banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Small code improvements, update changelog

Browse Source
pull/7283/head
Aleksander Machniak 4 years ago
parent be7770b5a9
commit 3c8b270d8d
6 changed files with 24 additions and 14 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -8,6 +8,7 @@ CHANGELOG Roundcube Webmail
- Added support for INSERT OR REPLACE queries (#6771)
- Extract RFC2231 attachment name from message headers (#6729, #6783)
- Managesieve: Allow display name with email address in vacation :from field (#6760)
- Password: Added 'pwned' password strength driver (#7274)
- Add support for SameSite cookie attribute via session_samesite option (req PHP >= 7.3.0) (#6772)
- Elastic: Display a special icon for other users and shared namespace roots (#5012)
- Change folders sorting so shared/other users namespaces are listed last (#5012)

2
plugins/password/composer.json
Unescape Escape View File

@ -3,7 +3,7 @@
"type": "roundcube-plugin",
"description": "Password Change for Roundcube. Plugin adds a possibility to change user password using many methods (drivers) via Settings/Password tab.",
"license": "GPLv3+",
"version": "5.1",
"version": "5.2",
"authors": [
{
"name": "Aleksander Machniak",

31
plugins/password/drivers/pwned.php
Unescape Escape View File

@ -85,6 +85,7 @@ class rcube_pwned_password
* 3 - if password is not publicly known to be compromised.
*
* @param string $passwd Password
*
* @return array password score (1 to 3) and (optional) reason message
*/
function check_strength($passwd)
@ -96,7 +97,8 @@ class rcube_pwned_password
$rc = rcmail::get_instance();
if ($score === self::SCORE_LISTED) {
$message = $rc->gettext('password.pwned_isdisclosed');
} else {
}
else {
$message = $rc->gettext('password.pwned_fetcherror');
}
}
@ -106,7 +108,9 @@ class rcube_pwned_password
/**
* Check password using HIBP.
*
* @param string $passwd
*
* @return int score, one of the SCORE_* constants (between 1 and 3).
*/
function check_pwned($passwd)
@ -116,8 +120,9 @@ class rcube_pwned_password
if (!$this->can_retrieve()) {
// Log the fact that we cannot check because of configuration error.
rcube::write_log('errors', "Plugin 'password', driver 'pwned': configuration error: need curl or allow_url_fopen to check for compromised passwords");
} else {
rcube::raise_error("Need curl or allow_url_fopen to check password strength with 'pwned'", true, true);
}
else {
list($prefix, $suffix) = $this->hash_split($passwd);
$suffixes = $this->retrieve_suffixes(self::API_URL . $prefix);
@ -132,9 +137,10 @@ class rcube_pwned_password
function hash_split($passwd)
{
$hash = strtolower(sha1($passwd));
$hash = strtolower(sha1($passwd));
$prefix = substr($hash, 0, 5);
$suffix = substr($hash, 5);
return array($prefix, $suffix);
}
@ -145,8 +151,7 @@ class rcube_pwned_password
function can_curl()
{
return (in_array('curl', get_loaded_extensions())
&& function_exists('curl_init'));
return function_exists('curl_init');
}
function can_fopen()
@ -158,7 +163,8 @@ class rcube_pwned_password
{
if ($this->can_curl()) {
return $this->retrieve_curl($url);
} else {
}
else {
return $this->retrieve_fopen($url);
}
}
@ -173,6 +179,7 @@ class rcube_pwned_password
}
$output = curl_exec($ch);
curl_close($ch);
return $output;
}
@ -184,6 +191,7 @@ class rcube_pwned_password
$output .= fgets($ch);
}
fclose($ch);
return $output;
}
@ -192,17 +200,20 @@ class rcube_pwned_password
// initialize to error in case there are no lines at all
$result = self::SCORE_ERROR;
foreach(preg_split('/[\r\n]+/', $list) as $line) {
foreach (preg_split('/[\r\n]+/', $list) as $line) {
$line = strtolower($line);
if (preg_match('/^([0-9a-f]{35}):(\d)+$/', $line, $matches)) {
if (($matches[2] > 0) && ($matches[1] === $candidate)) {
if ($matches[2] > 0 && $matches[1] === $candidate) {
// more than 0 occurrences, and suffix matches
// -> password is compromised
return self::SCORE_LISTED;
}
// valid line, not matching the current password
$result = self::SCORE_NOT_LISTED;
} else {
}
else {
// invalid line
return self::SCORE_ERROR;
}

1
plugins/password/localization/de_DE.inc
Unescape Escape View File

@ -40,4 +40,3 @@ $messages['passwdexpired'] = 'Ihr Passwort ist abgelaufen, ändern Sie es jetzt!
$messages['passwdconstraintviolation'] = 'Passwortbeschränkungsverletzung. Passwort wahrscheinlich zu schwach.';
$messages['pwned_mustnotbedisclosed'] = 'Passwort darf nicht&nbsp;<a href="https://haveibeenpwned.com/Passwords" target="_blank">allgemein bekannt</a>&nbsp;sein.';
$messages['pwned_isdisclosed'] = 'Dieses Passwort ist bereits allgemein bekannt.';
$messages['pwned_fetcherror'] = 'FEHLER: Die Überprüfung kompromittierter Passwörter ist fehlgeschlagen.';

2
plugins/password/localization/en_US.inc
Unescape Escape View File

@ -43,4 +43,4 @@ $messages['passwdexpired'] = 'Your password has expired, you have to change it n
$messages['passwdconstraintviolation'] = 'Password constraint violation. Password probably too weak.';
$messages['pwned_mustnotbedisclosed'] = 'Password must not be&nbsp;<a href="https://haveibeenpwned.com/Passwords" target="_blank">commonly known</a>.';
$messages['pwned_isdisclosed'] = 'This password is commonly known.';
$messages['pwned_fetcherror'] = 'ERROR: Verification of compromised passwords failed.';
$messages['pwned_fetcherror'] = 'Failed to verify the password strength.';

1
plugins/password/localization/fr_FR.inc
Unescape Escape View File

@ -40,4 +40,3 @@ $messages['passwdexpired'] = 'Votre mot de passe est expiré, vous devez le chan
$messages['passwdconstraintviolation'] = 'Contrainte non respectée. Le mot de passe est probablement trop faible.';
$messages['pwned_mustnotbedisclosed'] = 'Le mot de passe ne doit pas être&nbsp;<a href="https://haveibeenpwned.com/Passwords" target="_blank">communément connu</a>.';
$messages['pwned_isdisclosed'] = 'Ce mot de passe est communément connu.';
$messages['pwned_fetcherror'] = 'ERREUR: La vérification des mots de passe compromis a échoué';

Write Preview
Loading…
Cancel
Save