
|
| 161 |
|
|
| 162 |
Nothing here yet. |
|
| 163 |
|
|
| 164 |
=head1 AUTHOR |
|
| 165 |
|
|
| 166 |
Moritz Bunkus E<lt>m.bunkus@linet-services.deE<gt> |
|
| 167 |
|
|
| 168 |
=cut |
|
| config/lx_office.conf.default | ||
|---|---|---|
| 29 | 29 |
# location of history file for permanent history |
| 30 | 30 |
history_file = users/console_history |
| 31 | 31 |
|
| 32 |
# Settings used when the user changes his/her password. All options |
|
| 33 |
# default to no restriction if unset. |
|
| 34 |
[password_policy] |
|
| 35 |
# Minimum length in number of characters. |
|
| 36 |
min_length = |
|
| 37 |
# Maximum length in number of characters. |
|
| 38 |
max_length = |
|
| 39 |
# Require a lowe-case character? |
|
| 40 |
require_lowercase = |
|
| 41 |
# Require an upper-case character? |
|
| 42 |
require_uppercase = |
|
| 43 |
# Require a digit? |
|
| 44 |
require_digit = |
|
| 45 |
# Require a special char? Special chars are the following: |
|
| 46 |
# ! " # $ % & ' ( ) * + , - . : ; < = > ? @ [ \ ] ^ _ { | }
|
|
| 47 |
require_special_character = |
|
| 48 |
# Optional list of valid characters. Spaces are ignored. If set then |
|
| 49 |
# the password must only consist of these characters. |
|
| 50 |
valid_characters = |
|
| 51 |
# Optional list of invalid characters. Spaces are ignored. |
|
| 52 |
invalid_characters = |
|
| 53 |
# Whether or not to check the policy if the password is set from the |
|
| 54 |
# user administration. |
|
| 55 |
disable_policy_for_admin = |
|
| 56 |
|
|
| 32 | 57 |
[debug] |
| 33 | 58 |
# Use DBIx::Log4perl for logging DBI calls. The string LXDEBUGFILE |
| 34 | 59 |
# will be replaced by the file name configured for $::lxdebug. |
| locale/de/all | ||
|---|---|---|
| 38 | 38 |
'4. Quarter' => '4. Quartal', |
| 39 | 39 |
'<b>What</b> do you want to look for?' => '<b>Wonach</b> wollen Sie suchen?', |
| 40 | 40 |
'A Buchungsgruppe consists of a descriptive name and the account numbers for the income and expense accounts for those four tax zones as well as the inventory account number.' => 'Eine Buchungsgruppe besteht aus einem deskriptiven Namen, den Erlös- und Aufwandskonten für diese vier Steuerzonen sowie aus einem Inventarkonto.', |
| 41 |
'A digit is required.' => 'Eine Ziffer ist vorgeschrieben.', |
|
| 41 | 42 |
'A group named "Full Access" has been created.' => 'Eine Gruppe namens "Vollzugriff" wurde angelegt.', |
| 42 | 43 |
'A group with that name does already exist.' => 'Eine Gruppe mit diesem Namen gibt es bereits.', |
| 43 | 44 |
'A lot of the usability of Lx-Office has been enhanced with javascript. Although it is currently possible to use every aspect of Lx-Office without javascript, we strongly recommend it. In a future version this may change and javascript may be necessary to access advanced features.' => 'Die Bedienung von Lx-Office wurde an vielen Stellen mit Javascript verbessert. Obwohl es derzeit möglich ist, jeden Aspekt von Lx-Office auch ohne Javascript zu benutzen, empfehlen wir es. In einer zukünftigen Version wird Javascript eventuell notwendig sein um weitergehende Features zu benutzen.', |
| 45 |
'A lower-case character is required.' => 'Ein Kleinbuchstabe ist vorgeschrieben.', |
|
| 46 |
'A special character is required (valid characters: #1).' => 'Ein Sonderzeichen ist vorgeschrieben (gültige Zeichen: #1).', |
|
| 44 | 47 |
'A temporary directory could not be created:' => 'Ein temporäres Verzeichnis konnte nicht erstellt werden:', |
| 45 | 48 |
'A temporary file could not be created. Please verify that the directory "#1" is writeable by the webserver.' => 'Eine temporäre Datei konnte nicht angelegt werden. Bitte stellen Sie sicher, dass das Verzeichnis "#1" vom Webserver beschrieben werden darf.', |
| 46 | 49 |
'A temporary file could not be created:' => 'Eine temporäre Datei konnte nicht erstellt werden:', |
| ... | ... | |
| 180 | 183 |
'Amount' => 'Betrag', |
| 181 | 184 |
'Amount Due' => 'Betrag fällig', |
| 182 | 185 |
'Amount has to be greater then zero! Wrong row number: ' => 'Leere Eingabe oder Werte kleiner, gleich null eingegeben. Fehler in Reihe Nummer: ', |
| 186 |
'An invalid character was used (invalid characters: #1).' => 'Ein ungültiges Zeichen wurde benutzt (ungültige Zeichen: #1).', |
|
| 187 |
'An invalid character was used (valid characters: #1).' => 'Ein ungültiges Zeichen wurde benutzt (gültige Zeichen: #1).', |
|
| 188 |
'An upper-case character is required.' => 'Ein Großbuchstabe ist vorgeschrieben.', |
|
| 183 | 189 |
'Annotations' => 'Anmerkungen', |
| 184 | 190 |
'Another user with the login #1 does already exist.' => 'Es existiert bereits ein anderer Benutzer mit diesem Login.', |
| 185 | 191 |
'Ap aging on %s' => 'Offene Verbindlichkeiten zum %s', |
| ... | ... | |
| 815 | 821 |
'Help Template Variables' => 'Hilfe zu Dokumenten-Variablen', |
| 816 | 822 |
'Here\'s an example command line:' => 'Hier ist eine Kommandozeile, die als Beispiel dient:', |
| 817 | 823 |
'Hide by default' => 'Standardmäßig verstecken', |
| 818 |
'History' => 'Historie', |
|
| 819 | 824 |
'History Search' => 'Historien Suche', |
| 820 | 825 |
'History Search Engine' => 'Historien Suchmaschine', |
| 821 | 826 |
'Homepage' => 'Homepage', |
| ... | ... | |
| 1679 | 1684 |
'The parts have been removed.' => 'Die Waren wurden aus dem Lager entnommen.', |
| 1680 | 1685 |
'The parts have been stocked.' => 'Die Artikel wurden eingelagert.', |
| 1681 | 1686 |
'The parts have been transferred.' => 'Die Waren wurden umgelagert.', |
| 1687 |
'The password is too long (maximum length: #1).' => 'Das Passwort ist zu lang (maximale Länge: #1).', |
|
| 1688 |
'The password is too short (minimum length: #1).' => 'Das Password ist zu kurz (minimale Länge: #1).', |
|
| 1682 | 1689 |
'The payments have been posted.' => 'Die Zahlungen wurden gebucht.', |
| 1683 | 1690 |
'The pg_dump process could not be started.' => 'Der pg_dump-Prozess konnte nicht gestartet werden.', |
| 1684 | 1691 |
'The pg_restore process could not be started.' => 'Der pg_restore-Prozess konnte nicht gestartet werden.', |
| scripts/locales.pl | ||
|---|---|---|
| 31 | 31 |
my $basedir = "../.."; |
| 32 | 32 |
my $locales_dir = "."; |
| 33 | 33 |
my $bindir = "$basedir/bin/mozilla"; |
| 34 |
my @progdirs = ( "$basedir/SL/Controller", "$basedir/SL/Template/Plugin" ); |
|
| 34 |
my @progdirs = ( "$basedir/SL/Controller", "$basedir/SL/Template/Plugin", "$basedir/SL/Auth" );
|
|
| 35 | 35 |
my $dbupdir = "$basedir/sql/Pg-upgrade"; |
| 36 | 36 |
my $dbupdir2 = "$basedir/sql/Pg-upgrade2"; |
| 37 | 37 |
my $menufile = "menu.ini"; |
Auch abrufbar als: Unified diff
Eine Klasse zur Überprüfung der Passwortrichtlinie
Conflicts: