[ltb-dev] [LDAP Tool Box - Feature #275] Added a couple of features

noreply at lsc-project.org noreply at lsc-project.org
Fri Mar 25 17:32:22 CET 2011

Issue #275 has been updated by Clément Oudot.

% Done changed from 0 to 30

Token expiration done in #290.

This issue mentions two other features:
* Password complexity: number of different characters types (upper, lower, digit, special) required
* Email notification when password is changed

Feature #275: Added a couple of features

Author: Jason Shugart
Status: Assigned
Priority: Normal
Assigned to: Clément Oudot
Category: Self Service Password
Target version: self-service-password-0.5

I ran across the Self Service Password tool and really liked it.  However, there were a couple of items that I thought might be useful.  I coded the changes and have tested them a bit.  Feel free to adjust as needed to throw out entirely.

My changes:
1. Email notification whenever your password is changed.
   I added a $notify_on_change to the config, and if true sends an email to the user letting them know their password was changed.
2. Added a $mail_from variable to the config.
   This way any emails will have a valid return address.
3. Token expiration
   The previous code could potentially allow someone else to reset your password if they found the link in their email.  I added an expiration time (default to 60 seconds) so any request after the 60 seconds to change the password will result in an invalid token.
4. Added a complex password check
   Much like the windows complexity check for 3 of the 4 character types (upper, lower, digits, special).
5. Fixed a couple of bugs in the check_password_strength function calls

I'll attach the patch files.

You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20110325/42c39cda/attachment-0001.htm>

More information about the ltb-dev mailing list