From d48fd37bef3a975e78948e7555fad489eedbf9c6 Mon Sep 17 00:00:00 2001
From: Uma <uma.s@vtiger.com>
Date: Tue, 24 Nov 2020 12:52:38 +0530
Subject: [PATCH] Password regex for validation has been centralized
---
config_override.php | 5 ++++-
include/Webservices/Custom/ChangePassword.php | 4 +++-
includes/runtime/Configs.php | 15 +++++++++++++++
layouts/v7/modules/Install/Step4.tpl | 1 +
layouts/v7/modules/Users/DetailViewBlockView.tpl | 1 +
layouts/v7/modules/Users/EditView.tpl | 1 +
layouts/v7/modules/Users/ListViewHeader.tpl | 1 +
layouts/v7/modules/Vtiger/resources/Utils.js | 10 +++++++---
modules/Install/views/Index.php | 4 ++++
modules/Users/views/List.php | 4 ++++
modules/Users/views/PreferenceDetail.php | 3 +++
modules/Users/views/PreferenceEdit.php | 6 +++++-
12 files changed, 49 insertions(+), 6 deletions(-)
diff --git a/config_override.php b/config_override.php
index 458b5a665..d85886167 100644
--- a/config_override.php
+++ b/config_override.php
@@ -17,4 +17,7 @@ $max_mailboxes = 3;
* This can be customized using runtime connector hook and avoid core file modifications.
* array('session' => 'Vtiger_CustomSession_Handler')
*/
-$runtime_connectors = array();
\ No newline at end of file
+$runtime_connectors = array();
+
+//Password Regex for validation
+$password_regex = '^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})';
\ No newline at end of file
diff --git a/include/Webservices/Custom/ChangePassword.php b/include/Webservices/Custom/ChangePassword.php
index eba0cb9c8..2d37e9b01 100644
--- a/include/Webservices/Custom/ChangePassword.php
+++ b/include/Webservices/Custom/ChangePassword.php
@@ -75,7 +75,9 @@ function vtws_changePassword($id, $oldPassword, $newPassword, $confirmPassword,
}
function isPasswordStrong($new_password){
- if (preg_match('/^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})/i', $new_password) == 1) {
+ $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+ $password_regex = $runtime_configs->get('password_regex');
+ if (preg_match('/'.$password_regex.'/i', $new_password) == 1) {
return true;
}
return false;
diff --git a/includes/runtime/Configs.php b/includes/runtime/Configs.php
index 6c7e44613..4ab97f209 100644
--- a/includes/runtime/Configs.php
+++ b/includes/runtime/Configs.php
@@ -41,4 +41,19 @@
return $connector;
}
+
+ /**
+ * Function to fetch the value for given key
+ */
+ public function get($key, $default = '') {
+ $value = '';
+ if(isset($GLOBALS[$key])) {
+ $value = $GLOBALS[$key];
+ }
+
+ if(empty($value) && !empty($default)) {
+ $value = $default;
+ }
+ return $value;
+ }
}
\ No newline at end of file
diff --git a/layouts/v7/modules/Install/Step4.tpl b/layouts/v7/modules/Install/Step4.tpl
index f358877d7..63a659f15 100644
--- a/layouts/v7/modules/Install/Step4.tpl
+++ b/layouts/v7/modules/Install/Step4.tpl
@@ -28,6 +28,7 @@
<div class="row hide" id="errorMessage"></div>
<div class="row">
<div class="col-sm-6">
+ <input type='hidden' name='pwd_regex' value= {ZEND_json::encode($PWD_REGEX)} />
<table class="config-table input-table">
<thead>
<tr><th colspan="2">{vtranslate('LBL_DATABASE_INFORMATION', 'Install')}</th></tr>
diff --git a/layouts/v7/modules/Users/DetailViewBlockView.tpl b/layouts/v7/modules/Users/DetailViewBlockView.tpl
index 33ba6ff00..18f2528e9 100644
--- a/layouts/v7/modules/Users/DetailViewBlockView.tpl
+++ b/layouts/v7/modules/Users/DetailViewBlockView.tpl
@@ -9,6 +9,7 @@
{strip}
<input type=hidden name="timeFormatOptions" data-value='{$DAY_STARTS}' />
+ <input type='hidden' name='pwd_regex' value= {ZEND_json::encode($PWD_REGEX)} />
{foreach key=BLOCK_LABEL_KEY item=FIELD_MODEL_LIST from=$RECORD_STRUCTURE}
{if $BLOCK_LABEL_KEY neq 'LBL_CALENDAR_SETTINGS'}
{assign var=BLOCK value=$BLOCK_LIST[$BLOCK_LABEL_KEY]}
diff --git a/layouts/v7/modules/Users/EditView.tpl b/layouts/v7/modules/Users/EditView.tpl
index 244ea2a65..a8126d8ea 100644
--- a/layouts/v7/modules/Users/EditView.tpl
+++ b/layouts/v7/modules/Users/EditView.tpl
@@ -40,6 +40,7 @@
<input type="hidden" name="defaultCallDuration" value="{$USER_MODEL->get('callduration')}" />
<input type="hidden" name="defaultOtherEventDuration" value="{$USER_MODEL->get('othereventduration')}" />
<input type="hidden" name="isPreference" value="{$IS_PREFERENCE}" />
+ <input type='hidden' name='pwd_regex' value= {ZEND_json::encode($PWD_REGEX)} />
{if $IS_RELATION_OPERATION }
<input type="hidden" name="sourceModule" value="{$SOURCE_MODULE}" />
<input type="hidden" name="sourceRecord" value="{$SOURCE_RECORD}" />
diff --git a/layouts/v7/modules/Users/ListViewHeader.tpl b/layouts/v7/modules/Users/ListViewHeader.tpl
index 0bf4e1c24..719ec63c4 100644
--- a/layouts/v7/modules/Users/ListViewHeader.tpl
+++ b/layouts/v7/modules/Users/ListViewHeader.tpl
@@ -10,6 +10,7 @@
{strip}
<div class="listViewPageDiv" id="listViewContent">
<div class="col-sm-12 col-xs-12 full-height">
+ <input type='hidden' name='pwd_regex' value= {ZEND_json::encode($PWD_REGEX)} />
<div id="listview-actions" class="listview-actions-container">
<div class = "row">
<div class="btn-group col-md-2"></div>
diff --git a/layouts/v7/modules/Vtiger/resources/Utils.js b/layouts/v7/modules/Vtiger/resources/Utils.js
index 4dc32a3cf..26cae5e2d 100644
--- a/layouts/v7/modules/Vtiger/resources/Utils.js
+++ b/layouts/v7/modules/Vtiger/resources/Utils.js
@@ -401,8 +401,12 @@ var vtUtils = {
* (?=.*[!@#\$%\^&\*]) The string must contain at least one special character, but we are escaping reserved RegEx characters to avoid conflict
* (?=.{8,}) The string must be eight characters or longer
*/
- var strongPasswordRegex = new RegExp("^(?=.*[a-z])(?=.*[A-Z])(?=.*[0-9])(?=.*[!@#\$%\^&\*])(?=.{8,})");
- var isStrong = strongPasswordRegex.test(password)? true : false;
- return isStrong;
+ var password_regex = jQuery('[name="pwd_regex"]').val();
+ if((typeof password_regex != 'undefined') && (password_regex != '')){
+ var strongPasswordRegex = new RegExp(password_regex);
+ var isStrong = strongPasswordRegex.test(password)? true : false;
+ return isStrong;
+ }
+ return false;
},
}
diff --git a/modules/Install/views/Index.php b/modules/Install/views/Index.php
index 54a29e5f4..59276d24b 100644
--- a/modules/Install/views/Index.php
+++ b/modules/Install/views/Index.php
@@ -111,6 +111,10 @@ class Install_Index_view extends Vtiger_View_Controller {
$viewer->assign('ADMIN_LASTNAME', $defaultParameters['admin_lastname']);
$viewer->assign('ADMIN_PASSWORD', $defaultParameters['admin_password']);
$viewer->assign('ADMIN_EMAIL', $defaultParameters['admin_email']);
+
+ $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+ $password_regex = $runtime_configs->get('password_regex');
+ $viewer->assign('PWD_REGEX', $password_regex);
$viewer->view('Step4.tpl', $moduleName);
}
diff --git a/modules/Users/views/List.php b/modules/Users/views/List.php
index 40bff8e22..122a8ea86 100644
--- a/modules/Users/views/List.php
+++ b/modules/Users/views/List.php
@@ -167,6 +167,10 @@ class Users_List_View extends Settings_Vtiger_List_View {
$viewer->assign('USER_MODEL', Users_Record_Model::getCurrentUserModel());
$viewer->assign('SEARCH_VALUE', $searchValue);
$viewer->assign('SEARCH_DETAILS', $searchParams);
+
+ $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+ $password_regex = $runtime_configs->get('password_regex');
+ $viewer->assign('PWD_REGEX', $password_regex);
}
/**
diff --git a/modules/Users/views/PreferenceDetail.php b/modules/Users/views/PreferenceDetail.php
index 154544d3f..49e6be3cf 100644
--- a/modules/Users/views/PreferenceDetail.php
+++ b/modules/Users/views/PreferenceDetail.php
@@ -172,6 +172,9 @@ class Users_PreferenceDetail_View extends Vtiger_Detail_View {
$viewer->assign("DAY_STARTS", Zend_Json::encode($dayStartPicklistValues));
$viewer->assign('IMAGE_DETAILS', $recordModel->getImageDetails());
+ $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+ $password_regex = $runtime_configs->get('password_regex');
+ $viewer->assign('PWD_REGEX', $password_regex);
return parent::process($request);
}
diff --git a/modules/Users/views/PreferenceEdit.php b/modules/Users/views/PreferenceEdit.php
index cc1e40326..1ad9ebbba 100644
--- a/modules/Users/views/PreferenceEdit.php
+++ b/modules/Users/views/PreferenceEdit.php
@@ -121,7 +121,7 @@ Class Users_PreferenceEdit_View extends Vtiger_Edit_View {
$fieldsInfo[$fieldName] = $fieldModel->getFieldInfo();
}
$viewer->assign('FIELDS_INFO', json_encode($fieldsInfo));
-
+
if($display) {
$this->preProcessDisplay($request);
}
@@ -150,6 +150,10 @@ Class Users_PreferenceEdit_View extends Vtiger_Edit_View {
$viewer->assign("DAY_STARTS", Zend_Json::encode($dayStartPicklistValues));
$viewer->assign('TAG_CLOUD', $recordModel->getTagCloudStatus());
$viewer->assign('USER_MODEL', Users_Record_Model::getCurrentUserModel());
+
+ $runtime_configs = Vtiger_Runtime_Configs::getInstance();
+ $password_regex = $runtime_configs->get('password_regex');
+ $viewer->assign('PWD_REGEX', $password_regex);
parent::process($request);
}
--
GitLab