diff --git a/app/models/setting.rb b/app/models/setting.rb index b5c8ca2e5..384b6e866 100644 --- a/app/models/setting.rb +++ b/app/models/setting.rb @@ -19,6 +19,13 @@ class Setting < ActiveRecord::Base + PASSWORD_CHAR_CLASSES = { + 'uppercase' => /[A-Z]/, + 'lowercase' => /[a-z]/, + 'digits' => /[0-9]/, + 'special_chars' => /[[:ascii:]&&[:graph:]&&[:^alnum:]]/ + } + DATE_FORMATS = [ '%Y-%m-%d', '%d/%m/%Y', diff --git a/app/models/user.rb b/app/models/user.rb index 9003b253f..d123f6ed8 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -112,6 +112,9 @@ class User < Principal validates_length_of :firstname, :lastname, :maximum => 30 validates_length_of :identity_url, maximum: 255 validates_inclusion_of :mail_notification, :in => MAIL_NOTIFICATION_OPTIONS.collect(&:first), :allow_blank => true + Setting::PASSWORD_CHAR_CLASSES.each do |k, v| + validates_format_of :password, :with => v, :message => :"must_include_#{k}", :allow_blank => true, :if => Proc.new { Setting.password_required_char_classes.include?(k) } + end validate :validate_password_length validate do if password_confirmation && password != password_confirmation @@ -366,10 +369,24 @@ class User < Principal # Generate and set a random password on given length def random_password(length=40) - chars = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a - chars -= %w(0 O 1 l) + chars_list = [ + ('A'..'Z').to_a, + ('a'..'z').to_a, + ('0'..'9').to_a, + ] + if Setting.password_required_char_classes.include?('special_chars') + chars_list << ("\x20".."\x7e").to_a.select {|c| c =~ Setting::PASSWORD_CHAR_CLASSES['special_chars']} + end + chars_list.each {|v| v.reject! {|c| %(0O1l|'"`*).include?(c)}} + password = +'' - length.times {|i| password << chars[SecureRandom.random_number(chars.size)] } + chars_list.each do |chars| + password << chars[SecureRandom.random_number(chars.size)] + length -= 1 + end + chars = chars_list.flatten + length.times { password << chars[SecureRandom.random_number(chars.size)] } + password = password.split('').shuffle(random: SecureRandom).join self.password = password self.password_confirmation = password self diff --git a/app/views/account/password_recovery.html.erb b/app/views/account/password_recovery.html.erb index 24da8223b..9eeea3119 100644 --- a/app/views/account/password_recovery.html.erb +++ b/app/views/account/password_recovery.html.erb @@ -9,6 +9,9 @@ <%= password_field_tag 'new_password', nil, :size => 25 %> <%= l(:text_caracters_minimum, :count => Setting.password_min_length) %> + <% if Setting.password_required_char_classes.any? %> + <%= l(:text_characters_must_include, :character_classes => Setting.password_required_char_classes.collect{|c| l("label_password_char_class_#{c}")}.join(", ")) %> + <% end %>
diff --git a/app/views/account/register.html.erb b/app/views/account/register.html.erb index ade00adfc..770b94cd7 100644 --- a/app/views/account/register.html.erb +++ b/app/views/account/register.html.erb @@ -8,8 +8,11 @@
<%= f.text_field :login, :size => 25, :required => true %>
<%= f.password_field :password, :size => 25, :required => true %> - <%= l(:text_caracters_minimum, :count => Setting.password_min_length) %>
- + <%= l(:text_caracters_minimum, :count => Setting.password_min_length) %> + <% if Setting.password_required_char_classes.any? %> + <%= l(:text_characters_must_include, :character_classes => Setting.password_required_char_classes.collect{|c| l("label_password_char_class_#{c}")}.join(", ")) %> + <% end %> +<%= f.password_field :password_confirmation, :size => 25, :required => true %>
<% end %> diff --git a/app/views/my/password.html.erb b/app/views/my/password.html.erb index 7a411e51a..2771ce5fc 100644 --- a/app/views/my/password.html.erb +++ b/app/views/my/password.html.erb @@ -9,7 +9,11 @@<%= password_field_tag 'new_password', nil, :size => 25 %> -<%= l(:text_caracters_minimum, :count => Setting.password_min_length) %>
+ <%= l(:text_caracters_minimum, :count => Setting.password_min_length) %> + <% if Setting.password_required_char_classes.any? %> + <%= l(:text_characters_must_include, :character_classes => Setting.password_required_char_classes.collect{|c| l("label_password_char_class_#{c}")}.join(", ")) %> + <% end %> +<%= password_field_tag 'new_password_confirmation', nil, :size => 25 %>
diff --git a/app/views/settings/_authentication.html.erb b/app/views/settings/_authentication.html.erb index 4bf890d3f..9a39497b8 100644 --- a/app/views/settings/_authentication.html.erb +++ b/app/views/settings/_authentication.html.erb @@ -20,6 +20,8 @@<%= setting_text_field :password_min_length, :size => 6 %>
+<%= setting_multiselect :password_required_char_classes, Setting::PASSWORD_CHAR_CLASSES.keys.collect {|c| [l("label_password_char_class_#{c}"), c]} , :inline => true %>
+<%= setting_select :password_max_age, [[l(:label_disabled), 0]] + [7, 30, 60, 90, 180, 365].collect{|days| [l('datetime.distance_in_words.x_days', :count => days), days.to_s]} %>
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb index ce5b1f6c7..8d245d707 100644 --- a/app/views/users/_form.html.erb +++ b/app/views/users/_form.html.erb @@ -31,8 +31,13 @@<%= f.select :auth_source_id, ([[l(:label_internal), ""]] + @auth_sources.collect { |a| [a.name, a.id] }), {}, :onchange => "if (this.value=='') {$('#password_fields').show();} else {$('#password_fields').hide();}" %>
<% end %>