[4.0] Upgrade inital pw length to 12 characters without complexitiy r…

…ules (#29859) * upgrade inital pw length to 12 characters without complexitiy rules * as the validation fails this are errors no warnings * add changes to the SQL files * upgrade the auto generated PW to 32 chars * remove the call to load com_users language files * Update libraries/src/Form/Rule/PasswordRule.php Co-authored-by: Brian Teeman <brian@teeman.net> * Update config.xml * Update config.xml * Set the maximum length to 2005 (the year joomla was founded) * change the fields to type number and remove max values * appy an accepted PW to the CI setup * fix spaces * use an accepted PW for the test user * Update com_users.ini Co-authored-by: Brian Teeman <brian@teeman.net>
joomla · Aug 5, 2020 · f0f2732 · f0f2732
1 parent 4110ab9
commit f0f2732
Show file tree

Hide file tree

Showing 15 changed files with 123 additions and 95 deletions.
diff --git a/administrator/components/com_users/config.xml b/administrator/components/com_users/config.xml
@@ -147,72 +147,74 @@
 		label="COM_USERS_CONFIG_PASSWORD_OPTIONS" >
 		<field
 			name="reset_count"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_FRONTEND_RESET_COUNT_LABEL"
-			first="0"
-			last="20"
+			min="0"
+			max="20"
 			step="1"
 			default="10"
+			validate="number"
 		/>
 
 		<field
 			name="reset_time"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_FRONTEND_RESET_TIME_LABEL"
-			first="1"
-			last="24"
+			min="1"
+			max="24"
 			step="1"
 			default="1"
+			validate="number"
 		/>
 
 		<field
 			name="minimum_length"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_MINIMUM_PASSWORD_LENGTH"
-			first="4"
-			last="99"
+			min="8"
 			step="1"
-			default="4"
+			default="12"
+			validate="number"
 		/>
 
 		<field
 			name="minimum_integers"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_MINIMUM_INTEGERS"
-			first="0"
-			last="98"
+			min="0"
 			step="1"
 			default="0"
+			validate="number"
 		/>
 
 		<field
 			name="minimum_symbols"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_MINIMUM_SYMBOLS"
-			first="0"
-			last="98"
+			min="0"
 			step="1"
 			default="0"
+			validate="number"
 		/>
 
 		<field
 			name="minimum_uppercase"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_MINIMUM_UPPERCASE"
-			first="0"
-			last="98"
+			min="0"
 			step="1"
 			default="0"
+			validate="number"
 		/>
 
 		<field
 			name="minimum_lowercase"
-			type="integer"
+			type="number"
 			label="COM_USERS_CONFIG_FIELD_MINIMUM_LOWERCASE"
-			first="0"
-			last="98"
+			min="0"
 			step="1"
 			default="0"
+			validate="number"
 		/>
 	</fieldset>
 

diff --git a/administrator/language/en-GB/com_users.ini b/administrator/language/en-GB/com_users.ini
@@ -195,17 +195,6 @@ COM_USERS_MASS_MAIL="Mass Mail Users"
 COM_USERS_MASS_MAIL_DESC="Mass Mail options."
 COM_USERS_MASSMAIL_MAIL_BODY="{BODY} {BODYSUFFIX}"
 COM_USERS_MASSMAIL_MAIL_SUBJECT="{SUBJECTPREFIX} {SUBJECT}"
-COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required."
-COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required."
-COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lower case characters. At least %s lower case characters are required."
-COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N_1="Password does not have enough lower case characters. At least 1 lower case character is required."
-COM_USERS_MSG_NOT_ENOUGH_SYMBOLS_N="Password does not have enough symbols. At least %s symbols are required."
-COM_USERS_MSG_NOT_ENOUGH_SYMBOLS_N_1="Password does not have enough symbols. At least 1 symbol is required."
-COM_USERS_MSG_NOT_ENOUGH_UPPERCASE_LETTERS_N="Password does not have enough upper case characters. At least %s upper case characters are required."
-COM_USERS_MSG_NOT_ENOUGH_UPPERCASE_LETTERS_N_1="Password does not have enough upper case characters. At least 1 upper case character is required."
-COM_USERS_MSG_PASSWORD_TOO_LONG="Password is too long. Passwords must be less than 100 characters."
-COM_USERS_MSG_PASSWORD_TOO_SHORT_N="Password is too short. Passwords must have at least %s characters."
-COM_USERS_MSG_SPACES_IN_PASSWORD="Password must not have spaces at the beginning or end."
 COM_USERS_N_LEVELS_DELETED="%d View Access Levels removed."
 COM_USERS_N_LEVELS_DELETED_0="No View Access Levels removed."
 COM_USERS_N_LEVELS_DELETED_1="View Access Level removed."

diff --git a/administrator/language/en-GB/joomla.ini b/administrator/language/en-GB/joomla.ini
@@ -262,9 +262,20 @@ JFIELD_ORDERING_DESC="Select the ordering."
 JFIELD_ORDERING_LABEL="Ordering"
 JFIELD_PARAMS_LABEL="Options"
 JFIELD_PASSWORD_INDICATE_COMPLETE="Password accepted"
-JFIELD_PASSWORD_INDICATE_INCOMPLETE="Password doesn't meet site's requirements"
-JFIELD_PASSWORD_NOTE_DESC="%1s symbol(s), %2s uppercase letter(s), %3s lowercase letter(s), %4s number(s) and be %5s characters long"
+JFIELD_PASSWORD_INDICATE_INCOMPLETE="Password doesn't meet site's requirements."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lower case characters. At least %s lower case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N_1="Password does not have enough lower case characters. At least 1 lower case character is required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N="Password does not have enough symbols. At least %s symbols are required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N_1="Password does not have enough symbols. At least 1 symbol is required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N="Password does not have enough upper case characters. At least %s upper case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N_1="Password does not have enough upper case characters. At least 1 upper case character is required."
+JFIELD_PASSWORD_NOTE_DESC="%1 symbol(s), %2 uppercase letter(s), %3 lowercase letter(s), %4 number(s)"
 JFIELD_PASSWORD_NOTE_LBL="Password must contain:"
+JFIELD_PASSWORD_SPACES_IN_PASSWORD="Password must not have spaces at the beginning or end."
+JFIELD_PASSWORD_TOO_LONG="Password is too long. Passwords must be less than 100 characters."
+JFIELD_PASSWORD_TOO_SHORT_N="Password is too short. Passwords must have at least %s characters."
 JFIELD_PLG_SEARCH_ALL_DESC="Include published items in the search."
 JFIELD_PLG_SEARCH_ALL_LABEL="Search Published"
 JFIELD_PLG_SEARCH_ARCHIVED_DESC="Include archived items in the search."

diff --git a/build/media_source/system/js/fields/passwordstrength.es6.js b/build/media_source/system/js/fields/passwordstrength.es6.js
@@ -31,7 +31,7 @@ class PasswordStrength {
     this.uppercase = parseInt(settings.uppercase, 10) || 0;
     this.numbers = parseInt(settings.numbers, 10) || 0;
     this.special = parseInt(settings.special, 10) || 0;
-    this.length = parseInt(settings.length, 10) || 4;
+    this.length = parseInt(settings.length, 10) || 12;
   }
 
   getScore(value) {
@@ -96,7 +96,7 @@ class PasswordStrength {
       uppercase: minUppercase || 0,
       numbers: minIntegers || 0,
       special: minSymbols || 0,
-      length: minLength || 4,
+      length: minLength || 12,
     });
 
     const score = strength.getScore(element.value);
@@ -181,7 +181,7 @@ class PasswordStrength {
           uppercase: minUppercase || 0,
           numbers: minIntegers || 0,
           special: minSymbols || 0,
-          length: minLength || 4,
+          length: minLength || 12,
         });
 
         const score = strength.getScore(value);

diff --git a/installation/forms/setup.xml b/installation/forms/setup.xml
@@ -54,6 +54,7 @@
 			class="form-control"
 			required="true"
 			autocomplete="new-password"
+			validate="password"
 		/>
 		<field
 			name="db_type"

diff --git a/installation/language/en-GB/joomla.ini b/installation/language/en-GB/joomla.ini
@@ -272,8 +272,19 @@ JLIB_JS_AJAX_ERROR_TIMEOUT="A timeout has occurred while fetching the JSON data.
 ; Field password messages
 JFIELD_PASSWORD_INDICATE_COMPLETE="Password accepted"
 JFIELD_PASSWORD_INDICATE_INCOMPLETE="Password doesn't meet site's requirements."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lower case characters. At least %s lower case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N_1="Password does not have enough lower case characters. At least 1 lower case character is required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N="Password does not have enough symbols. At least %s symbols are required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N_1="Password does not have enough symbols. At least 1 symbol is required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N="Password does not have enough upper case characters. At least %s upper case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N_1="Password does not have enough upper case characters. At least 1 upper case character is required."
 JFIELD_PASSWORD_NOTE_DESC="%1 symbol(s), %2 uppercase letter(s), %3 lowercase letter(s), %4 number(s)"
 JFIELD_PASSWORD_NOTE_LBL="Password must contain:"
+JFIELD_PASSWORD_SPACES_IN_PASSWORD="Password must not have spaces at the beginning or end."
+JFIELD_PASSWORD_TOO_LONG="Password is too long. Passwords must be less than 100 characters."
+JFIELD_PASSWORD_TOO_SHORT_N="Password is too short. Passwords must have at least %s characters."
 
 ; Javascript Form Validation Messages
 JLIB_FORM_CONTAINS_INVALID_FIELDS="The form cannot be submitted as it's missing required data. <br> Please correct the marked fields and try again."

diff --git a/installation/language/en-US/joomla.ini b/installation/language/en-US/joomla.ini
@@ -272,8 +272,19 @@ JLIB_JS_AJAX_ERROR_TIMEOUT="A timeout has occurred while fetching the JSON data.
 ; Field password messages
 JFIELD_PASSWORD_INDICATE_COMPLETE="Password accepted"
 JFIELD_PASSWORD_INDICATE_INCOMPLETE="Password doesn't meet site's requirements."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required."
+JFIELD_PASSWORD_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lower case characters. At least %s lower case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_LOWERCASE_LETTERS_N_1="Password does not have enough lower case characters. At least 1 lower case character is required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N="Password does not have enough symbols. At least %s symbols are required."
+JFIELD_PASSWORD_NOT_ENOUGH_SYMBOLS_N_1="Password does not have enough symbols. At least 1 symbol is required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N="Password does not have enough upper case characters. At least %s upper case characters are required."
+JFIELD_PASSWORD_NOT_ENOUGH_UPPERCASE_LETTERS_N_1="Password does not have enough upper case characters. At least 1 upper case character is required."
 JFIELD_PASSWORD_NOTE_DESC="%1 symbol(s), %2 uppercase letter(s), %3 lowercase letter(s), %4 number(s)"
 JFIELD_PASSWORD_NOTE_LBL="Password must contain:"
+JFIELD_PASSWORD_SPACES_IN_PASSWORD="Password must not have spaces at the beginning or end."
+JFIELD_PASSWORD_TOO_LONG="Password is too long. Passwords must be less than 100 characters."
+JFIELD_PASSWORD_TOO_SHORT_N="Password is too short. Passwords must have at least %s characters."
 
 ; Javascript Form Validation Messages
 JLIB_FORM_CONTAINS_INVALID_FIELDS="The form cannot be submitted as it's missing required data. <br> Please correct the marked fields and try again."

diff --git a/installation/sql/mysql/base.sql b/installation/sql/mysql/base.sql
@@ -162,7 +162,7 @@ INSERT INTO `#__extensions` (`package_id`, `name`, `type`, `element`, `folder`,
 (0, 'com_content', 'component', 'com_content', '', 1, 1, 0, 1, 1, '', '{"article_layout":"_:default","show_title":"1","link_titles":"1","show_intro":"1","show_category":"1","link_category":"1","show_parent_category":"0","link_parent_category":"0","show_author":"1","link_author":"0","show_create_date":"0","show_modify_date":"0","show_publish_date":"1","show_item_navigation":"1","show_vote":"0","show_tags":"1","show_readmore":"1","show_readmore_title":"1","readmore_limit":"100","show_hits":"1","show_noauth":"0","show_publishing_options":"1","show_article_options":"1","save_history":"1","history_limit":10,"show_urls_images_frontend":"0","show_urls_images_backend":"1","targeta":0,"targetb":0,"targetc":0,"float_intro":"left","float_fulltext":"left","category_layout":"_:blog","show_category_title":"0","show_description":"0","show_description_image":"0","maxLevel":"1","show_empty_categories":"0","show_no_articles":"1","show_subcat_desc":"1","show_cat_num_articles":"0","show_base_description":"1","maxLevelcat":"-1","show_empty_categories_cat":"0","show_subcat_desc_cat":"1","show_cat_num_articles_cat":"1","num_leading_articles":"1","num_intro_articles":"4","num_links":"4","show_subcategory_content":"0","show_pagination_limit":"1","filter_field":"hide","show_headings":"1","list_show_date":"0","date_format":"","list_show_hits":"1","list_show_author":"1","orderby_pri":"order","orderby_sec":"rdate","order_date":"published","show_pagination":"2","show_pagination_results":"1","show_feed_link":"1","feed_summary":"0"}'),
 (0, 'com_config', 'component', 'com_config', '', 1, 1, 0, 1, 1, '', '{"filters":{"1":{"filter_type":"NH","filter_tags":"","filter_attributes":""},"6":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"7":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"2":{"filter_type":"NH","filter_tags":"","filter_attributes":""},"3":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"4":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"5":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"10":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"12":{"filter_type":"BL","filter_tags":"","filter_attributes":""},"8":{"filter_type":"NONE","filter_tags":"","filter_attributes":""}}}'),
 (0, 'com_redirect', 'component', 'com_redirect', '', 1, 1, 0, 0, 1, '', ''),
-(0, 'com_users', 'component', 'com_users', '', 1, 1, 0, 1, 1, '', '{"allowUserRegistration":"0","new_usertype":"2","guest_usergroup":"9","sendpassword":"0","useractivation":"2","mail_to_admin":"1","captcha":"","frontend_userparams":"1","site_language":"0","change_login_name":"0","reset_count":"10","reset_time":"1","minimum_length":"4","minimum_integers":"0","minimum_symbols":"0","minimum_uppercase":"0","save_history":"1","history_limit":5,"mailSubjectPrefix":"","mailBodySuffix":""}'),
+(0, 'com_users', 'component', 'com_users', '', 1, 1, 0, 1, 1, '', '{"allowUserRegistration":"0","new_usertype":"2","guest_usergroup":"9","sendpassword":"0","useractivation":"2","mail_to_admin":"1","captcha":"","frontend_userparams":"1","site_language":"0","change_login_name":"0","reset_count":"10","reset_time":"1","minimum_length":"12","minimum_integers":"0","minimum_symbols":"0","minimum_uppercase":"0","save_history":"1","history_limit":5,"mailSubjectPrefix":"","mailBodySuffix":""}'),
 (0, 'com_finder', 'component', 'com_finder', '', 1, 1, 0, 0, 1, '', '{"enabled":"0","show_description":"1","description_length":255,"allow_empty_query":"0","show_url":"1","show_autosuggest":"1","show_suggested_query":"1","show_explained_query":"1","show_advanced":"1","show_advanced_tips":"1","expand_advanced":"0","show_date_filters":"0","sort_order":"relevance","sort_direction":"desc","highlight_terms":"1","opensearch_name":"","opensearch_description":"","batch_size":"50","memory_table_limit":30000,"title_multiplier":"1.7","text_multiplier":"0.7","meta_multiplier":"1.2","path_multiplier":"2.0","misc_multiplier":"0.3","stem":"1","stemmer":"snowball","enable_logging":"0"}'),
 (0, 'com_joomlaupdate', 'component', 'com_joomlaupdate', '', 1, 1, 0, 1, 1, '', '{"updatesource":"default","customurl":""}'),
 (0, 'com_tags', 'component', 'com_tags', '', 1, 1, 1, 0, 1, '', '{"tag_layout":"_:default","save_history":"1","history_limit":5,"show_tag_title":"0","tag_list_show_tag_image":"0","tag_list_show_tag_description":"0","tag_list_image":"","tag_list_orderby":"title","tag_list_orderby_direction":"ASC","show_headings":"0","tag_list_show_date":"0","tag_list_show_item_image":"0","tag_list_show_item_description":"0","tag_list_item_maximum_characters":0,"return_any_or_all":"1","include_children":"0","maximum":200,"tag_list_language_filter":"all","tags_layout":"_:default","all_tags_orderby":"title","all_tags_orderby_direction":"ASC","all_tags_show_tag_image":"0","all_tags_show_tag_description":"0","all_tags_tag_maximum_characters":20,"all_tags_show_tag_hits":"0","filter_field":"1","show_pagination_limit":"1","show_pagination":"2","show_pagination_results":"1","tag_field_ajax_mode":"1","show_feed_link":"1"}'),