From: Mark Wells <mark@freeside.biz>
Date: Tue, 8 Mar 2016 21:23:35 +0000 (-0800)
Subject: option to limit the set of characters in random passwords, #40792
X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=commitdiff_plain;h=e29d9d153375962cb431186355be0c3ad6b1bb21

option to limit the set of characters in random passwords, #40792
---

diff --git a/FS/FS/Conf.pm b/FS/FS/Conf.pm
index d5e0fa612..72b449c03 100644
--- a/FS/FS/Conf.pm
+++ b/FS/FS/Conf.pm
@@ -4043,10 +4043,10 @@ and customer address. Include units.',
   },
 
   {
-    'key'         => 'password-generated-allcaps',
+    'key'         => 'password-generated-characters',
     'section'     => 'password',
-    'description' => 'Causes passwords automatically generated to consist entirely of capital letters',
-    'type'        => 'checkbox',
+    'description' => 'Set of characters to use when generating random passwords. This must contain at least one lowercase letter, uppercase letter, digit, and punctuation mark.',
+    'type'        => 'textarea',
   },
 
 #  {
diff --git a/FS/FS/Password_Mixin.pm b/FS/FS/Password_Mixin.pm
index ac7ba5059..633265b13 100644
--- a/FS/FS/Password_Mixin.pm
+++ b/FS/FS/Password_Mixin.pm
@@ -14,6 +14,8 @@ FS::UID->install_callback( sub {
   $conf = FS::Conf->new;
 });
 
+our @pw_set;
+
 our $me = '[' . __PACKAGE__ . ']';
 
 our $BLOWFISH_COST = 10;
@@ -254,6 +256,36 @@ sub _blowfishcrypt {
 
 =back
 
+=head1 CLASS METHODS
+
+=over 4
+
+=item pw_set
+
+Returns the list of characters allowed in random passwords (from the
+C<password-generated-characters> config).
+
+=cut
+
+sub pw_set {
+  my $class = shift;
+  if (!@pw_set) {
+    my $pw_set = $conf->config('password-generated-characters');
+    $pw_set =~ s/\s//g; # don't ever allow whitespace
+    if ( $pw_set =~ /[[:lower:]]/
+      && $pw_set =~ /[[:upper:]]/
+      && $pw_set =~ /[[:digit:]]/
+      && $pw_set =~ /[[:punct:]]/ ) {
+      @pw_set = split('', $pw_set);
+    }
+    warn "password-generated-characters set is insufficient; using default.";
+    @pw_set = split('', 'abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ23456789()#.,');
+  }
+  return @pw_set;
+}
+
+=back
+
 =head1 SEE ALSO
 
 L<FS::password_history>
diff --git a/FS/FS/Upgrade.pm b/FS/FS/Upgrade.pm
index 0ac7a4eae..1f383103e 100644
--- a/FS/FS/Upgrade.pm
+++ b/FS/FS/Upgrade.pm
@@ -165,6 +165,12 @@ If you need to continue using the old Form 477 report, turn on the
     $conf->delete('voip-cust_email_csv_cdr') ;
   }
 
+  if ( !$conf->config('password-generated-characters') ) {
+    my $pw_set = 
+      'abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ23456789()#.,' ;
+    $conf->set('password-generated-characters', $pw_set);
+  }
+
   enable_banned_pay_pad() unless length($conf->config('banned_pay-pad'));
 
 }
diff --git a/FS/FS/part_export/broadband_sqlradius.pm b/FS/FS/part_export/broadband_sqlradius.pm
index 522c6377c..e58c641cf 100644
--- a/FS/FS/part_export/broadband_sqlradius.pm
+++ b/FS/FS/part_export/broadband_sqlradius.pm
@@ -6,16 +6,20 @@ use Tie::IxHash;
 use FS::Conf;
 use FS::Record qw( dbh str2time_sql ); #qsearch qsearchs );
 use FS::part_export::sqlradius qw(sqlradius_connect);
+use FS::Password_Mixin;
 use NEXT;
 
-FS::UID->install_callback(sub { $conf = new FS::Conf });
+FS::UID->install_callback(
+  sub {
+    $conf = new FS::Conf;
+    @pw_set = FS::Password_Mixin->pw_set;
+  }
+);
 
 @ISA = qw(FS::part_export::sqlradius);
 
 $DEBUG = 0;
 
-@pw_set = ( 'a'..'z', 'A'..'Z', '0'..'9', '(', ')', '#', '.', ',' );
-
 tie %options, 'Tie::IxHash',
   'datasrc'  => { label=>'DBI data source ' },
   'username' => { label=>'Database username' },
diff --git a/FS/FS/svc_acct.pm b/FS/FS/svc_acct.pm
index 8283e6f6b..b4db082e1 100644
--- a/FS/FS/svc_acct.pm
+++ b/FS/FS/svc_acct.pm
@@ -93,12 +93,11 @@ FS::UID->install_callback( sub {
   $smtpmachine = $conf->config('smtpmachine');
   $radius_password = $conf->config('radius-password') || 'Password';
   $radius_ip = $conf->config('radius-ip') || 'Framed-IP-Address';
-  @pw_set = ( 'A'..'Z' ) if $conf->exists('password-generated-allcaps');
+  @pw_set = FS::svc_acct->pw_set;
 }
 );
 
 @saltset = ( 'a'..'z' , 'A'..'Z' , '0'..'9' , '.' , '/' );
-@pw_set = ( 'a'..'z', 'A'..'Z', '0'..'9', '(', ')', '#', '.', ',' );
 
 sub _cache {
   my $self = shift;
diff --git a/FS/FS/svc_phone.pm b/FS/FS/svc_phone.pm
index f2be7d348..2b2db8c81 100644
--- a/FS/FS/svc_phone.pm
+++ b/FS/FS/svc_phone.pm
@@ -16,6 +16,7 @@ use FS::Conf;
 use FS::Record qw( qsearch qsearchs dbh );
 use FS::PagedSearch qw( psearch );
 use FS::Msgcat qw(gettext);
+use FS::Password_Mixin; # for pw_set
 use FS::part_svc;
 use FS::svc_pbx;
 use FS::svc_domain;
@@ -25,15 +26,13 @@ use FS::phone_avail;
 $me = '[' . __PACKAGE__ . ']';
 $DEBUG = 0;
 
-#avoid l 1 and o O 0
-@pw_set = ( 'a'..'k', 'm','n', 'p-z', 'A'..'N', 'P'..'Z' , '2'..'9' );
-
 #ask FS::UID to run this stuff for us later
 FS::UID->install_callback( sub { 
   $conf = new FS::Conf;
   $phone_name_max = $conf->config('svc_phone-phone_name-max_length');
   $passwordmin = $conf->config('sip_passwordmin') || 0;
   $passwordmax = $conf->config('sip_passwordmax') || 80;
+  @pw_set = FS::Password_Mixin->pw_set;
 }
 );
 
diff --git a/conf/password-generated-characters b/conf/password-generated-characters
new file mode 100644
index 000000000..57aa9352b
--- /dev/null
+++ b/conf/password-generated-characters
@@ -0,0 +1 @@
+abcdefghijkmnpqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ23456789()#.,
diff --git a/httemplate/elements/random_pass.html b/httemplate/elements/random_pass.html
index 14bbb581d..1517a55d7 100644
--- a/httemplate/elements/random_pass.html
+++ b/httemplate/elements/random_pass.html
@@ -1,16 +1,16 @@
 <INPUT TYPE="button" VALUE="<% emt($label) %>" onclick="randomPass()">
 <SCRIPT TYPE="text/javascript">
 function randomPass() {
-  var lower='<% join('', 'a'..'z') %>';
-  var upper='<% join('', 'A'..'Z') %>';
-  var number='<% join('', '0'..'9') %>';
-  var symbol='`~!@#$%^&*-_=+:;<>,.?';
-  var pw_set=lower+upper+number+symbol;
+  var pw_set = <% $pw_set |js_string %>;
+  var lower = <% $lower |js_string %>;
+  var upper = <% $upper |js_string %>;
+  var digit = <% $digit |js_string %>;
+  var punct = <% $punct |js_string %>;
   var pass=[];
   pass.push(lower.charAt(Math.floor(Math.random() * lower.length)));
-  pass.push(upper.charAt(Math.floor(Math.random() * lower.length)));
-  pass.push(number.charAt(Math.floor(Math.random() * number.length)));
-  pass.push(symbol.charAt(Math.floor(Math.random() * symbol.length)));
+  pass.push(upper.charAt(Math.floor(Math.random() * upper.length)));
+  pass.push(digit.charAt(Math.floor(Math.random() * digit.length)));
+  pass.push(punct.charAt(Math.floor(Math.random() * punct.length)));
   var i=0;
   while(i < 4) {
     i++;
@@ -24,4 +24,10 @@ function randomPass() {
 <%init>
 my $id = shift;
 my $label = shift || 'Generate';
+my $pw_set = join('', FS::Password_Mixin->pw_set);
+my $lower = join('', $pw_set =~ /[[:lower:]]/g);
+my $upper = join('', $pw_set =~ /[[:upper:]]/g);
+my $digit = join('', $pw_set =~ /[[:digit:]]/g);
+my $punct = join('', $pw_set =~ /[[:punct:]]/g);
+
 </%init>