Local password policy: minimal digits (#993)

6 years ago · a2d3ae1d03
parent 28309dca9b
commit a2d3ae1d03
2 changed files with 51 additions and 3 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Password/Base.pm
@ -83,6 +83,16 @@ sub _modifyPassword {
        }
    }

+    # Min digit
+    if ( $self->conf->{passwordPolicyMinDigit} ) {
+        my $digit = 0;
+        $digit++ while ( $req->data->{newpassword} =~ m/\d/g );
+        if ( $digit < $self->conf->{passwordPolicyMinDigit} ) {
+            $self->logger->error("Password has not enough digit characters");
+            return PE_PP_INSUFFICIENT_PASSWORD_QUALITY;
+        }
+    }
+
    # Call password package
    my $res = $self->modifyPassword( $req, $req->data->{newpassword} );
    if ( $res == PE_PASSWORD_OK ) {
--- a/lemonldap-ng-portal/t/02-Password-Demo-Local-Ppolicy.t
+++ b/lemonldap-ng-portal/t/02-Password-Demo-Local-Ppolicy.t
@ -17,6 +17,7 @@ my $client = LLNG::Manager::Test->new( {
            passwordPolicyMinSize    => 6,
            passwordPolicyMinLower   => 3,
            passwordPolicyMinUpper   => 3,
+            passwordPolicyMinDigit   => 1,
        }
    }
 );
@ -62,7 +63,7 @@ ok(
    $res = $client->_post(
        '/',
        IO::String->new(
-            'oldpassword=dwho&newpassword=TESTisok&confirmpassword=TESTisok'),
+            'oldpassword=dwho&newpassword=TESTis0k&confirmpassword=TESTis0k'),
        cookie => "lemonldap=$id",
        accept => 'application/json',
        length => 62
@ -99,7 +100,7 @@ ok(
    $res = $client->_post(
        '/',
        IO::String->new(
-            'oldpassword=dwho&newpassword=TESTlower&confirmpassword=TESTlower'),
+            'oldpassword=dwho&newpassword=TESTl0wer&confirmpassword=TESTl0wer'),
        cookie => "lemonldap=$id",
        accept => 'application/json',
        length => 64
@ -136,7 +137,7 @@ ok(
    $res = $client->_post(
        '/',
        IO::String->new(
-            'oldpassword=dwho&newpassword=testUPPER&confirmpassword=testUPPER'),
+            'oldpassword=dwho&newpassword=t3stUPPER&confirmpassword=t3stUPPER'),
        cookie => "lemonldap=$id",
        accept => 'application/json',
        length => 64
@ -146,6 +147,43 @@ ok(
 expectOK($res);
 count(1);

+# Test min digit
+# --------------
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new(
+            'oldpassword=dwho&newpassword=testDIGIT&confirmpassword=testDIGIT'),
+        cookie => "lemonldap=$id",
+        accept => 'application/json',
+        length => 64
+    ),
+    'Password min digit not respected'
+);
+expectBadRequest($res);
+my $json;
+ok( $json = eval { from_json( $res->[2]->[0] ) }, 'Response is JSON' )
+  or print STDERR "$@\n" . Dumper($res);
+ok(
+    $json->{error} == PE_PP_INSUFFICIENT_PASSWORD_QUALITY,
+    'Response is PE_PP_INSUFFICIENT_PASSWORD_QUALITY'
+) or explain( $json, "error => 28" );
+count(3);
+
+ok(
+    $res = $client->_post(
+        '/',
+        IO::String->new(
+            'oldpassword=dwho&newpassword=t3stDIGIT&confirmpassword=t3stDIGIT'),
+        cookie => "lemonldap=$id",
+        accept => 'application/json',
+        length => 64
+    ),
+    'Password min digit respected'
+);
+expectOK($res);
+count(1);
+
 # Test $client->logout
 $client->logout($id);