mirror of https://github.com/MISP/MISP
new: Password complexity defaults tightened, also passowrd requirements shown to users, fixes #2117
iglocska
parent
8acd4a783d
commit
77ef188457
|
|
@ -93,6 +93,9 @@ class UsersController extends AppController {
|
|||
$this->User->set('password', '');
|
||||
$this->request->data = $this->User->data;
|
||||
}
|
||||
$this->loadModel('Server');
|
||||
$this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']);
|
||||
$this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']);
|
||||
$roles = $this->User->Role->find('list');
|
||||
$this->set(compact('roles'));
|
||||
$this->set('id', $id);
|
||||
|
|
@ -115,6 +118,9 @@ class UsersController extends AppController {
|
|||
$this->Session->setFlash(__('The password could not be updated. Please, try again.'));
|
||||
}
|
||||
} else {
|
||||
$this->loadModel('Server');
|
||||
$this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']);
|
||||
$this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']);
|
||||
$this->User->recursive = 0;
|
||||
$this->User->read(null, $id);
|
||||
$this->User->set('password', '');
|
||||
|
|
@ -439,7 +445,9 @@ class UsersController extends AppController {
|
|||
));
|
||||
$this->set('orgs', $orgs);
|
||||
// generate auth key for a new user
|
||||
$this->loadModel('Server');
|
||||
$this->loadModel('Server');
|
||||
$this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']);
|
||||
$this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']);
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) $conditions['Server.org_id LIKE'] = $this->Auth->user('org_id');
|
||||
$temp = $this->Server->find('all', array('conditions' => $conditions, 'recursive' => -1, 'fields' => array('id', 'name', 'url')));
|
||||
|
|
@ -618,6 +626,8 @@ class UsersController extends AppController {
|
|||
$orgs = array();
|
||||
}
|
||||
$this->loadModel('Server');
|
||||
$this->set('complexity', !empty(Configure::read('Security.password_policy_complexity')) ? Configure::read('Security.password_policy_complexity') : $this->Server->serverSettings['Security']['password_policy_complexity']['value']);
|
||||
$this->set('length', !empty(Configure::read('Security.password_policy_length')) ? Configure::read('Security.password_policy_length') : $this->Server->serverSettings['Security']['password_policy_length']['value']);
|
||||
$conditions = array();
|
||||
if (!$this->_isSiteAdmin()) $conditions['Server.org_id LIKE'] = $this->Auth->user('org_id');
|
||||
$temp = $this->Server->find('all', array('conditions' => $conditions, 'recursive' => -1, 'fields' => array('id', 'name', 'url')));
|
||||
|
|
|
|||
|
|
@ -885,8 +885,8 @@ class Server extends AppModel {
|
|||
),
|
||||
'password_policy_length' => array(
|
||||
'level' => 2,
|
||||
'description' => 'Password length requirement. If it is not set or it is set to 0, then the default value is assumed (6).',
|
||||
'value' => '',
|
||||
'description' => 'Password length requirement. If it is not set or it is set to 0, then the default value is assumed (12).',
|
||||
'value' => '12',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testPasswordLength',
|
||||
'type' => 'numeric',
|
||||
|
|
@ -894,7 +894,7 @@ class Server extends AppModel {
|
|||
'password_policy_complexity' => array(
|
||||
'level' => 2,
|
||||
'description' => 'Password complexity requirement. Leave it empty for the default setting (3 out of 4, with either a digit or a special char) or enter your own regex. Keep in mind that the length is checked in another key. Default (simple 3 out of 4 or minimum 16 characters): /^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/',
|
||||
'value' => '',
|
||||
'value' => '/^((?=.*\d)|(?=.*\W+))(?![\n])(?=.*[A-Z])(?=.*[a-z]).*$|.{16,}/',
|
||||
'errorMessage' => '',
|
||||
'test' => 'testPasswordRegex',
|
||||
'type' => 'string',
|
||||
|
|
|
|||
|
|
@ -350,7 +350,7 @@ App::uses('RandomTool', 'Tools');
|
|||
|
||||
public function passwordLength($check) {
|
||||
$length = Configure::read('Security.password_policy_length');
|
||||
if (empty($length) || $length < 0) $length = 6;
|
||||
if (empty($length) || $length < 0) $length = 12;
|
||||
$value = array_values($check);
|
||||
$value = $value[0];
|
||||
if (strlen($value) < $length) return false;
|
||||
|
|
@ -637,7 +637,6 @@ App::uses('RandomTool', 'Tools');
|
|||
$conditions['AND']['OR'][] = array('role_id' => $roleIDs);
|
||||
}
|
||||
$conditions['AND'][] = $userConditions;
|
||||
|
||||
$users = $this->find('all', array(
|
||||
'conditions' => $conditions,
|
||||
'recursive' => -1,
|
||||
|
|
|
|||
|
|
@ -34,7 +34,11 @@
|
|||
<div id="PasswordDiv">
|
||||
<div class="clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('password');
|
||||
$passwordPopover = '<span class=\"blue bold\">Length</span>: ' . h($length) . '<br />';
|
||||
$passwordPopover .= '<span class=\"blue bold\">Complexity</span>: ' . h($complexity);
|
||||
echo $this->Form->input('password', array(
|
||||
'label' => 'Password <span id = "PasswordPopover" class="icon-info-sign" ></span>'
|
||||
));
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
?>
|
||||
</div>
|
||||
|
|
@ -99,5 +103,11 @@ $(document).ready(function() {
|
|||
$('#UserExternalAuthRequired').change(function() {
|
||||
checkUserExternalAuth();
|
||||
});
|
||||
$('#PasswordPopover').popover("destroy").popover({
|
||||
placement: 'right',
|
||||
html: 'true',
|
||||
trigger: 'hover',
|
||||
content: '<?php echo $passwordPopover; ?>'
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -34,7 +34,11 @@
|
|||
<div id="PasswordDiv">
|
||||
<div class="clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('password');
|
||||
$passwordPopover = '<span class=\"blue bold\">Length</span>: ' . h($length) . '<br />';
|
||||
$passwordPopover .= '<span class=\"blue bold\">Complexity</span>: ' . h($complexity);
|
||||
echo $this->Form->input('password', array(
|
||||
'label' => 'Password <span id = "PasswordPopover" class="icon-info-sign" ></span>'
|
||||
));
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
?>
|
||||
</div>
|
||||
|
|
@ -84,19 +88,25 @@ echo $this->Form->end();?>
|
|||
?>
|
||||
|
||||
<script type="text/javascript">
|
||||
var syncRoles = <?php echo json_encode($syncRoles); ?>;
|
||||
$(document).ready(function() {
|
||||
syncUserSelected();
|
||||
$('#UserRoleId').change(function() {
|
||||
var syncRoles = <?php echo json_encode($syncRoles); ?>;
|
||||
$(document).ready(function() {
|
||||
syncUserSelected();
|
||||
});
|
||||
checkUserPasswordEnabled();
|
||||
checkUserExternalAuth();
|
||||
$('#UserEnablePassword').change(function() {
|
||||
$('#UserRoleId').change(function() {
|
||||
syncUserSelected();
|
||||
});
|
||||
checkUserPasswordEnabled();
|
||||
});
|
||||
$('#UserExternalAuthRequired').change(function() {
|
||||
checkUserExternalAuth();
|
||||
$('#UserEnablePassword').change(function() {
|
||||
checkUserPasswordEnabled();
|
||||
});
|
||||
$('#UserExternalAuthRequired').change(function() {
|
||||
checkUserExternalAuth();
|
||||
});
|
||||
$('#PasswordPopover').popover("destroy").popover({
|
||||
placement: 'right',
|
||||
html: 'true',
|
||||
trigger: 'hover',
|
||||
content: '<?php echo $passwordPopover; ?>'
|
||||
});
|
||||
});
|
||||
});
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -7,7 +7,11 @@
|
|||
?>
|
||||
<div class="input clear"></div>
|
||||
<?php
|
||||
echo $this->Form->input('password');
|
||||
$passwordPopover = '<span class=\"blue bold\">Length</span>: ' . h($length) . '<br />';
|
||||
$passwordPopover .= '<span class=\"blue bold\">Complexity</span>: ' . h($complexity);
|
||||
echo $this->Form->input('password', array(
|
||||
'label' => 'Password <span id = "PasswordPopover" class="icon-info-sign" ></span>'
|
||||
));
|
||||
echo $this->Form->input('confirm_password', array('type' => 'password', 'div' => array('class' => 'input password required')));
|
||||
?>
|
||||
<div class="input clear"></div>
|
||||
|
|
@ -32,3 +36,14 @@ echo $this->Form->end();?>
|
|||
$user['User']['id'] = $id;
|
||||
echo $this->element('side_menu', array('menuList' => 'globalActions', 'menuItem' => 'edit', 'user' => $user));
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
$(document).ready(function() {
|
||||
$('#PasswordPopover').popover("destroy").popover({
|
||||
placement: 'right',
|
||||
html: 'true',
|
||||
trigger: 'hover',
|
||||
content: '<?php echo $passwordPopover; ?>'
|
||||
});
|
||||
});
|
||||
</script>
|
||||
<?php echo $this->Js->writeBuffer();
|
||||
|
|
|
|||
|
|
@ -1701,6 +1701,10 @@ table.table.table-striped tr.deleted_row td {
|
|||
overflow-x: hidden;
|
||||
}
|
||||
|
||||
.popover {
|
||||
max-width:100%;
|
||||
}
|
||||
|
||||
@-webkit-keyframes rotation {
|
||||
from {-webkit-transform: rotate(0deg);}
|
||||
to {-webkit-transform: rotate(359deg);}
|
||||
|
|
|
|||
|
|
@ -801,7 +801,6 @@ function submitPopoverForm(context_id, referer, update_context_id) {
|
|||
closePopover = false;
|
||||
break;
|
||||
}
|
||||
|
||||
if (url !== null) {
|
||||
$.ajax({
|
||||
beforeSend: function (XMLHttpRequest) {
|
||||
|
|
@ -2312,7 +2311,6 @@ function serverRuleUpdate() {
|
|||
});
|
||||
}
|
||||
statusOptions.forEach(function(status) {
|
||||
console.log();
|
||||
if (rules[type][field][status].length > 0) {
|
||||
$('#' + type + '_' + field + '_' + status).show();
|
||||
var t = '';
|
||||
|
|
@ -2934,3 +2932,10 @@ function submitMISPUpdate() {
|
|||
url:"/servers/update",
|
||||
});
|
||||
}
|
||||
|
||||
(function(){
|
||||
"use strict";
|
||||
$(".datepicker").datepicker({
|
||||
format: 'yyyy-mm-dd',
|
||||
});
|
||||
}());
|
||||
|
|
|
|||
Loading…
Reference in New Issue