use password policy functions from ltb-common (#968)

* use check_password_strength and checkEntropyJSON from ltb-common
* externalize ppolicy smarty assignments into a dedicated function
* use html, js and css ppolicy code from ltb-common

.gitignore

@@ -2,3 +2,6 @@
 /htdocs/vendor/
 composer.lock
 tests/.phpunit.result.cache
+htdocs/js/ppolicy.js
+htdocs/css/ppolicy.css
+templates/policy.tpl

composer.json

@@ -1,6 +1,6 @@
 {
     "require": {
-        "ltb-project/ltb-common": "dev-main",
+        "ltb-project/ltb-common": "dev-36-add-password-policy",
         "bjeavons/zxcvbn-php": "^1.0",
         "twbs/bootstrap": "v5.3.3",
         "defuse/php-encryption": "2.4.0",
@@ -22,7 +22,10 @@
             "rm -rf htdocs/vendor/font-awesome",
             "cp -R vendor/fortawesome/font-awesome htdocs/vendor/font-awesome",
             "rm -rf htdocs/vendor/font-awesome/js htdocs/vendor/font-awesome/js-packages htdocs/vendor/font-awesome/less htdocs/vendor/font-awesome/metadata htdocs/vendor/font-awesome/otfs htdocs/vendor/font-awesome/scss htdocs/vendor/font-awesome/sprites htdocs/vendor/font-awesome/svgs",
-            "rm -rf vendor/fortawesome/font-awesome"
+            "rm -rf vendor/fortawesome/font-awesome",
+            "cp -f vendor/ltb-project/ltb-common/src/ppolicy/html/policy.tpl templates/policy.tpl",
+            "cp -f vendor/ltb-project/ltb-common/src/ppolicy/js/ppolicy.js htdocs/js/ppolicy.js",
+            "cp -f vendor/ltb-project/ltb-common/src/ppolicy/css/ppolicy.css htdocs/css/ppolicy.css"
         ]
     },
     "require-dev": {

htdocs/change.php

@@ -159,7 +159,7 @@
 # Check password strength
 #==============================================================================
 if ( !$result ) {
-    $result = check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Ppolicy::check_password_strength( $newpassword, $oldpassword, $pwd_policy_config, $login, $entry_array, $change_custompwdfield );
 }
 
 #==============================================================================

htdocs/changecustompwdfield.php

@@ -217,7 +217,7 @@ function set_default_value(&$variable, $defaultValue)
 # Check password strength
 #==============================================================================
 if ( !$result ) {
-    $result = check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
+    $result = \Ltb\Ppolicy::check_password_strength( $newcustompwd, $password, $custompwdfield['pwd_policy_config'], $login, $entry_array, $change_custompwdfield );
 }
 
 #==============================================================================

htdocs/checkentropy.php

@@ -1,67 +1,15 @@
 <?php
 
-/*
-  Pre-requisites: install zxcvbn library
-
-  Make sure to have this in composer.json:
-
-    "require": {
-        "bjeavons/zxcvbn-php": "^1.0"
-    }
-
-  and run: composer update
-
-*/
-
 require_once '../vendor/autoload.php';
-use ZxcvbnPhp\Zxcvbn;
-
-
-try{
-  $zxcvbn = new Zxcvbn();
-  error_log("Module Zxcvbn successfully loaded");
-}
-catch(Throwable $e){
-  error_log("Could not load Zxcvbn module: ".$e);
-  exit(1);
-}
-
-/* Check user password against zxcvbn library
-   Input : new user base64-encoded password
-   Output: JSON response: { "level" => int, "message" => "msg" } */
-
-function checkEntropyJSON($password_base64)
-{
-    $response_params = array();
-    $zxcvbn = new Zxcvbn();
-
-    if( ! isset($password_base64) || empty($password_base64))
-    {
-        error_log("checkEntropy: missing parameter password");
-        $response_params["level"]   = -1;
-        $response_params["message"] = "missing parameter password";
-        print json_encode($response_params);
-        exit(1);
-    }
-
-    $p = base64_decode($password_base64);
-    // force encoding to utf8, as iso-8859-1 is not supported by zxcvbn
-    $password = mb_convert_encoding($p, 'UTF-8', 'ISO-8859-1');
-    error_log("checkEntropy: password taken from submitted form");
-
-    $entropy = $zxcvbn->passwordStrength("$password");
-
-    $response_params["level"] = strval($entropy["score"]);
-    $response_params["message"] = $entropy['feedback']['warning'] ? strval($entropy['feedback']['warning']) : "";
-
-    error_log("checkEntropy: level " . $response_params["level"] . " msg: " . $response_params["message"]);
-
-    print json_encode($response_params);
-    exit(0);
-}
 
 // new password sent in the url, base64 encoded
 $newpass = htmlspecialchars($_POST["password"]);
-checkEntropyJSON($newpass);
+$entropy_response = \Ltb\Ppolicy::checkEntropyJSON($newpass);
+if ($debug) {
+    error_log("checkEntropy: ".$entropy_response);
+}
+
+print $entropy_response;
+exit(0);
 
 ?>

htdocs/css/self-service-password.css

@@ -65,38 +65,3 @@ textarea#sshkey {
   }
 
 }
-
-/* password entropy customization*/
-#entropybar>div {
-  width: 0%;
-  /* Adjust with JavaScript */
-}
-
-#entropybar>div.levelErr {
-  width: 0%;
-}
-
-#entropybar>div.level0 {
-  width: 20%;
-}
-
-#entropybar>div.level1 {
-  width: 40%;
-}
-
-#entropybar>div.level2 {
-  width: 60%;
-}
-
-#entropybar>div.level3 {
-  width: 80%;
-}
-
-#entropybar>div.level4 {
-  width: 100%;
-}
-
-.entropyHidden {
-  display: none;
-}
-

htdocs/index.php

@@ -295,64 +295,13 @@
 if (isset($login)) { $smarty->assign('login', $login); }
 if (isset($token)) { $smarty->assign('token', $token); }
 if (isset($use_captcha)) { $smarty->assign('use_captcha', $use_captcha); }
-// TODO : Make it clean function show_policy - START
-if (isset($pwd_show_policy_pos)) {
-    $smarty->assign('pwd_show_policy_pos', $pwd_show_policy_pos);
-    $smarty->assign('pwd_show_policy', $pwd_show_policy);
-    $smarty->assign('pwd_show_policy_onerror', true);
-    if ( $pwd_show_policy === "onerror" ) {
-        if ( !preg_match( "/tooshort|toobig|minlower|minupper|mindigit|minspecial|forbiddenchars|sameasold|notcomplex|sameaslogin|pwned|specialatends/" , $result) ) {
-            $smarty->assign('pwd_show_policy_onerror', false);
-        } else {
-            $smarty->assign('pwd_show_policy_onerror', true);
-        }
-    }
-    if (isset($pwd_min_length)) { $smarty->assign('pwd_min_length', $pwd_min_length); }
-    if (isset($pwd_max_length)) { $smarty->assign('pwd_max_length', $pwd_max_length); }
-    if (isset($pwd_min_lower)) { $smarty->assign('pwd_min_lower', $pwd_min_lower); }
-    if (isset($pwd_min_upper)) { $smarty->assign('pwd_min_upper', $pwd_min_upper); }
-    if (isset($pwd_min_digit)) { $smarty->assign('pwd_min_digit', $pwd_min_digit); }
-    if (isset($pwd_min_special)) { $smarty->assign('pwd_min_special', $pwd_min_special); }
-    if (isset($pwd_complexity)) { $smarty->assign('pwd_complexity', $pwd_complexity); }
-    if (isset($pwd_diff_last_min_chars)) { $smarty->assign('pwd_diff_last_min_chars', $pwd_diff_last_min_chars); }
-    if (isset($pwd_forbidden_chars)) { $smarty->assign('pwd_forbidden_chars', $pwd_forbidden_chars); }
-    if (isset($pwd_no_reuse)) { $smarty->assign('pwd_no_reuse', $pwd_no_reuse); }
-    if (isset($pwd_diff_login)) { $smarty->assign('pwd_diff_login', $pwd_diff_login); }
-    if (isset($pwd_display_entropy)) { $smarty->assign('pwd_display_entropy', $pwd_display_entropy); }
-    if (isset($pwd_check_entropy)) { $smarty->assign('pwd_check_entropy', $pwd_check_entropy); }
-    if (isset($pwd_min_entropy)) { $smarty->assign('pwd_min_entropy', $pwd_min_entropy); }
-    if (isset($use_pwnedpasswords)) { $smarty->assign('use_pwnedpasswords', $use_pwnedpasswords); }
-    if (isset($pwd_no_special_at_ends)) { $smarty->assign('pwd_no_special_at_ends', $pwd_no_special_at_ends); }
-
-    // send policy to a JSON object usable in javascript (window.policy.[parameter])
-    $smarty->assign('json_policy', base64_encode(json_encode(
-                                                array(
-                                                  "pwd_min_length" => $pwd_min_length,
-                                                  "pwd_max_length" => $pwd_max_length,
-                                                  "pwd_min_lower" => $pwd_min_lower,
-                                                  "pwd_min_upper" => $pwd_min_upper,
-                                                  "pwd_min_digit" => $pwd_min_digit,
-                                                  "pwd_min_special" => $pwd_min_special,
-                                                  "pwd_complexity" => $pwd_complexity,
-                                                  "pwd_diff_last_min_chars" => $pwd_diff_last_min_chars,
-                                                  "pwd_forbidden_chars" => $pwd_forbidden_chars,
-                                                  "pwd_no_reuse" => $pwd_no_reuse,
-                                                  "pwd_diff_login" => $pwd_diff_login,
-                                                  "pwd_display_entropy" => $pwd_display_entropy,
-                                                  "pwd_check_entropy" => $pwd_check_entropy,
-                                                  "pwd_min_entropy" => $pwd_min_entropy,
-                                                  "use_pwnedpasswords" => $use_pwnedpasswords,
-                                                  "pwd_no_special_at_ends" => $pwd_no_special_at_ends,
-                                                  "pwd_special_chars" => $pwd_special_chars
-                                                )
-                                              )));
-}
+
+\Ltb\Ppolicy::smarty_assign_ppolicy($smarty, $pwd_show_policy_pos, $pwd_show_policy, $result, $pwd_policy_config);
 
 if (isset($custompwdindex)) {
     $smarty->assign('custompwdindex', $custompwdindex);
     if (isset($change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage'])) { $smarty->assign('msg_passwordchangedextramessage', $change_custompwdfield[$custompwdindex]['msg_passwordchangedextramessage']); }
 }
-// TODO : Make it clean function show_policy - END
 if (isset($smsdisplay)) { $smarty->assign('smsdisplay', $smsdisplay); }
 // TODO : Make it clean $prehook_return/$posthook_return - START
 if (isset($prehook_return)) {