Skip to content

Commit

Permalink
Passwortanpassungen
Browse files Browse the repository at this point in the history
  • Loading branch information
dergel committed Aug 28, 2024
1 parent 241645a commit f957ce1
Show file tree
Hide file tree
Showing 4 changed files with 170 additions and 144 deletions.
12 changes: 12 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,18 @@
Changelog
=========

Version 4.3.1 - xx.03.2024

### Anpassungen

* Referer to logout greift nur noch, wenn Article Logout vorhanden ist. Danke Julian Aliabadi, https://github.com/goldfoot
* Verlinkung auf Docs angepasst
* rexstan Satisfaction erhöht. Danke https://github.com/TobiasKrais
* Doppelte Registrierung des yform template path entfernt. Danke https://github.com/tyrant88
* Fehler bei Installation behoben. Passwortfeld wurde vorher nur nach Reinstall angelegt.
* Passwort autocomplete varianten eingebaut und in Doku sinnvoll ergänzt
* CSP Header anpassungen. Passwortscript -CSP-fähig und relationsfähig gemacht.

Version 4.3.0 - 14.03.2024
--------------------------

Expand Down
10 changes: 5 additions & 5 deletions docs/03_login_logout_profile_register.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@

```text
validate|ycom_auth|login|password|stayfield|warning_message_enterloginpsw|warning_message_login_failed
text|login|Benutzername|
password|password|Passwort
text|login|Benutzername|||{"autocomplete":"username"}
password|password|Passwort|||{"autocomplete":"current-password"}
checkbox|stayfield|eingeloggt bleiben
ycom_auth_returnto|returnTo|
```
Expand All @@ -22,8 +22,8 @@ $form->setValidateField('ycom_auth', ['login', 'password', null, 'warning_messag
$form->setObjectparams('form_name', 'login_form');
$form->setObjectparams('form_action', rex_getUrl());

$form->setValueField('text', ['login', 'Benutzername']);
$form->setValueField('password', ['password', 'Passwort']);
$form->setValueField('text', ['login', 'Benutzername', '', '', '{"autocomplete":"username"}']);
$form->setValueField('password', ['password', 'Passwort', '', '', '{"autocomplete":"current-password"}']);

$form->setValidateField('empty', ['login', 'Bitte geben Sie Ihren Benutzernamen ein']);
$form->setValidateField('empty', ['password', 'Bitte geben Sie Ihr Passwort ein']);
Expand Down Expand Up @@ -136,7 +136,7 @@ text|name|Nachname*
validate|empty|name|Bitte geben Sie Ihren Nachnamen ein.

ycom_auth_password|password|Ihr Passwort*|{"length":{"min":10},"letter":{"min":1},"lowercase":{"min":0},"uppercase":{"min":0},"digit":{"min":1},"symbol":{"min":0}}|Das Passwort muss mindestens 10 Zeichen lang sein und eine Ziffer enthalten.
password|password_2|Passwort bestätigen*||no_db
password|password_2|Passwort bestätigen*||no_db|{"autocomplete":"new-password"}

checkbox|termsofuse_accepted|Ich habe die Nutzungsbedingungen akzeptiert.|0|0|

Expand Down
2 changes: 1 addition & 1 deletion docs/05_passwords.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Nun können Nutzer ihr Passwort selbständig ändern.
1. Feld für altes Passwort und Validierung hinzufügen

```php
password|old_password|Bisheriges Passwort||no_db
password|old_password|Bisheriges Passwort||no_db|{"autocomplete":"current-password"}
validate|empty|old_password|Bitte das bisherige Passwort angeben.
validate|ycom_auth_password|old_password|Das bisherige Passwort ist nicht korrekt.
```
Expand Down
290 changes: 152 additions & 138 deletions plugins/auth/ytemplates/bootstrap/value.ycom_password.tpl.php
Original file line number Diff line number Diff line change
Expand Up @@ -38,9 +38,12 @@
'type' => $type,
'id' => $this->getFieldId(),
'value' => $value,
'autocomplete' => 'new-password',
];

if (rex::isFrontend()) {
$attributes['autocomplete'] = 'new-password';
}

$attributes = $this->getAttributeElements($attributes, ['autocomplete', 'pattern', 'required', 'disabled', 'readonly']);

$span = '';
Expand All @@ -50,14 +53,23 @@
if ($script) {
$funcName = uniqid('rex_ycom_password_create' . $this->getId());
$span = '<span class="input-group-btn">
<button type="button" class="btn btn-default getNewPass" onclick="' . $funcName . 'refresh(' . $this->getId() . ')"><span class="fa fa-refresh"></span></button>
<button type="button" class="btn btn-default getNewPass rex-ycom-password-refresh-button" data-myRules=\'' . json_encode($rules) . '\' data-myField="' . rex_escape($this->getFieldName()) . '"><span class="fa fa-refresh"></span></button>
</span>';

$nonce = '';
$nonce = ' nonce="' . rex_response::getNonce() . '"';

?><script type="text/javascript"<?= $nonce ?>>

$(document).on('rex:ready', function () {
$(".rex-ycom-password-refresh-button").each(function() {
$(this).off("click");
$(this).on("click", function() {
rex_ycom_password_refresh(this);
});
});
});

// Credit to @Blender https://stackoverflow.com/users/464744/blender
String.prototype.pick = function(min, max) {
var n, chars = '';
Expand Down Expand Up @@ -92,153 +104,155 @@
return array.join('');
};

function <?= $funcName . 'refresh' ?>(input) {

var rules = {
letter:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
uppercase:"ABCDEFGHIJKLMNOPQRSTUVWXYZ",
lowercase: "abcdefghijklmnopqrstuvwxyz",
digit: "0123456789",
symbol: "!@#$%^&*()_+{}:\"<>?\|[];',./`~",
all: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+{}:\"<>?|[];',./`~",
};
rules.letter = rules.uppercase + rules.lowercase;
rules.all = rules.uppercase + rules.lowercase + rules.digit + rules.symbol;

var ruleset = '';
var myRules = <?= json_encode($rules) ?>;
var myPassword = '';

if (typeof myRules.uppercase === "object") {
min = myRules.uppercase.min;
if (typeof myRules.uppercase.min === "undefined") {
min = 1;
}
max = myRules.uppercase.max;
if (typeof myRules.uppercase.max === "undefined") {
max = min;
}
generate = myRules.uppercase.generate;
if (typeof myRules.uppercase.generate !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.uppercase;
myPassword += rules.uppercase.pick(min,max);
}
if (typeof myRules.lowercase === "object") {
min = myRules.lowercase.min;
if (typeof myRules.lowercase.min === "undefined") {
min = 1;
}
max = myRules.lowercase.max;
if (typeof myRules.lowercase.max === "undefined") {
max = min;
}
generate = myRules.lowercase.generate;
if (typeof myRules.lowercase.generate !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.lowercase;
myPassword += rules.lowercase.pick(min,max);
}
if (typeof myRules.letter === "object") {
min = myRules.letter.min;
if (typeof myRules.letter.min === "undefined") {
min = 1;
}
max = myRules.letter.max;
if (typeof myRules.letter.max === "undefined") {
max = min;
}
if (min > myPassword.length) {
min = min - myPassword.length;
} else {
min = 0;
}
if (max > myPassword.length) {
max = max - myPassword.length;
} else {
min = 0;
if (typeof rex_ycom_password_refresh !== 'function') {
function rex_ycom_password_refresh(button) {

var rules = {
letter: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
uppercase: "ABCDEFGHIJKLMNOPQRSTUVWXYZ",
lowercase: "abcdefghijklmnopqrstuvwxyz",
digit: "0123456789",
symbol: "!@#$%^&*()_+{}:\"<>?\|[];',./`~",
all: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()_+{}:\"<>?|[];',./`~",
};
rules.letter = rules.uppercase + rules.lowercase;
rules.all = rules.uppercase + rules.lowercase + rules.digit + rules.symbol;

var ruleset = '';
var myRules = JSON.parse(decodeURIComponent(button.getAttribute('data-myRules')));
var myPassword = '';

if (typeof myRules.uppercase === "object") {
min = myRules.uppercase.min;
if (typeof myRules.uppercase.min === "undefined") {
min = 1;
}
max = myRules.uppercase.max;
if (typeof myRules.uppercase.max === "undefined") {
max = min;
}
generate = myRules.uppercase.generate;
if (typeof myRules.uppercase.generate !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.uppercase;
myPassword += rules.uppercase.pick(min, max);
}
generate = myRules.letter.generate;
if (typeof myRules.letter.max !== "undefined") {
min = generate;
max = generate;
if (typeof myRules.lowercase === "object") {
min = myRules.lowercase.min;
if (typeof myRules.lowercase.min === "undefined") {
min = 1;
}
max = myRules.lowercase.max;
if (typeof myRules.lowercase.max === "undefined") {
max = min;
}
generate = myRules.lowercase.generate;
if (typeof myRules.lowercase.generate !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.lowercase;
myPassword += rules.lowercase.pick(min, max);
}
myPassword += ruleset.pick(min,max);
if (typeof myRules.letter === "object") {
min = myRules.letter.min;
if (typeof myRules.letter.min === "undefined") {
min = 1;
}
max = myRules.letter.max;
if (typeof myRules.letter.max === "undefined") {
max = min;
}
if (min > myPassword.length) {
min = min - myPassword.length;
} else {
min = 0;
}
if (max > myPassword.length) {
max = max - myPassword.length;
} else {
min = 0;
}
generate = myRules.letter.generate;
if (typeof myRules.letter.max !== "undefined") {
min = generate;
max = generate;
}
myPassword += ruleset.pick(min, max);

}
if (typeof myRules.digit === "object") {
min = myRules.digit.min;
if (typeof myRules.digit.min === "undefined") {
min = 1;
}
max = myRules.digit.max;
if (typeof myRules.digit.max === "undefined") {
max = min;
}
generate = myRules.digit.generate;
if (typeof myRules.digit.max !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.digit;
myPassword += rules.digit.pick(min,max);
}
if (typeof myRules.symbol === "object") {
min = myRules.symbol.min;
if (typeof myRules.symbol.min === "undefined") {
min = 1;
if (typeof myRules.digit === "object") {
min = myRules.digit.min;
if (typeof myRules.digit.min === "undefined") {
min = 1;
}
max = myRules.digit.max;
if (typeof myRules.digit.max === "undefined") {
max = min;
}
generate = myRules.digit.generate;
if (typeof myRules.digit.max !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.digit;
myPassword += rules.digit.pick(min, max);
}
max = myRules.symbol.max;
if (typeof myRules.symbol.max === "undefined") {
max = min;
if (typeof myRules.symbol === "object") {
min = myRules.symbol.min;
if (typeof myRules.symbol.min === "undefined") {
min = 1;
}
max = myRules.symbol.max;
if (typeof myRules.symbol.max === "undefined") {
max = min;
}
generate = myRules.symbol.generate;
if (typeof myRules.symbol.max !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.symbol;
myPassword += rules.symbol.pick(min, max);
}
generate = myRules.symbol.generate;
if (typeof myRules.symbol.max !== "undefined") {
min = generate;
max = generate;
}
ruleset += rules.symbol;
myPassword += rules.symbol.pick(min,max);
}

if (typeof myRules.length === "object") {
min = myRules.length.min;
if (typeof myRules.length.min === "undefined") {
min = 1;
}
max = myRules.length.max;
if (typeof myRules.length.max === "undefined") {
max = min;
}
if (min > myPassword.length) {
min = min - myPassword.length;
} else {
min = 0;
}
if (max > myPassword.length) {
max = max - myPassword.length;
} else {
min = 0;
}
generate = myRules.length.generate;
if (typeof myRules.length.max !== "undefined") {
min = generate;
max = generate;
}
myPassword += ruleset.pick(min,max);
if (typeof myRules.length === "object") {
min = myRules.length.min;
if (typeof myRules.length.min === "undefined") {
min = 1;
}
max = myRules.length.max;
if (typeof myRules.length.max === "undefined") {
max = min;
}
if (min > myPassword.length) {
min = min - myPassword.length;
} else {
min = 0;
}
if (max > myPassword.length) {
max = max - myPassword.length;
} else {
min = 0;
}
generate = myRules.length.generate;
if (typeof myRules.length.max !== "undefined") {
min = generate;
max = generate;
}
myPassword += ruleset.pick(min, max);

}
}

var item = document.getElementsByName('<?= $this->getFieldName() ?>').item(0);
var name = item.getAttribute('name');
var type = item.getAttribute('value');
var item = document.getElementsByName(button.getAttribute('data-myField')).item(0);
var name = item.getAttribute('name');
var type = item.getAttribute('value');

item.value = myPassword;
item.value = myPassword;

}
}
</script><?php

Expand Down

0 comments on commit f957ce1

Please sign in to comment.