[ltb-dev] [LDAP Tool Box - Feature #275] Added a couple of features

noreply at lsc-project.org noreply at lsc-project.org
Fri Mar 25 17:32:22 CET 2011


Issue #275 has been updated by Clément Oudot.

% Done changed from 0 to 30

Token expiration done in #290.

This issue mentions two other features:
* Password complexity: number of different characters types (upper, lower, digit, special) required
* Email notification when password is changed

----------------------------------------
Feature #275: Added a couple of features
http://tools.lsc-project.org/issues/275

Author: Jason Shugart
Status: Assigned
Priority: Normal
Assigned to: Clément Oudot
Category: Self Service Password
Target version: self-service-password-0.5


I ran across the Self Service Password tool and really liked it.  However, there were a couple of items that I thought might be useful.  I coded the changes and have tested them a bit.  Feel free to adjust as needed to throw out entirely.

My changes:
1. Email notification whenever your password is changed.
   I added a $notify_on_change to the config, and if true sends an email to the user letting them know their password was changed.
2. Added a $mail_from variable to the config.
   This way any emails will have a valid return address.
3. Token expiration
   The previous code could potentially allow someone else to reset your password if they found the link in their email.  I added an expiration time (default to 60 seconds) so any request after the 60 seconds to change the password will result in an invalid token.
4. Added a complex password check
   Much like the windows complexity check for 3 of the 4 character types (upper, lower, digits, special).
5. Fixed a couple of bugs in the check_password_strength function calls

I'll attach the patch files.



-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20110325/42c39cda/attachment-0001.htm>


More information about the ltb-dev mailing list