diff --git a/helpers.lua b/helpers.lua index ea7f67b..3d926d0 100644 --- a/helpers.lua +++ b/helpers.lua @@ -626,22 +626,36 @@ function edit_user() then -- and the new password against the confirmation field's content if args.newpassword == args.confirm then - local dn = conf["ldap_identifier"].."="..user..","..conf["ldap_group"] + -- Check password validity + local validatepw = io.popen("python /usr/lib/moulinette/yunohost/utils/password.py '" ..args.newpassword:gsub("'", "'\\''").."' 2>&1 || echo ::ERROR::", 'r') + local validation = validatepw:read() + local validation_error = validatepw:read() + validatepw:close() + if validation_error == nil then - -- Open the LDAP connection - local ldap = lualdap.open_simple(conf["ldap_host"], dn, args.currentpassword) + local dn = conf["ldap_identifier"].."="..user..","..conf["ldap_group"] - local password = hash_password(args.newpassword) + -- Open the LDAP connection + local ldap = lualdap.open_simple(conf["ldap_host"], dn, args.currentpassword) + + local password = hash_password(args.newpassword) - -- Modify the LDAP information - if ldap:modify(dn, {'=', userPassword = password }) then - flash("win", t("password_changed")) + -- Modify the LDAP information + if ldap:modify(dn, {'=', userPassword = password }) then + if validation == nil then + flash("win", t("password_changed")) + else + flash("win", t(validation)) + end - -- Reset the password cache - cache:set(user.."-password", args.newpassword, conf["session_timeout"]) - return redirect(conf.portal_url.."info.html") + -- Reset the password cache + cache:set(user.."-password", args.newpassword, conf["session_timeout"]) + return redirect(conf.portal_url.."info.html") + else + flash("fail", t("password_changed_error")) + end else - flash("fail", t("password_changed_error")) + flash("fail", t(validation)) end else flash("fail", t("password_not_match")) diff --git a/portal/locales/en.json b/portal/locales/en.json index 9730672..6fbf0c4 100644 --- a/portal/locales/en.json +++ b/portal/locales/en.json @@ -22,6 +22,15 @@ "password_changed": "Password successfully changed", "password_changed_error": "An error occurred on password changing", "password_not_match": "New passwords don't match", + "password_too_simple_1": "Password needs to be at least 6 characters long", + "password_too_simple_2": "Password needs to be at least 8 characters long and contains digit, upper and lower characters", + "password_too_simple_3": "Password needs to be at least 8 characters long and contains digit, upper, lower and special characters", + "password_too_simple_4": "Password needs to be at least 12 characters long and contains digit, upper, lower and special characters", + "password_listed_1": "This password is in a well known list. Please make it unique. Password needs to be at least 6 characters long", + "password_listed_2": "This password is in a well known list. Please make it unique. Password needs to be at least 8 characters long and contains digit, upper and lower characters", + "password_listed_3": "This password is in a well known list. Please make it unique. Password needs to be at least 8 characters long and contains digit, upper, lower and special characters", + "password_listed_4": "This password is in a well known list. Please make it unique. Password needs to be at least 12 characters long and contains digit, upper, lower and special characters", + "password_advice": "Password successfully changed. Note: to improve your password make it with at least 8 characters and put digits, upper, lower and special characters", "wrong_current_password": "Current password is wrong", "invalid_mail": "Invalid mail address", "invalid_domain": "Invalid domain in",