Skip to content

Password policy validation fail for new users #22028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
MoonISO wants to merge 2 commits into from
Closed

Password policy validation fail for new users #22028

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
94e54e5
Ensure password_policy; create new GenerateSecurePasswordEvent; dispa…
MoonISO Jul 28, 2020
a25e4e7
$passpword use direct assignment instaed of appending; check if $pass…
MoonISO Jul 28, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 39 additions & 4 deletions apps/provisioning_api/lib/Controller/UsersController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,11 @@
use OCP\L10N\IFactory;
use OCP\Security\ISecureRandom;

use OCP\Security\Events\GenerateSecurePasswordEvent;
use OCP\EventDispatcher\Event;
use OCP\EventDispatcher\IEventDispatcher;
use Symfony\Component\EventDispatcher\GenericEvent;

class UsersController extends AUserData {

/** @var IAppManager */
Expand All @@ -77,6 +82,25 @@ class UsersController extends AUserData {
/** @var RemoteWipe */
private $remoteWipe;

private $eventDispatcher;

/**
* @param string $appName
* @param IRequest $request
* @param IUserManager $userManager
* @param IConfig $config
* @param IAppManager $appManager
* @param IGroupManager $groupManager
* @param IUserSession $userSession
* @param AccountManager $accountManager
* @param ILogger $logger
* @param IFactory $l10nFactory
* @param NewUserMailHelper $newUserMailHelper
* @param FederatedFileSharingFactory $federatedFileSharingFactory
* @param ISecureRandom $secureRandom
* @param RemoteWipe $remoteWipe
* @param IEventDispatcher $eventDispatcher
*/
public function __construct(string $appName,
IRequest $request,
IUserManager $userManager,
Expand All @@ -90,7 +114,8 @@ public function __construct(string $appName,
NewUserMailHelper $newUserMailHelper,
FederatedShareProviderFactory $federatedShareProviderFactory,
ISecureRandom $secureRandom,
RemoteWipe $remoteWipe) {
RemoteWipe $remoteWipe,
IEventDispatcher $eventDispatcher) {
parent::__construct($appName,
$request,
$userManager,
Expand All @@ -107,6 +132,7 @@ public function __construct(string $appName,
$this->federatedShareProviderFactory = $federatedShareProviderFactory;
$this->secureRandom = $secureRandom;
$this->remoteWipe = $remoteWipe;
$this->eventDispatcher = $eventDispatcher;
}

/**
Expand Down Expand Up @@ -286,9 +312,18 @@ public function addUser(string $userid,
throw new OCSException('To send a password link to the user an email address is required.', 108);
}

$password = $this->secureRandom->generate(10);
// Make sure we pass the password_policy
$password .= $this->secureRandom->generate(2, '$!.,;:-~+*[]{}()');
$passwordEvent = new GenerateSecurePasswordEvent();
$this->eventDispatcher->dispatchTyped($passwordEvent);
$passwordEvent->getPassword();
$password = $passwordEvent->getPassword();
if($password === null){
// Fallback: ensure to pass password_policy in any case
$password = $this->secureRandom->generate(10);
$password .= $this->secureRandom->generate(1, ISecureRandom::CHAR_UPPER);
$password .= $this->secureRandom->generate(1, ISecureRandom::CHAR_LOWER);
$password .= $this->secureRandom->generate(1, ISecureRandom::CHAR_DIGITS);
$password .= $this->secureRandom->generate(1, ISecureRandom::CHAR_SYMBOLS);
}
$generatePasswordResetToken = true;
}

Expand Down