use password policy functions from ltb-common (#968)

- use check_password_strength and checkEntropyJSON from ltb-common - externalize ppolicy smarty assignments into a dedicated function
ltb-project · Sep 9, 2024 · fc28f72 · fc28f72
1 parent d5cace9
commit fc28f72
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 530 deletions.
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "require": {
-        "ltb-project/ltb-common": "dev-main",
+        "ltb-project/ltb-common": "dev-36-add-password-policy",
         "bjeavons/zxcvbn-php": "^1.0",
         "twbs/bootstrap": "v5.3.3",
         "defuse/php-encryption": "2.4.0",

diff --git a/htdocs/change.php b/htdocs/change.php
@@ -159,7 +159,7 @@
 # Check password strength
 #==============================================================================
 if ( !$result ) {
-    $result = check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Password::check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
 }
 
 #==============================================================================

diff --git a/htdocs/changecustompwdfield.php b/htdocs/changecustompwdfield.php
@@ -217,7 +217,7 @@ function set_default_value(&$variable, $defaultValue)
 # Check password strength
 #==============================================================================
 if ( !$result ) {
-    $result = check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Password::check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
 }
 
 #==============================================================================

diff --git a/htdocs/checkentropy.php b/htdocs/checkentropy.php
@@ -1,67 +1,15 @@
 <?php
 
-/*
-  Pre-requisites: install zxcvbn library
-
-  Make sure to have this in composer.json:
-
-    "require": {
-        "bjeavons/zxcvbn-php": "^1.0"
-    }
-
-  and run: composer update
-
-*/
-
 require_once '../vendor/autoload.php';
-use ZxcvbnPhp\Zxcvbn;
-
-
-try{
-  $zxcvbn = new Zxcvbn();
-  error_log("Module Zxcvbn successfully loaded");
-}
-catch(Throwable $e){
-  error_log("Could not load Zxcvbn module: ".$e);
-  exit(1);
-}
-
-/* Check user password against zxcvbn library
-   Input : new user base64-encoded password
-   Output: JSON response: { "level" => int, "message" => "msg" } */
-
-function checkEntropyJSON($password_base64)
-{
-    $response_params = array();
-    $zxcvbn = new Zxcvbn();
-
-    if( ! isset($password_base64) || empty($password_base64))
-    {
-        error_log("checkEntropy: missing parameter password");
-        $response_params["level"]   = -1;
-        $response_params["message"] = "missing parameter password";
-        print json_encode($response_params);
-        exit(1);
-    }
-
-    $p = base64_decode($password_base64);
-    // force encoding to utf8, as iso-8859-1 is not supported by zxcvbn
-    $password = mb_convert_encoding($p, 'UTF-8', 'ISO-8859-1');
-    error_log("checkEntropy: password taken from submitted form");
-
-    $entropy = $zxcvbn->passwordStrength("$password");
-
-    $response_params["level"] = strval($entropy["score"]);
-    $response_params["message"] = $entropy['feedback']['warning'] ? strval($entropy['feedback']['warning']) : "";
-
-    error_log("checkEntropy: level " . $response_params["level"] . " msg: " . $response_params["message"]);
-
-    print json_encode($response_params);
-    exit(0);
-}
 
 // new password sent in the url, base64 encoded
 $newpass = htmlspecialchars($_POST["password"]);
-checkEntropyJSON($newpass);
+$entropy_response = \Ltb\Password::checkEntropyJSON($newpass);
+if ($debug) {
+    error_log("checkEntropy: ".$entropy_response);
+}
+
+print $entropy_response;
+exit(0);
 
 ?>
diff --git a/htdocs/index.php b/htdocs/index.php
@@ -302,64 +302,13 @@
 if (isset($login)) { $smarty->assign('login', $login); }
 if (isset($token)) { $smarty->assign('token', $token); }
 if (isset($use_captcha)) { $smarty->assign('use_captcha', $use_captcha); }
-// TODO : Make it clean function show_policy - START
-if (isset($pwd_show_policy_pos)) {
-    $smarty->assign('pwd_show_policy_pos', $pwd_show_policy_pos);
-    $smarty->assign('pwd_show_policy', $pwd_show_policy);
-    $smarty->assign('pwd_show_policy_onerror', true);
-    if ( $pwd_show_policy === "onerror" ) {
-        if ( !preg_match( "/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars|sameasold|notcomplex|sameaslogin|pwned|specialatends/" , $result) ) {
-            $smarty->assign('pwd_show_policy_onerror', false);
-        } else {
-            $smarty->assign('pwd_show_policy_onerror', true);
-        }
-    }
-    if (isset($pwd_min_length)) { $smarty->assign('pwd_min_length', $pwd_min_length); }
-    if (isset($pwd_max_length)) { $smarty->assign('pwd_max_length', $pwd_max_length); }
-    if (isset($pwd_min_lower)) { $smarty->assign('pwd_min_lower', $pwd_min_lower); }
-    if (isset($pwd_min_upper)) { $smarty->assign('pwd_min_upper', $pwd_min_upper); }
-    if (isset($pwd_min_digit)) { $smarty->assign('pwd_min_digit', $pwd_min_digit); }
-    if (isset($pwd_min_special)) { $smarty->assign('pwd_min_special', $pwd_min_special); }
-    if (isset($pwd_complexity)) { $smarty->assign('pwd_complexity', $pwd_complexity); }
-    if (isset($pwd_diff_last_min_chars)) { $smarty->assign('pwd_diff_last_min_chars', $pwd_diff_last_min_chars); }
-    if (isset($pwd_forbidden_chars)) { $smarty->assign('pwd_forbidden_chars', $pwd_forbidden_chars); }
-    if (isset($pwd_no_reuse)) { $smarty->assign('pwd_no_reuse', $pwd_no_reuse); }
-    if (isset($pwd_diff_login)) { $smarty->assign('pwd_diff_login', $pwd_diff_login); }
-    if (isset($pwd_display_entropy)) { $smarty->assign('pwd_display_entropy', $pwd_display_entropy); }
-    if (isset($pwd_check_entropy)) { $smarty->assign('pwd_check_entropy', $pwd_check_entropy); }
-    if (isset($pwd_min_entropy)) { $smarty->assign('pwd_min_entropy', $pwd_min_entropy); }
-    if (isset($use_pwnedpasswords)) { $smarty->assign('use_pwnedpasswords', $use_pwnedpasswords); }
-    if (isset($pwd_no_special_at_ends)) { $smarty->assign('pwd_no_special_at_ends', $pwd_no_special_at_ends); }
-
-    // send policy to a JSON object usable in javascript (window.policy.[parameter])
-    $smarty->assign('json_policy', base64_encode(json_encode(
-                                                array(
-                                                  "pwd_min_length" => $pwd_min_length,
-                                                  "pwd_max_length" => $pwd_max_length,
-                                                  "pwd_min_lower" => $pwd_min_lower,
-                                                  "pwd_min_upper" => $pwd_min_upper,
-                                                  "pwd_min_digit" => $pwd_min_digit,
-                                                  "pwd_min_special" => $pwd_min_special,
-                                                  "pwd_complexity" => $pwd_complexity,
-                                                  "pwd_diff_last_min_chars" => $pwd_diff_last_min_chars,
-                                                  "pwd_forbidden_chars" => $pwd_forbidden_chars,
-                                                  "pwd_no_reuse" => $pwd_no_reuse,
-                                                  "pwd_diff_login" => $pwd_diff_login,
-                                                  "pwd_display_entropy" => $pwd_display_entropy,
-                                                  "pwd_check_entropy" => $pwd_check_entropy,
-                                                  "pwd_min_entropy" => $pwd_min_entropy,
-                                                  "use_pwnedpasswords" => $use_pwnedpasswords,
-                                                  "pwd_no_special_at_ends" => $pwd_no_special_at_ends,
-                                                  "pwd_special_chars" => $pwd_special_chars
-                                                )
-                                              )));
-}
+
+smarty_assign_ppolicy($smarty, $pwd_show_policy_pos, $pwd_show_policy, $result, $pwd_policy_config);
 
 if (isset($custompwdindex)) {
     $smarty->assign('custompwdindex', $custompwdindex);
     if (isset($change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage'])) { $smarty->assign('msg_passwordchangedextramessage', $change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage']); }
 }
-// TODO : Make it clean function show_policy - END
 if (isset($smsdisplay)) { $smarty->assign('smsdisplay', $smsdisplay); }
 // TODO : Make it clean $prehook_return/$posthook_return - START
 if (isset($prehook_return)) {

diff --git a/htdocs/resetbyquestions.php b/htdocs/resetbyquestions.php
@@ -220,7 +220,7 @@
 
 # Check password strength
 if ( !$result ) {
-    $result = check_password_strength( $newpassword, "", $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Password::check_password_strength( $newpassword, "", $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
 }
 
 # Change password

diff --git a/htdocs/resetbytoken.php b/htdocs/resetbytoken.php
@@ -153,7 +153,7 @@
 # Check password strength
 if ( !$result ) {
     $entry_array = ldap_get_attributes($ldap, $entry);
-    $result = check_password_strength( $newpassword, "", $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Password::check_password_strength( $newpassword, "", $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
 }
 
 # Change password