Append special characters password policy (#2130)

5 years ago · 71ba189edc
parent b924b96176
commit 71ba189edc
29 changed files with 272 additions and 208 deletions
--- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
+++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm
@ -224,7 +224,7 @@ sub defaultValues {
        'passwordPolicyMinSpeChar'            => 0,
        'passwordPolicyMinUpper'              => 0,
        'passwordPolicySpecialChar' =>
-          '! @ # $ % & * ( ) - _ = + [ ] { } ; : , . / ?',
+          '! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
        'passwordResetAllowedRetries' => 3,
        'persistentSessionAttributes' =>
          '_loginHistory _2fDevices notification_',
--- a/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
+++ b/lemonldap-ng-handler/lib/Lemonldap/NG/Handler/Lib/StatusConstants.pm
@ -8,101 +8,103 @@ our $VERSION = '2.0.8';

 sub portalConsts {
    return {
-        '-1' => 'PE_DONE',
-        '-2' => 'PE_REDIRECT',
-        '-3' => 'PE_INFO',
-        '-4' => 'PE_SENDRESPONSE',
-        '-5' => 'PE_IDPCHOICE',
-        '0'  => 'PE_OK',
-        '1'  => 'PE_SESSIONEXPIRED',
-        '10' => 'PE_BADCERTIFICATE',
-        '2'  => 'PE_FORMEMPTY',
-        '21' => 'PE_PP_ACCOUNT_LOCKED',
-        '22' => 'PE_PP_PASSWORD_EXPIRED',
-        '23' => 'PE_CERTIFICATEREQUIRED',
-        '24' => 'PE_ERROR',
-        '25' => 'PE_PP_CHANGE_AFTER_RESET',
-        '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
-        '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
-        '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
-        '29' => 'PE_PP_PASSWORD_TOO_SHORT',
-        '3'  => 'PE_WRONGMANAGERACCOUNT',
-        '30' => 'PE_PP_PASSWORD_TOO_YOUNG',
-        '31' => 'PE_PP_PASSWORD_IN_HISTORY',
-        '32' => 'PE_PP_GRACE',
-        '33' => 'PE_PP_EXP_WARNING',
-        '34' => 'PE_PASSWORD_MISMATCH',
-        '35' => 'PE_PASSWORD_OK',
-        '36' => 'PE_NOTIFICATION',
-        '37' => 'PE_BADURL',
-        '38' => 'PE_NOSCHEME',
-        '39' => 'PE_BADOLDPASSWORD',
-        '4'  => 'PE_USERNOTFOUND',
-        '40' => 'PE_MALFORMEDUSER',
-        '41' => 'PE_SESSIONNOTGRANTED',
-        '42' => 'PE_CONFIRM',
-        '43' => 'PE_MAILFORMEMPTY',
-        '44' => 'PE_BADMAILTOKEN',
-        '45' => 'PE_MAILERROR',
-        '46' => 'PE_MAILOK',
-        '47' => 'PE_LOGOUT_OK',
-        '48' => 'PE_SAML_ERROR',
-        '49' => 'PE_SAML_LOAD_SERVICE_ERROR',
-        '5'  => 'PE_BADCREDENTIALS',
-        '50' => 'PE_SAML_LOAD_IDP_ERROR',
-        '51' => 'PE_SAML_SSO_ERROR',
-        '52' => 'PE_SAML_UNKNOWN_ENTITY',
-        '53' => 'PE_SAML_DESTINATION_ERROR',
-        '54' => 'PE_SAML_CONDITIONS_ERROR',
-        '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
-        '56' => 'PE_SAML_SLO_ERROR',
-        '57' => 'PE_SAML_SIGNATURE_ERROR',
-        '58' => 'PE_SAML_ART_ERROR',
-        '59' => 'PE_SAML_SESSION_ERROR',
-        '6'  => 'PE_LDAPCONNECTFAILED',
-        '60' => 'PE_SAML_LOAD_SP_ERROR',
-        '61' => 'PE_SAML_ATTR_ERROR',
-        '62' => 'PE_OPENID_EMPTY',
-        '63' => 'PE_OPENID_BADID',
-        '64' => 'PE_MISSINGREQATTR',
-        '65' => 'PE_BADPARTNER',
-        '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT',
-        '67' => 'PE_PASSWORDFORMEMPTY',
-        '68' => 'PE_CAS_SERVICE_NOT_ALLOWED',
-        '69' => 'PE_MAILFIRSTACCESS',
-        '7'  => 'PE_LDAPERROR',
-        '70' => 'PE_MAILNOTFOUND',
-        '71' => 'PE_PASSWORDFIRSTACCESS',
-        '72' => 'PE_MAILCONFIRMOK',
-        '73' => 'PE_RADIUSCONNECTFAILED',
-        '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD',
-        '75' => 'PE_FORBIDDENIP',
-        '76' => 'PE_CAPTCHAERROR',
-        '77' => 'PE_CAPTCHAEMPTY',
-        '78' => 'PE_REGISTERFIRSTACCESS',
-        '79' => 'PE_REGISTERFORMEMPTY',
-        '8'  => 'PE_APACHESESSIONERROR',
-        '80' => 'PE_REGISTERALREADYEXISTS',
-        '81' => 'PE_NOTOKEN',
-        '82' => 'PE_TOKENEXPIRED',
-        '83' => 'PE_U2FFAILED',
-        '84' => 'PE_UNAUTHORIZEDPARTNER',
-        '85' => 'PE_RENEWSESSION',
-        '86' => 'PE_WAIT',
-        '87' => 'PE_MUSTAUTHN',
-        '88' => 'PE_MUSTHAVEMAIL',
-        '89' => 'PE_SAML_SERVICE_NOT_ALLOWED',
-        '9'  => 'PE_FIRSTACCESS',
-        '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED',
-        '91' => 'PE_OID_SERVICE_NOT_ALLOWED',
-        '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
-        '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
-        '94' => 'PE_ISSUERMISSINGREQATTR',
-        '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
-        '96' => 'PE_BADOTP',
-        '97' => 'PE_RESETCERTIFICATE_INVALID',
-        '98' => 'PE_RESETCERTIFICATE_FORMEMPTY',
-        '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
+        '-1'  => 'PE_DONE',
+        '-2'  => 'PE_REDIRECT',
+        '-3'  => 'PE_INFO',
+        '-4'  => 'PE_SENDRESPONSE',
+        '-5'  => 'PE_IDPCHOICE',
+        '0'   => 'PE_OK',
+        '1'   => 'PE_SESSIONEXPIRED',
+        '10'  => 'PE_BADCERTIFICATE',
+        '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
+        '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
+        '2'   => 'PE_FORMEMPTY',
+        '21'  => 'PE_PP_ACCOUNT_LOCKED',
+        '22'  => 'PE_PP_PASSWORD_EXPIRED',
+        '23'  => 'PE_CERTIFICATEREQUIRED',
+        '24'  => 'PE_ERROR',
+        '25'  => 'PE_PP_CHANGE_AFTER_RESET',
+        '26'  => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
+        '27'  => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
+        '28'  => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
+        '29'  => 'PE_PP_PASSWORD_TOO_SHORT',
+        '3'   => 'PE_WRONGMANAGERACCOUNT',
+        '30'  => 'PE_PP_PASSWORD_TOO_YOUNG',
+        '31'  => 'PE_PP_PASSWORD_IN_HISTORY',
+        '32'  => 'PE_PP_GRACE',
+        '33'  => 'PE_PP_EXP_WARNING',
+        '34'  => 'PE_PASSWORD_MISMATCH',
+        '35'  => 'PE_PASSWORD_OK',
+        '36'  => 'PE_NOTIFICATION',
+        '37'  => 'PE_BADURL',
+        '38'  => 'PE_NOSCHEME',
+        '39'  => 'PE_BADOLDPASSWORD',
+        '4'   => 'PE_USERNOTFOUND',
+        '40'  => 'PE_MALFORMEDUSER',
+        '41'  => 'PE_SESSIONNOTGRANTED',
+        '42'  => 'PE_CONFIRM',
+        '43'  => 'PE_MAILFORMEMPTY',
+        '44'  => 'PE_BADMAILTOKEN',
+        '45'  => 'PE_MAILERROR',
+        '46'  => 'PE_MAILOK',
+        '47'  => 'PE_LOGOUT_OK',
+        '48'  => 'PE_SAML_ERROR',
+        '49'  => 'PE_SAML_LOAD_SERVICE_ERROR',
+        '5'   => 'PE_BADCREDENTIALS',
+        '50'  => 'PE_SAML_LOAD_IDP_ERROR',
+        '51'  => 'PE_SAML_SSO_ERROR',
+        '52'  => 'PE_SAML_UNKNOWN_ENTITY',
+        '53'  => 'PE_SAML_DESTINATION_ERROR',
+        '54'  => 'PE_SAML_CONDITIONS_ERROR',
+        '55'  => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
+        '56'  => 'PE_SAML_SLO_ERROR',
+        '57'  => 'PE_SAML_SIGNATURE_ERROR',
+        '58'  => 'PE_SAML_ART_ERROR',
+        '59'  => 'PE_SAML_SESSION_ERROR',
+        '6'   => 'PE_LDAPCONNECTFAILED',
+        '60'  => 'PE_SAML_LOAD_SP_ERROR',
+        '61'  => 'PE_SAML_ATTR_ERROR',
+        '62'  => 'PE_OPENID_EMPTY',
+        '63'  => 'PE_OPENID_BADID',
+        '64'  => 'PE_MISSINGREQATTR',
+        '65'  => 'PE_BADPARTNER',
+        '66'  => 'PE_MAILCONFIRMATION_ALREADY_SENT',
+        '67'  => 'PE_PASSWORDFORMEMPTY',
+        '68'  => 'PE_CAS_SERVICE_NOT_ALLOWED',
+        '69'  => 'PE_MAILFIRSTACCESS',
+        '7'   => 'PE_LDAPERROR',
+        '70'  => 'PE_MAILNOTFOUND',
+        '71'  => 'PE_PASSWORDFIRSTACCESS',
+        '72'  => 'PE_MAILCONFIRMOK',
+        '73'  => 'PE_RADIUSCONNECTFAILED',
+        '74'  => 'PE_MUST_SUPPLY_OLD_PASSWORD',
+        '75'  => 'PE_FORBIDDENIP',
+        '76'  => 'PE_CAPTCHAERROR',
+        '77'  => 'PE_CAPTCHAEMPTY',
+        '78'  => 'PE_REGISTERFIRSTACCESS',
+        '79'  => 'PE_REGISTERFORMEMPTY',
+        '8'   => 'PE_APACHESESSIONERROR',
+        '80'  => 'PE_REGISTERALREADYEXISTS',
+        '81'  => 'PE_NOTOKEN',
+        '82'  => 'PE_TOKENEXPIRED',
+        '83'  => 'PE_U2FFAILED',
+        '84'  => 'PE_UNAUTHORIZEDPARTNER',
+        '85'  => 'PE_RENEWSESSION',
+        '86'  => 'PE_WAIT',
+        '87'  => 'PE_MUSTAUTHN',
+        '88'  => 'PE_MUSTHAVEMAIL',
+        '89'  => 'PE_SAML_SERVICE_NOT_ALLOWED',
+        '9'   => 'PE_FIRSTACCESS',
+        '90'  => 'PE_OIDC_SERVICE_NOT_ALLOWED',
+        '91'  => 'PE_OID_SERVICE_NOT_ALLOWED',
+        '92'  => 'PE_GET_SERVICE_NOT_ALLOWED',
+        '93'  => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
+        '94'  => 'PE_ISSUERMISSINGREQATTR',
+        '95'  => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
+        '96'  => 'PE_BADOTP',
+        '97'  => 'PE_RESETCERTIFICATE_INVALID',
+        '98'  => 'PE_RESETCERTIFICATE_FORMEMPTY',
+        '99'  => 'PE_RESETCERTIFICATE_FIRSTACCESS'
    };

 }
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm
@ -2445,8 +2445,8 @@ qr/^(?:\*\.)?(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.])*(?:[a-zA-Z][
            'type'    => 'int'
        },
        'passwordPolicySpecialChar' => {
-            'default' => '! @ # $ % & * ( ) - _ = + [ ] { } ; : , . / ?',
-            'test'    => qr/^[\s\W_]+$/,
+            'default' => '! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
+            'test'    => qr/^[\s\W_]*$/,
            'type'    => 'text'
        },
        'passwordResetAllowedRetries' => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm
@ -1440,9 +1440,9 @@ sub attributes {
            documentation => 'Password policy: minimal special characters',
        },
        passwordPolicySpecialChar => {
-            default       => '! @ # $ % & * ( ) - _ = + [ ] { } ; : , . / ?',
+            default       => '! @ # $ % & * ( ) - = + [ ] { } ; : , . / ?',
            type          => 'text',
-            test          => qr/^[\s\W_]+$/,
+            test          => qr/^[\s\W_]*$/,
            documentation => 'Password policy: allowed special characters',
        },
        portalDisplayPasswordPolicy => {
--- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/PortalConstants.pm
+++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/PortalConstants.pm
@ -106,7 +106,9 @@ sub portalConstants {
        PE_BADOTP                            => 96,
        PE_RESETCERTIFICATE_INVALID          => 97,
        PE_RESETCERTIFICATE_FORMEMPTY        => 98,
-        PE_RESETCERTIFICATE_FIRSTACCESS      => 99
+        PE_RESETCERTIFICATE_FIRSTACCESS      => 99,
+        PE_PP_NOT_ALLOWED_CHARACTER          => 100,
+        PE_PP_NOT_ALLOWED_CHARACTERS         => 101
    };
 }

--- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimal lower characters",
 "passwordPolicyMinUpper":"Minimal upper characters",
 "passwordPolicyMinDigit":"Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max reset password retries",
 "persistent":"الثابتة",
 "persistentSessions":"الجلسات الثابتة",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/de.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimal lower characters",
 "passwordPolicyMinUpper":"Minimal upper characters",
 "passwordPolicyMinDigit":"Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max reset password retries",
 "persistent":"Persistent",
 "persistentSessions":"Persistent sessions",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower": "Minimal lower characters",
 "passwordPolicyMinUpper": "Minimal upper characters",
 "passwordPolicyMinDigit": "Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max reset password retries",
 "persistent":"Persistent",
 "persistentSessions":"Persistent sessions",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower": "Minimum de minuscules",
 "passwordPolicyMinUpper": "Minimum de majuscules",
 "passwordPolicyMinDigit": "Minimum de chiffres",
+"passwordPolicyMinSpeChar":"Minimum de caractètes spéciaux",
+"passwordPolicySpecialChar":"Caractètes spéciaux autorisés",
 "passwordResetAllowedRetries":"Nombre d'essais pour réinitialiser le mot de passe",
 "persistent":"Persistantes",
 "persistentSessions":"Sessions persistantes",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimal lower characters",
 "passwordPolicyMinUpper":"Minimal upper characters",
 "passwordPolicyMinDigit":"Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max tentativi di reimpostazione della password",
 "persistent":"Persistente",
 "persistentSessions":"Sessioni persistenti",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimum küçük harf karakter sayısı",
 "passwordPolicyMinUpper":"Minimum büyük harf karakter sayısı",
 "passwordPolicyMinDigit":"Minimum rakam karakter sayısı",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Maksimum parola sıfırlama denemesi",
 "persistent":"Kalıcı",
 "persistentSessions":"Kalıcı oturumlar",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimal lower characters",
 "passwordPolicyMinUpper":"Minimal upper characters",
 "passwordPolicyMinDigit":"Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max reset password retries",
 "persistent":"Duy trì",
 "persistentSessions":"Duy trì phiên",
--- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json
@ -680,6 +680,8 @@
 "passwordPolicyMinLower":"Minimal lower characters",
 "passwordPolicyMinUpper":"Minimal upper characters",
 "passwordPolicyMinDigit":"Minimal digit characters",
+"passwordPolicyMinSpeChar":"Minimal special characters",
+"passwordPolicySpecialChar":"Allowed special characters",
 "passwordResetAllowedRetries":"Max reset password retries",
 "persistent":"Persistent",
 "persistentSessions":"Persistent sessions",
--- a/lemonldap-ng-manager/site/htdocs/static/struct.json
+++ b/lemonldap-ng-manager/site/htdocs/static/struct.json
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Constants.pm
@ -103,105 +103,109 @@ use constant {
    PE_RESETCERTIFICATE_INVALID          => 97,
    PE_RESETCERTIFICATE_FORMEMPTY        => 98,
    PE_RESETCERTIFICATE_FIRSTACCESS      => 99,
+    PE_PP_NOT_ALLOWED_CHARACTER          => 100,
+    PE_PP_NOT_ALLOWED_CHARACTERS         => 101,
 };

 sub portalConsts {
    return {
-        '-1' => 'PE_DONE',
-        '-2' => 'PE_REDIRECT',
-        '-3' => 'PE_INFO',
-        '-4' => 'PE_SENDRESPONSE',
-        '-5' => 'PE_IDPCHOICE',
-        '0'  => 'PE_OK',
-        '1'  => 'PE_SESSIONEXPIRED',
-        '10' => 'PE_BADCERTIFICATE',
-        '2'  => 'PE_FORMEMPTY',
-        '21' => 'PE_PP_ACCOUNT_LOCKED',
-        '22' => 'PE_PP_PASSWORD_EXPIRED',
-        '23' => 'PE_CERTIFICATEREQUIRED',
-        '24' => 'PE_ERROR',
-        '25' => 'PE_PP_CHANGE_AFTER_RESET',
-        '26' => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
-        '27' => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
-        '28' => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
-        '29' => 'PE_PP_PASSWORD_TOO_SHORT',
-        '3'  => 'PE_WRONGMANAGERACCOUNT',
-        '30' => 'PE_PP_PASSWORD_TOO_YOUNG',
-        '31' => 'PE_PP_PASSWORD_IN_HISTORY',
-        '32' => 'PE_PP_GRACE',
-        '33' => 'PE_PP_EXP_WARNING',
-        '34' => 'PE_PASSWORD_MISMATCH',
-        '35' => 'PE_PASSWORD_OK',
-        '36' => 'PE_NOTIFICATION',
-        '37' => 'PE_BADURL',
-        '38' => 'PE_NOSCHEME',
-        '39' => 'PE_BADOLDPASSWORD',
-        '4'  => 'PE_USERNOTFOUND',
-        '40' => 'PE_MALFORMEDUSER',
-        '41' => 'PE_SESSIONNOTGRANTED',
-        '42' => 'PE_CONFIRM',
-        '43' => 'PE_MAILFORMEMPTY',
-        '44' => 'PE_BADMAILTOKEN',
-        '45' => 'PE_MAILERROR',
-        '46' => 'PE_MAILOK',
-        '47' => 'PE_LOGOUT_OK',
-        '48' => 'PE_SAML_ERROR',
-        '49' => 'PE_SAML_LOAD_SERVICE_ERROR',
-        '5'  => 'PE_BADCREDENTIALS',
-        '50' => 'PE_SAML_LOAD_IDP_ERROR',
-        '51' => 'PE_SAML_SSO_ERROR',
-        '52' => 'PE_SAML_UNKNOWN_ENTITY',
-        '53' => 'PE_SAML_DESTINATION_ERROR',
-        '54' => 'PE_SAML_CONDITIONS_ERROR',
-        '55' => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
-        '56' => 'PE_SAML_SLO_ERROR',
-        '57' => 'PE_SAML_SIGNATURE_ERROR',
-        '58' => 'PE_SAML_ART_ERROR',
-        '59' => 'PE_SAML_SESSION_ERROR',
-        '6'  => 'PE_LDAPCONNECTFAILED',
-        '60' => 'PE_SAML_LOAD_SP_ERROR',
-        '61' => 'PE_SAML_ATTR_ERROR',
-        '62' => 'PE_OPENID_EMPTY',
-        '63' => 'PE_OPENID_BADID',
-        '64' => 'PE_MISSINGREQATTR',
-        '65' => 'PE_BADPARTNER',
-        '66' => 'PE_MAILCONFIRMATION_ALREADY_SENT',
-        '67' => 'PE_PASSWORDFORMEMPTY',
-        '68' => 'PE_CAS_SERVICE_NOT_ALLOWED',
-        '69' => 'PE_MAILFIRSTACCESS',
-        '7'  => 'PE_LDAPERROR',
-        '70' => 'PE_MAILNOTFOUND',
-        '71' => 'PE_PASSWORDFIRSTACCESS',
-        '72' => 'PE_MAILCONFIRMOK',
-        '73' => 'PE_RADIUSCONNECTFAILED',
-        '74' => 'PE_MUST_SUPPLY_OLD_PASSWORD',
-        '75' => 'PE_FORBIDDENIP',
-        '76' => 'PE_CAPTCHAERROR',
-        '77' => 'PE_CAPTCHAEMPTY',
-        '78' => 'PE_REGISTERFIRSTACCESS',
-        '79' => 'PE_REGISTERFORMEMPTY',
-        '8'  => 'PE_APACHESESSIONERROR',
-        '80' => 'PE_REGISTERALREADYEXISTS',
-        '81' => 'PE_NOTOKEN',
-        '82' => 'PE_TOKENEXPIRED',
-        '83' => 'PE_U2FFAILED',
-        '84' => 'PE_UNAUTHORIZEDPARTNER',
-        '85' => 'PE_RENEWSESSION',
-        '86' => 'PE_WAIT',
-        '87' => 'PE_MUSTAUTHN',
-        '88' => 'PE_MUSTHAVEMAIL',
-        '89' => 'PE_SAML_SERVICE_NOT_ALLOWED',
-        '9'  => 'PE_FIRSTACCESS',
-        '90' => 'PE_OIDC_SERVICE_NOT_ALLOWED',
-        '91' => 'PE_OID_SERVICE_NOT_ALLOWED',
-        '92' => 'PE_GET_SERVICE_NOT_ALLOWED',
-        '93' => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
-        '94' => 'PE_ISSUERMISSINGREQATTR',
-        '95' => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
-        '96' => 'PE_BADOTP',
-        '97' => 'PE_RESETCERTIFICATE_INVALID',
-        '98' => 'PE_RESETCERTIFICATE_FORMEMPTY',
-        '99' => 'PE_RESETCERTIFICATE_FIRSTACCESS'
+        '-1'  => 'PE_DONE',
+        '-2'  => 'PE_REDIRECT',
+        '-3'  => 'PE_INFO',
+        '-4'  => 'PE_SENDRESPONSE',
+        '-5'  => 'PE_IDPCHOICE',
+        '0'   => 'PE_OK',
+        '1'   => 'PE_SESSIONEXPIRED',
+        '10'  => 'PE_BADCERTIFICATE',
+        '100' => 'PE_PP_NOT_ALLOWED_CHARACTER',
+        '101' => 'PE_PP_NOT_ALLOWED_CHARACTERS',
+        '2'   => 'PE_FORMEMPTY',
+        '21'  => 'PE_PP_ACCOUNT_LOCKED',
+        '22'  => 'PE_PP_PASSWORD_EXPIRED',
+        '23'  => 'PE_CERTIFICATEREQUIRED',
+        '24'  => 'PE_ERROR',
+        '25'  => 'PE_PP_CHANGE_AFTER_RESET',
+        '26'  => 'PE_PP_PASSWORD_MOD_NOT_ALLOWED',
+        '27'  => 'PE_PP_MUST_SUPPLY_OLD_PASSWORD',
+        '28'  => 'PE_PP_INSUFFICIENT_PASSWORD_QUALITY',
+        '29'  => 'PE_PP_PASSWORD_TOO_SHORT',
+        '3'   => 'PE_WRONGMANAGERACCOUNT',
+        '30'  => 'PE_PP_PASSWORD_TOO_YOUNG',
+        '31'  => 'PE_PP_PASSWORD_IN_HISTORY',
+        '32'  => 'PE_PP_GRACE',
+        '33'  => 'PE_PP_EXP_WARNING',
+        '34'  => 'PE_PASSWORD_MISMATCH',
+        '35'  => 'PE_PASSWORD_OK',
+        '36'  => 'PE_NOTIFICATION',
+        '37'  => 'PE_BADURL',
+        '38'  => 'PE_NOSCHEME',
+        '39'  => 'PE_BADOLDPASSWORD',
+        '4'   => 'PE_USERNOTFOUND',
+        '40'  => 'PE_MALFORMEDUSER',
+        '41'  => 'PE_SESSIONNOTGRANTED',
+        '42'  => 'PE_CONFIRM',
+        '43'  => 'PE_MAILFORMEMPTY',
+        '44'  => 'PE_BADMAILTOKEN',
+        '45'  => 'PE_MAILERROR',
+        '46'  => 'PE_MAILOK',
+        '47'  => 'PE_LOGOUT_OK',
+        '48'  => 'PE_SAML_ERROR',
+        '49'  => 'PE_SAML_LOAD_SERVICE_ERROR',
+        '5'   => 'PE_BADCREDENTIALS',
+        '50'  => 'PE_SAML_LOAD_IDP_ERROR',
+        '51'  => 'PE_SAML_SSO_ERROR',
+        '52'  => 'PE_SAML_UNKNOWN_ENTITY',
+        '53'  => 'PE_SAML_DESTINATION_ERROR',
+        '54'  => 'PE_SAML_CONDITIONS_ERROR',
+        '55'  => 'PE_SAML_IDPSSOINITIATED_NOTALLOWED',
+        '56'  => 'PE_SAML_SLO_ERROR',
+        '57'  => 'PE_SAML_SIGNATURE_ERROR',
+        '58'  => 'PE_SAML_ART_ERROR',
+        '59'  => 'PE_SAML_SESSION_ERROR',
+        '6'   => 'PE_LDAPCONNECTFAILED',
+        '60'  => 'PE_SAML_LOAD_SP_ERROR',
+        '61'  => 'PE_SAML_ATTR_ERROR',
+        '62'  => 'PE_OPENID_EMPTY',
+        '63'  => 'PE_OPENID_BADID',
+        '64'  => 'PE_MISSINGREQATTR',
+        '65'  => 'PE_BADPARTNER',
+        '66'  => 'PE_MAILCONFIRMATION_ALREADY_SENT',
+        '67'  => 'PE_PASSWORDFORMEMPTY',
+        '68'  => 'PE_CAS_SERVICE_NOT_ALLOWED',
+        '69'  => 'PE_MAILFIRSTACCESS',
+        '7'   => 'PE_LDAPERROR',
+        '70'  => 'PE_MAILNOTFOUND',
+        '71'  => 'PE_PASSWORDFIRSTACCESS',
+        '72'  => 'PE_MAILCONFIRMOK',
+        '73'  => 'PE_RADIUSCONNECTFAILED',
+        '74'  => 'PE_MUST_SUPPLY_OLD_PASSWORD',
+        '75'  => 'PE_FORBIDDENIP',
+        '76'  => 'PE_CAPTCHAERROR',
+        '77'  => 'PE_CAPTCHAEMPTY',
+        '78'  => 'PE_REGISTERFIRSTACCESS',
+        '79'  => 'PE_REGISTERFORMEMPTY',
+        '8'   => 'PE_APACHESESSIONERROR',
+        '80'  => 'PE_REGISTERALREADYEXISTS',
+        '81'  => 'PE_NOTOKEN',
+        '82'  => 'PE_TOKENEXPIRED',
+        '83'  => 'PE_U2FFAILED',
+        '84'  => 'PE_UNAUTHORIZEDPARTNER',
+        '85'  => 'PE_RENEWSESSION',
+        '86'  => 'PE_WAIT',
+        '87'  => 'PE_MUSTAUTHN',
+        '88'  => 'PE_MUSTHAVEMAIL',
+        '89'  => 'PE_SAML_SERVICE_NOT_ALLOWED',
+        '9'   => 'PE_FIRSTACCESS',
+        '90'  => 'PE_OIDC_SERVICE_NOT_ALLOWED',
+        '91'  => 'PE_OID_SERVICE_NOT_ALLOWED',
+        '92'  => 'PE_GET_SERVICE_NOT_ALLOWED',
+        '93'  => 'PE_IMPERSONATION_SERVICE_NOT_ALLOWED',
+        '94'  => 'PE_ISSUERMISSINGREQATTR',
+        '95'  => 'PE_DECRYPTVALUE_SERVICE_NOT_ALLOWED',
+        '96'  => 'PE_BADOTP',
+        '97'  => 'PE_RESETCERTIFICATE_INVALID',
+        '98'  => 'PE_RESETCERTIFICATE_FORMEMPTY',
+        '99'  => 'PE_RESETCERTIFICATE_FIRSTACCESS'
    };

 }
@ -304,7 +308,9 @@ our @EXPORT_OK = (
    'PE_BADOTP',
    'PE_RESETCERTIFICATE_INVALID',
    'PE_RESETCERTIFICATE_FORMEMPTY',
-    'PE_RESETCERTIFICATE_FIRSTACCESS'
+    'PE_RESETCERTIFICATE_FIRSTACCESS',
+    'PE_PP_NOT_ALLOWED_CHARACTER',
+    'PE_PP_NOT_ALLOWED_CHARACTERS'
 );
 our %EXPORT_TAGS = ( 'all' => [ @EXPORT_OK, 'import' ], );

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@ -9,6 +9,8 @@ use Lemonldap::NG::Portal::Main::Constants qw(
  PE_PASSWORD_OK
  PE_PASSWORD_MISMATCH
  PE_PP_PASSWORD_TOO_SHORT
+  PE_PP_NOT_ALLOWED_CHARACTER
+  PE_PP_NOT_ALLOWED_CHARACTERS
  PE_PP_MUST_SUPPLY_OLD_PASSWORD
  PE_PP_INSUFFICIENT_PASSWORD_QUALITY
 );
@ -131,19 +133,29 @@ sub checkPasswordQuality {
        }
    }

+    ## Special characters policy
+    my $speChars = $self->conf->{passwordPolicySpecialChar};
+    $speChars =~ s/\s+//g;
+
    # Min special characters
-    if ( $self->conf->{passwordPolicyMinSpeChar} ) {
-        my $spe      = 0;
-        my $speChars = $self->conf->{passwordPolicySpecialChar}
-          || '! @ # $ % & * ( ) - _ = + [ ] { } ; : , . / ?';
-        $speChars =~ s/\s+//g;
-        $spe = $password =~ s/[\Q$speChars\E]//g;
+    if ( $self->conf->{passwordPolicyMinSpeChar} && $speChars ) {
+        my $spe  = 0;
+        my $test = $password;
+        $spe = $test =~ s/[\Q$speChars\E]//g;
        if ( $spe < $self->conf->{passwordPolicyMinSpeChar} ) {
            $self->logger->error("Password has not enough special characters");
            return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
        }
    }

+    # Fobidden special characters
+    $password =~ s/[\Q$speChars\E\w]//g;
+    if ($password) {
+        $self->logger->error(
+            'Password contains ' . length($password) . " forbidden character(s): $password");
+        return length($password) > 1 ? PE_PP_NOT_ALLOWED_CHARACTERS : PE_PP_NOT_ALLOWED_CHARACTER;
+    }
+
    return PE_OK;
 }

--- a/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ar.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"قبول",
 "accessDenied":"ليس لديك إذن بالدخول لهذا التطبيق",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/de.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/de.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"Dieser Dienst benötigt Zwei-Faktor-Authentifizierung. Bitte legen Sie ein Gerät an und gehen dann zum Portal zurück.",
 "accept":"Akzeptieren",
 "accessDenied":"Sie haben keine Zugriffsberechtigung für diese Anwendung",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/en.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/en.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/es.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/es.json
@ -89,6 +89,8 @@
 "PE97":"Su certificado no es válido o expira próximamente",
 "PE98":"Por favor, seleccione su nuevo certificado",
 "PE99":"Por favor, seleccione su nuevo certificado",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"Este servicio necesita la autenticación de dos factores. Registre un dispositivo ahora, luego reingrese al portal.",
 "accept":"Aceptar",
 "accessDenied":"No está autorizado a acceder a esta aplicación",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fi.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Hyväksy",
 "accessDenied":"Sinulla ei ole käyttöoikeutta tähän sovellukseen",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/fr.json
@ -17,7 +17,7 @@
 "PE25":"Le mot de passe a été réinitialisé et doit être changé",
 "PE26":"Modification du mot de passe non autorisée",
 "PE27":"Ancien mot de passe à fournir pour le changer",
-"PE28":"Qualité de mot de passe insuffisante",
+"PE28":"Qualité du mot de passe insuffisante",
 "PE29":"Mot de passe trop court",
 "PE30":"Mot de passe trop récent",
 "PE31":"Mot de passe utilisé trop récemment",
@ -86,9 +86,11 @@
 "PE94":"Un attribut exigé n'est pas disponible",
 "PE95":"Accès non autorisé au service de déchiffrement",
 "PE96":"Code de sécurité invalide",
-"PE97":"Your certificate is invalid or expires soon",
-"PE98":"Please select your new certificate",
-"PE99":"Please select your new certificate",
+"PE97":"Votre certificat est invalide ou expire prochainement",
+"PE98":"Veuillez sélectionner votre nouveau certificat",
+"PE99":"Veuillez sélectionner votre nouveau certificat",
+"PE100":"Le mot de passe contient un caractère interdit",
+"PE101":"Le mot de passe contient des caractères interdits",
 "2fRegRequired":"Ce service requiert une authentification à deux facteurs. Enregistrez un équipement ici et retournez au portail.",
 "accept":"Accepter",
 "accessDenied":"Vous n'avez pas les droits d'accès à cette application",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/it.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/it.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"Questo servizio richiede un'autenticazione a doppio fattore. Registrare un dispositivo ora, quindi tornare al portale.",
 "accept":"Accetta",
 "accessDenied":"Non hai un'autorizzazione di accesso per questa applicazione",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/nl.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/pt.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/ro.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept",
 "accessDenied":"You have no access authorization for this application",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/tr.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"Bu servis iki adımlı kimlik doğrulama gerektiriyor. Şimdi bir cihaz ekleyin ve ardından portala geri dönün",
 "accept":"Kabul Et",
 "accessDenied":"Bu uygulamaya erişim yetkiniz yok",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/vi.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Chấp nhận",
 "accessDenied":"Bạn không có quyền truy cập vào ứng dụng này",
--- a/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
+++ b/lemonldap-ng-portal/site/htdocs/static/languages/zh.json
@ -89,6 +89,8 @@
 "PE97":"Your certificate is invalid or expires soon",
 "PE98":"Please select your new certificate",
 "PE99":"Please select your new certificate",
+"PE100":"Password contains not allowed character",
+"PE101":"Password contains not allowed characters",
 "2fRegRequired":"This service requires a double factor authentication. Register a device now, then go back to the portal.",
 "accept":"Accept 方法",
 "accessDenied":"您无权访问此应用",