Conversation
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/DefaultPasswordPolicy.php
Outdated
Show resolved
Hide resolved
Al2Klimov
left a comment
Al2Klimov
left a comment
There was a problem hiding this comment.
During setup, the wizard prompts me for a username and password "to configure your first administrative account". This should enforce the chosen password policy.
JolienTrog
force-pushed
the
password-policy
branch
2 times, most recently
from
97e07ad to
39bbc53
Compare
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/CommonPasswordPolicy.php
Outdated
Show resolved
Hide resolved
library/Icinga/Application/ProvidedHook/CommonPasswordPolicy.php
Outdated
Show resolved
Hide resolved
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
test/php/library/Icinga/Application/CommonPasswordPolicyTest.php
Outdated
Show resolved
Hide resolved
doc/05-Authentication.md
Outdated
|
|
||
| class PasswordPolicy extends PasswordPolicyHook | ||
| { | ||
| use Translation; |
There was a problem hiding this comment.
You use the Translation trait only but never call $this->translate() on any of the strings.
| return $passwordPolicy; | ||
| } | ||
|
|
||
| public static function addPasswordPolicyDescription(Form $form, PasswordPolicy $passwordPolicy): void |
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
Co-authored-by: Eric Lippmann <eric.lippmann@icinga.com>
| */ | ||
| abstract class PasswordPolicyHook implements PasswordPolicy | ||
| { | ||
| /** @var string Hook name *( |
There was a problem hiding this comment.
| /** @var string Hook name *( | |
| /** @var string Hook name */ |
This will not parse correctly!
| public static function all(): array | ||
| { | ||
| $passwordPolicies = []; | ||
| foreach (Hook::all('PasswordPolicy') as $class => $policy) { |
There was a problem hiding this comment.
| foreach (Hook::all('PasswordPolicy') as $class => $policy) { | |
| foreach (Hook::all(self::HOOK_NAME) as $class => $policy) { |
We have the constant, why not use it?
| ) { | ||
| if ($oldPasswordElementName !== null && $form->getElement($oldPasswordElementName) === null) { | ||
| throw new LogicException(sprintf( | ||
| $this->translate('Form element "%s" was specified but does not exist in the form'), |
There was a problem hiding this comment.
Using $this when not in object context. This will throw an exception if executed.
| ], | ||
| [['HtmlTag#div' => 'HtmlTag'], ['tag' => 'div', 'class' => 'form-notifications error']], | ||
| ], | ||
| 'value' => $this->translate( |
There was a problem hiding this comment.
Using $this when not in object context. This will throw an exception if executed.
|
|
||
| if (! class_exists($passwordPolicyClass)) { | ||
| throw new ConfigurationError( | ||
| $this->translate('Password policy class %s does not exist'), |
There was a problem hiding this comment.
Using $this when not in object context. This will throw an exception if executed.
| const DEFAULT_PASSWORD_POLICY = AnyPasswordPolicy::class; | ||
|
|
||
| /** @var string INI configuration section for password policy */ | ||
| const CONFIG_SECTION = 'global'; |
There was a problem hiding this comment.
Consider moving password policy to the security section.
There was a problem hiding this comment.
Yeah, you also made a separate permission for the CSP stuff, didn't you?
There was a problem hiding this comment.
I was mostly talking about the [security] section of the config.ini file here.
But yes, I added 'config/security' in #5477 for all security related configuration.
The only thing that is currently in this section is CSP, but it seems password policy would fit well there.
| * | ||
| * This form is not used directly but as subform for the {@link GeneralConfigForm}. | ||
| */ | ||
| class PasswordPolicyConfigForm extends Form |
There was a problem hiding this comment.
There already was some discussion with @lippserd to move this form into a new Security section in IW2.
We should consider converting this form into an ipl-web based form instead during this process.
| 'description' => $this->translate('Leave empty for not updating the user\'s password'), | ||
| 'label' => $this->translate('Password'), | ||
| ) | ||
| ); |
There was a problem hiding this comment.
Why is there no check for the password policy here? We require admins to follow the policy when creating a user, why not during updates?
| [ | ||
| 'description' => $this->translate('Enforce password requirements for new passwords'), | ||
| 'label' => $this->translate('Password Policy'), | ||
| 'value' => PasswordPolicyHelper::DEFAULT_PASSWORD_POLICY, |
There was a problem hiding this comment.
Having an invalid value set in the config (class not found or not an instance of PasswordPolicy) causes IW2 to display Common.
I would expect some sort of error message here.
|
|
||
| public function createElements(array $formData): static | ||
| { | ||
| $this->addElement( |
There was a problem hiding this comment.
I'd like to see the description of the password policy somewhere in this form.
We display it in every place where a password field exists, why not where we actually select the policy?
5 participants
Ref #4401