Commit Graph

74 Commits (ad84b2df3fe352bc88413253414e17c5423c4010)

Author SHA1 Message Date
Aleksander Machniak 66fab8cdb2 CS fixes, Avoid usused variables, fixed minor bugs 5 years ago
Johannes Prösl 4644e3404f Adding ssha512 password_algorithm (#6805)
* Added SSHA512 method to the hash_password function

Basically a copy of the ssha method this case is compatible with the dovecot ssha512 settings so there is no doveadm needed alongside with roundcube to update ssha512 passwords.
5 years ago
Aleksander Machniak 57c67db029 Remove year(s) from copyright headers + some cleanup 6 years ago
Aleksander Machniak a32d72b661 Password: Disallow control characters in passwords (#6547) 6 years ago
Aleksander Machniak 11216a1925 Changed 'password_charset' default to 'UTF-8' (#6522) 6 years ago
Aleksander Machniak 9babe138af Password: Change API for password checking
... for simpler implementation of strength indicator in future.

Also simplified configuration by removing password_check_strength and
adding password_minimum_score.
6 years ago
Aleksander Machniak cd9ec7983b Password: README, Style, CS improvements, bump version, update changelog 6 years ago
PhilW 00946f1f57 give password plugin drivers more power
Allow password drivers more control over the entire password changeing
processes not just the save action. Allow them to perform old/new
password comparisons and also password strength checking.

*) allow password drivers override default password comparisons (eg
   new is not same as current) #6473
*) allow password drivers override default strength checks (eg allow
   for 'not the same as last x passwords')
*) allow separate password saving and strength drivers for use of
   strength checking services eg HaveIBeenPwned.com #5040
*) allow drivers to define password strength rules displayed to the
   user
*) rename password_require_nonalpha config option to
   password_check_strength to reflect new strength checking
   possibilities (added backwards compatibility)
6 years ago
Aleksander Machniak b7d51573e4 Password: Fix bug where new users could skip forced password change (#6434) 6 years ago
Aleksander Machniak bae58951bf Fix bug where password_dovecotpw_with_method setting could be ignored (#6436) 6 years ago
Aleksander Machniak 60922dc3d5 Password: Added password_username_format option (#5766) 7 years ago
Aleksander Machniak fd9517655f Fix password form 7 years ago
Aleksander Machniak 315f78a65a Elastic: Use btn.submit instead of button.save classes for Save button in forms 7 years ago
Aleksander Machniak f3ce401def Set 'propform' class for password change form table 7 years ago
Aleksander Machniak 9858c2a294 Merge branch 'master' into dev-elastic 8 years ago
Torkel Bjørnson-Langen 278b46a99d password plugin: better error message on constraint violation (#5727)
If the password policy on the ldap server is violated when changing
password, report error as "constraint violation" instead of the
misleading "connection error".

Only tested with OpenLDAP (v2.4).
8 years ago
Aleksander Machniak 8e6eb9fa72 Define 'save' class for password form button 8 years ago
Aleksander Machniak e240e5f8dd CS fixes and update changelog 8 years ago
KaloNK d41db75d82 Do not store passwords on disk - use proc_open instead of popen (#5531) 8 years ago
Aleksander Machniak d59bf988e3 Fix style of Save button in password form (larry) 8 years ago
Aleksander Machniak 391d0d2039 Remove "@version @package_version@" 8 years ago
Aleksander Machniak 33addff305 assword: Added possibility to nicely handle password epiration from other plugins (#5468)
Squashed commit of the following:

commit 41283ecab18321201c3adfef8e964e2aa0dc2032
Author: Aleksander Machniak <alec@alec.pl>
Date:   Sat Oct 15 08:37:31 2016 +0200

    CS fixes after PR merge, renamed session variable

commit b4440a0c4d15c194619c003683ff0d36787f82a8
Merge: cf9f0d8 5dee181
Author: Aleksander Machniak <alec@alec.pl>
Date:   Sat Oct 15 08:26:04 2016 +0200

    Merge branch 'master' of https://github.com/ZiBiS/roundcubemail into ZiBiS-master

commit 5dee1812e7
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Thu Oct 13 14:20:14 2016 +0200

    passing by session

commit 6ccb7e7d1d
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Thu Oct 13 11:45:43 2016 +0200

    formatted passwdexpdatetime should be set in session data

commit a43f30fdfc
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Thu Oct 13 11:10:06 2016 +0200

    _passwdexpwarning removed and expdatetime object is stored in session

commit 62ef852a11
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Thu Oct 13 10:24:39 2016 +0200

    String concatenation is removed and expdatetime is passed via session
    data.

commit 2aea3a4e85
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Wed Oct 12 10:20:58 2016 +0200

    Removing ppolicy plugin from my repository.

commit 8848c944ab
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Tue Oct 11 11:32:37 2016 +0200

    little correction of variables names

commit 5266c89da9
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Tue Oct 11 11:14:17 2016 +0200

    little corrections

commit c665b5c607
Author: Zbigniew Szmyd <zbigniew.szmyd@linseco.pl>
Date:   Tue Oct 11 10:31:05 2016 +0200

    A plugin to check LDAP password for expiration
8 years ago
Aleksander Machniak 7f4ab8c14a Merge pull request #5364 from ZiBiS/master
Password: LDAP PPolicy driver
8 years ago
Aleksander Machniak 9e129383a1 Improve randomness of password salts and random hashes (#5266) 8 years ago
Zbigniew Szmyd 0c093b0b36 Added the missing changes 8 years ago
Zbigniew Szmyd 0efb682d40 New constant PASSWORD_IN_HISTORY added for ldap_ppolicy plugin. 8 years ago
Aleksander Machniak ab6fdfa8bc Fix PHP warning when password_hosts is set, but is not an array (#5260) 9 years ago
hsz ed4f659a76 Fixed dovecot and samba encryption - (invalid variables names) 9 years ago
Aleksander Machniak b922995297 CS fixes 9 years ago
Bram Matthys c10f97740a Add $config['password_crypt_rounds']: this specifies the number of rounds
to be used for the sha256 and sha512 crypt hashing algorithms.
9 years ago
Aleksander Machniak 252cc4c4ac Password: Allow temporarily disabling the plugin functionality with a notice 9 years ago
Aleksander Machniak 3cc6ec573d Make password encryption algorithms available for all drivers (#1490134)
...via password::hash_password() method and password_algorithm option.
Add %P and %O macros for password_query in favor of %c, %d, %n and %q.
10 years ago
xzaara 54462b0f68 Update password.php
Semicolons instead of colons in  switch statement.
10 years ago
Aleksander Machniak 1a3132366e After PR merge code cleanup 11 years ago
simonp 1c5fdd674e Show password rules before committing new password (#1488285) 11 years ago
Aleksander Machniak 90ab9f2847 Fix loading localization 11 years ago
Aleksander Machniak 7e309b872f Add title attribute to settings menu 11 years ago
Aleksander Machniak 4520fa0f38 Code cleanup and small fixes (after pull request merge) 11 years ago
simonp 12514266b9 Move login/hosts to seperate function 11 years ago
simonp 6f7042e582 Fix for login/hosts exceptions 11 years ago
simonp 9e9c03cb90 Moved functionality from password_first to password_init 11 years ago
simonp e7ee70541f Add option to force new users to change their password (#1486884) 11 years ago
Aleksander Machniak 9556f34d75 Load password.js only when needed 11 years ago
Thomas Bruederli cf46aefd9d Make password plugin use the new 'settings_actions' hook to register its link in the settings navigation 11 years ago
Thomas Bruederli 07c6c69eca Make all bundled plugins the same license as Roundcube itself, which is GPLv3+ 12 years ago
Steffen185 859a7a117a Fixed wrong copy-paste 12 years ago
Steffen185 b343adf3cb Use new config option "password_force_save" 12 years ago
Steffen185 6f7eafce18 Save new password even if it has not changed
I have recently changed the password scheme of my Dovecot/Postfix/Roundcube installation. New passwords are encrypted stronger than before. It is not possible to automatically update existing passwords (because the old encryption is not so bad that I can easily crack it). But I'd like to tell my users that they can upgrade to the new password scheme by simply submitting the "change password" form with their old password in all three input fields. Currently a minor optimization prevents this. I think this minor optimization should be removed.
12 years ago
Aleksander Machniak 61be822d62 Remove deprecated functions (from bc.php file) usage in plugins 12 years ago
Aleksander Machniak 789e5988aa Clarify rcube::get_user_name() usage, add rcube::get_user_email() 12 years ago