User: Add special chars as password requirements - refs BT#20083

chamilo · Jul 15, 2022 · 46aac44 · 46aac44
1 parent 1b22923
commit 46aac44
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 8 deletions.
diff --git a/main/inc/lib/api.lib.php b/main/inc/lib/api.lib.php
@@ -2508,8 +2508,9 @@ function api_generate_password($length = 8)
         $length = 2;
     }
 
-    $charactersLowerCase = 'abcdefghijkmnopqrstuvwxyz';
-    $charactersUpperCase = 'ABCDEFGHJKLMNPQRSTUVWXYZ';
+    $charactersLowerCase = Security::CHAR_LOWER;
+    $charactersUpperCase = Security::CHAR_UPPER;
+    $charactersSpecials = Security::CHAR_SYMBOLS;
     $minNumbers = 2;
     $length = $length - $minNumbers;
     $minLowerCase = round($length / 2);
@@ -2519,18 +2520,22 @@ function api_generate_password($length = 8)
     $passwordRequirements = api_get_configuration_value('password_requirements');
 
     $factory = new RandomLib\Factory();
-    $generator = $factory->getGenerator(new SecurityLib\Strength(SecurityLib\Strength::MEDIUM));
+    $generator = $factory->getMediumStrengthGenerator();
 
     if (!empty($passwordRequirements)) {
         $length = $passwordRequirements['min']['length'];
         $minNumbers = $passwordRequirements['min']['numeric'];
         $minLowerCase = $passwordRequirements['min']['lowercase'];
         $minUpperCase = $passwordRequirements['min']['uppercase'];
+        $minSpecials = $passwordRequirements['min']['specials'];
 
-        $rest = $length - $minNumbers - $minLowerCase - $minUpperCase;
+        $rest = $length - $minNumbers - $minLowerCase - $minUpperCase - $minSpecials;
         // Add the rest to fill the length requirement
         if ($rest > 0) {
-            $password .= $generator->generateString($rest, $charactersLowerCase.$charactersUpperCase);
+            $password .= $generator->generateString(
+                $rest,
+                $charactersLowerCase.$charactersUpperCase.$charactersSpecials
+            );
         }
     }
 
@@ -2571,6 +2576,7 @@ function api_check_password($password)
     // Optional
     $minLowerCase = $passwordRequirements['min']['lowercase'];
     $minUpperCase = $passwordRequirements['min']['uppercase'];
+    $minSpecials = $passwordRequirements['min']['specials'];
 
     $minLetters = $minLowerCase + $minUpperCase;
     $passwordLength = api_strlen($password);
@@ -2582,6 +2588,7 @@ function api_check_password($password)
     $digits = 0;
     $lowerCase = 0;
     $upperCase = 0;
+    $specials = 0;
 
     for ($i = 0; $i < $passwordLength; $i++) {
         $currentCharacterCode = api_ord(api_substr($password, $i, 1));
@@ -2595,6 +2602,10 @@ function api_check_password($password)
         if ($currentCharacterCode >= 48 && $currentCharacterCode <= 57) {
             $digits++;
         }
+
+        if (false !== strpos(Security::CHAR_SYMBOLS, $currentCharacterCode)) {
+            $specials++;
+        }
     }
 
     // Min number of digits
@@ -2610,6 +2621,10 @@ function api_check_password($password)
         $conditions['min_lowercase'] = $upperCase >= $minLowerCase;
     }
 
+    if (!empty($minSpecials)) {
+        $conditions['min_specials'] = $specials >= $minSpecials;
+    }
+
     // Min letters
     $letters = $upperCase + $lowerCase;
     $conditions['min_letters'] = $letters >= $minLetters;
@@ -2624,7 +2639,7 @@ function api_check_password($password)
 
     if ($isPasswordOk === false) {
         $output = get_lang('NewPasswordRequirementsNotMatched').'<br />';
-        $output .= Security::getPasswordRequirementsToString($conditions);
+        $output .= Security::getPasswordRequirementsToString();
 
         Display::addFlash(Display::return_message($output, 'warning', false));
     }

diff --git a/main/inc/lib/security.lib.php b/main/inc/lib/security.lib.php
@@ -39,6 +39,11 @@
  */
 class Security
 {
+    public const CHAR_UPPER = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
+    public const CHAR_LOWER = 'abcdefghijklmnopqrstuvwxyz';
+    public const CHAR_DIGITS = '0123456789';
+    public const CHAR_SYMBOLS = '!"#$%&\'()* +,-./:;<=>?@[\]^_`{|}~';
+
     public static $clean = [];
 
     /**
@@ -554,6 +559,7 @@ public static function getPasswordRequirements()
                 'uppercase' => 0,
                 'numeric' => 2,
                 'length' => 5,
+                'specials' => 1,
             ],
         ];
 
@@ -571,7 +577,7 @@ public static function getPasswordRequirements()
      *
      * @return string
      */
-    public static function getPasswordRequirementsToString($passedConditions = [])
+    public static function getPasswordRequirementsToString(): string
     {
         $output = '';
         $setting = self::getPasswordRequirements();

diff --git a/main/install/configuration.dist.php b/main/install/configuration.dist.php
@@ -341,7 +341,8 @@
         'lowercase' => 2,
         'uppercase' => 2,
         'numeric' => 2,
-        'length' => 8
+        'length' => 8,
+        'specials' => 1,
     ]
 ];*/
 // Customize course session tracking columns