Password: README, Style, CS improvements, bump version, update changelog

6 years ago · cd9ec7983b
parent 75d6687cac
commit cd9ec7983b
5 changed files with 81 additions and 66 deletions
--- a/5
+++ b/5
@ -13,6 +13,11 @@ CHANGELOG Roundcube Webmail
 - Password: Added 'modoboa' driver (#6361)
 - Password: Fix bug where password_dovecotpw_with_method setting could be ignored (#6436)
 - Password: Fix bug where new users could skip forced password change (#6434)
+- Password: Allow drivers to override default password comparisons (eg new is not same as current) (#6473)
+- Password: Allow drivers to override default strength checks (eg allow for 'not the same as last x passwords') (#246)
+- Passowrd: Allow drivers to define password strength rules displayed to the user
+- Password: Allow separate password saving and strength drivers for use of strength checking services (#5040)
+- Password: Add zxcvbn driver for checking password strength (#6479)
 - Elastic: On touch devices display attachment icons on messages list (#6296)
 - Elastic: Make menu button inactive if all subactions are inactive (#6444)
 - Elastic: On mobile/tablet jump to the list on folder selection (#6415)
--- a/plugins/password/README
+++ b/plugins/password/README
@ -21,34 +21,37 @@
 @author <see driver files for driver authors>
 -----------------------------------------------------------------------

- 1. Configuration
- 2. Drivers
- 2.1.  Database (sql)
- 2.2.  Cyrus/SASL (sasl)
- 2.3.  Poppassd/Courierpassd (poppassd)
- 2.4.  LDAP (ldap)
- 2.5.  DirectAdmin Control Panel (directadmin)
- 2.6.  cPanel
- 2.6.1.  cPanel WHM (cpanel)
- 2.6.2.  cPanel Webmail (cpanel_webmail)
- 2.7.  XIMSS/Communigate (ximms)
- 2.8.  Virtualmin (virtualmin)
- 2.9.  hMailServer (hmail)
- 2.10. PAM (pam)
- 2.11. Chpasswd (chpasswd)
- 2.12. LDAP - no PEAR (ldap_simple)
- 2.13. XMail (xmail)
- 2.14. Pw (pw_usermod)
- 2.15. domainFACTORY (domainfactory)
- 2.16. DBMail (dbmail)
- 2.17. Expect (expect)
- 2.18. Samba (smb)
- 2.19. Vpopmail daemon (vpopmaild)
- 2.20. Plesk (Plesk RPC-API)
- 2.21. Kpasswd
- 2.22. Modoboa
- 3. Driver API
- 4. Sudo setup
+ 1.      Configuration
+ 2.      Drivers
+ 2.1.    Password Change Drivers
+ 2.1.1.  Database (sql)
+ 2.1.2.  Cyrus/SASL (sasl)
+ 2.1.3.  Poppassd/Courierpassd (poppassd)
+ 2.1.4.  LDAP (ldap)
+ 2.1.5.  DirectAdmin Control Panel (directadmin)
+ 2.1.6.  cPanel
+ 2.1.6.1.  cPanel WHM (cpanel)
+ 2.1.6.2.  cPanel Webmail (cpanel_webmail)
+ 2.1.7.  XIMSS/Communigate (ximms)
+ 2.1.8.  Virtualmin (virtualmin)
+ 2.1.9.  hMailServer (hmail)
+ 2.1.10. PAM (pam)
+ 2.1.11. Chpasswd (chpasswd)
+ 2.1.12. LDAP - no PEAR (ldap_simple)
+ 2.1.13. XMail (xmail)
+ 2.1.14. Pw (pw_usermod)
+ 2.1.15. domainFACTORY (domainfactory)
+ 2.1.16. DBMail (dbmail)
+ 2.1.17. Expect (expect)
+ 2.1.18. Samba (smb)
+ 2.1.19. Vpopmail daemon (vpopmaild)
+ 2.1.20. Plesk (Plesk RPC-API)
+ 2.1.21. Kpasswd
+ 2.1.22. Modoboa
+ 2.2.    Password Strength Drivers
+ 2.2.1.  Zxcvbn
+ 3.      Driver API
+ 4.      Sudo setup


 1. Configuration
@ -68,6 +71,7 @@
 Password plugin supports many password change mechanisms which are
 handled by included drivers. Just pass driver name in 'password_driver' option.

+
 2.1.1. Database (sql)
 ---------------------

@ -384,6 +388,8 @@
 -------------

 Driver to use the Zxcvbn library to check password strength. Requires zxcvbn-php library.
+ The library is not distributed with Roundcube (see composer.json-dist).
+ Note: Required PHP's memory_limit >= 24M.

 Set $config['password_zxcvbn_min_score'] to define minimum acceptable password strength score.

@ -399,8 +405,8 @@
 containing this method can be used in `password_strength_driver` (the strength driver). To enable
 strength checks ensure `password_check_strength` is set to true.

- The save() method, used for changing the password has two arguments:
- First - current password, second - new password.
+ The save() method, used for changing the password has three arguments:
+ First - current password, second - new password, third - current username.
 This method should return PASSWORD_SUCCESS on success or any of PASSWORD_CONNECT_ERROR,
 PASSWORD_CRYPT_ERROR, PASSWORD_ERROR when driver was unable to change password.
 Extended result (as a hash-array with 'message' and 'code' items) can be returned
--- a/plugins/password/composer.json
+++ b/plugins/password/composer.json
@ -3,7 +3,7 @@
    "type": "roundcube-plugin",
    "description": "Password Change for Roundcube. Plugin adds a possibility to change user password using many methods (drivers) via Settings/Password tab.",
    "license": "GPLv3+",
-    "version": "4.5",
+    "version": "5.0",
    "authors": [
        {
            "name": "Aleksander Machniak",
--- a/plugins/password/drivers/zxcvbn.php
+++ b/plugins/password/drivers/zxcvbn.php
@ -24,8 +24,6 @@
 * along with this program. If not, see http://www.gnu.org/licenses/.
 */

-use ZxcvbnPhp\Zxcvbn;
-
 class rcube_zxcvbn_password
 {
    function strength_rules()
@ -42,8 +40,17 @@ class rcube_zxcvbn_password

    function check_strength($passwd)
    {
+        if (!class_exists('ZxcvbnPhp\Zxcvbn')) {
+            rcube::raise_error(array(
+                'code' => 600,
+                'file' => __FILE__, 'line' => __LINE__,
+                'message' => "Password plugin: Zxcvbn library not found."
+                ), true, false);
+            return;
+        }
+
        $rcmail   = rcmail::get_instance();
-        $zxcvbn   = new Zxcvbn();
+        $zxcvbn   = new ZxcvbnPhp\Zxcvbn();
        $strength = $zxcvbn->passwordStrength($passwd);
        $result   = null;

--- a/plugins/password/password.php
+++ b/plugins/password/password.php
@ -289,7 +289,7 @@ class password extends rcube_plugin
        }

        if (!empty($rules)) {
-            $rules = html::tag('ul', array('id' => 'ruleslist'), $rules);
+            $rules = html::tag('ul', array('id' => 'ruleslist', 'class' => 'hint proplist'), $rules);
        }

        $disabled_msg = '';
@ -324,24 +324,24 @@ class password extends rcube_plugin

    private function _compare($curpwd, $newpwd, $type)
    {
-        $result = null;
+        $driver = $this->_load_driver();

-        if (!($driver = $this->_load_driver()))
-            return $this->gettext('internalerror');
-
-        if (method_exists($driver, 'compare')) {
+        if (!$driver) {
+            $result = $this->gettext('internalerror');
+        }
+        else if (method_exists($driver, 'compare')) {
            $result = $driver->compare($curpwd, $newpwd, $type);
        }
        else {
            switch ($type) {
-                case PASSWORD_COMPARE_CURRENT:
-                    $result = $curpwd != $newpwd ? $this->gettext('passwordincorrect') : null;
-                    break;
-                case PASSWORD_COMPARE_NEW:
-                    $result = $curpwd == $newpwd ? $this->gettext('samepasswd') : null;
-                    break;
-                default:
-                    $result = $this->gettext('internalerror');
+            case PASSWORD_COMPARE_CURRENT:
+                $result = $curpwd != $newpwd ? $this->gettext('passwordincorrect') : null;
+                break;
+            case PASSWORD_COMPARE_NEW:
+                $result = $curpwd == $newpwd ? $this->gettext('samepasswd') : null;
+                break;
+            default:
+                $result = $this->gettext('internalerror');
            }
        }

@ -350,12 +350,12 @@ class password extends rcube_plugin

    private function _strength_rules()
    {
-        $result = null;
-
-        if (!($driver = $this->_load_driver('strength')))
-            return $this->gettext('internalerror');
+        $driver = $this->_load_driver('strength');

-        if (method_exists($driver, 'strength_rules')) {
+        if (!$driver) {
+            $result = null;
+        }
+        else if (method_exists($driver, 'strength_rules')) {
            $result = $driver->strength_rules();
        }
        else {
@ -371,25 +371,24 @@ class password extends rcube_plugin

    private function _check_strength($passwd)
    {
-        $result = null;
+        $driver = $this->_load_driver('strength');

-        if (!($driver = $this->_load_driver('strength')))
+        if (!$driver) {
            return $this->gettext('internalerror');
+        }

        if (method_exists($driver, 'check_strength')) {
-            $result = $driver->check_strength($passwd);
-        }
-        else {
-            $result = (!preg_match("/[0-9]/", $passwd) || !preg_match("/[^A-Za-z0-9]/", $passwd)) ? $this->gettext('passwordweak') : null;
+            return $driver->check_strength($passwd);
        }

-        return $result;
+        return (!preg_match("/[0-9]/", $passwd) || !preg_match("/[^A-Za-z0-9]/", $passwd)) ? $this->gettext('passwordweak') : null;
    }

    private function _save($curpass, $passwd)
    {
-        if (!($driver = $this->_load_driver()))
+        if (!($driver = $this->_load_driver())) {
            return $this->gettext('internalerror');
+        }

        $result  = $driver->save($curpass, $passwd, self::username());
        $message = '';
@ -441,7 +440,7 @@ class password extends rcube_plugin
                    'code' => 600,
                    'type' => 'php',
                    'file' => __FILE__, 'line' => __LINE__,
-                    'message' => "Password plugin: Unable to open driver file ($file)"
+                    'message' => "Password plugin: Driver file does not exist ($file)"
                ), true, false);
                return false;
            }
@ -459,11 +458,9 @@ class password extends rcube_plugin
            }

            $this->drivers[$type] = new $class;
-            return $this->drivers[$type];
-        }
-        else {
-            return $this->drivers[$type];
        }
+
+        return $this->drivers[$type];
    }

    function user_create($args)