View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|14636||Feature requests||Security||public||2019-03-12 15:22||2023-02-03 17:26|
|Summary||14636: Admin password restriction|
It can be great to have an admin password restriction (or a plugin event for this (if it's already here : OK, i do the core plugin))
Default take from config.php
Taken from nextcloud :
config-default.php can be min size to 8 for starting
|Tags||No tags attached.|
|Story point estimate|
|Users affected %|
OK in 4.0 ? Or did you already have a plugin for this ?
DenisChenu, are you thinking of e.g. a new global setting at which superadmins can define the minimum password requirements by using the list you added above? That would be pretty useful.
Yes, in admin GUI.
I can do it for 4.0, i just wait …
I have code to enforce minimum password strength for Version 3.17.0+190402 see: https://bugs.limesurvey.org/view.php?id=9599
I have made modifications to the LS 3.x core to enforce password strength when an admin is editing a user account, or when a user edits their own password settings.
My solution doesn't use the gettranslation feature as I only required my solution to be in English. If this ends up in core, of course, texts should be translated.
The changes were made against build Version 3.17.0+190402, and involved the files:
Password criteria can be specified via the config.php, using this format (min and mix refer to required length of the password, upper refers to uppercase, numeric is obvious, as is symbol.
// Update default LimeSurvey config here
application.zip (20,280 bytes)
Can you make a PR on github, please?
@DenisChenu, @cdorin, the feature for defining the PW strength was added to LS4, see https://github.com/LimeSurvey/LimeSurvey/blob/master/application/config/config-defaults.php#L795 and https://github.com/LimeSurvey/LimeSurvey/commit/b8d7499e05977abffe8811b88588c56f8c74b46c but documentation is missing.
Please make sure that this gets documented at the Limesurvey manual. Otherwise most users will not be aware that this actually exists. A feature not documented is a feature not used.
I'm not the dev … then i don't update manual …
So who actually implemented this?
This is implemented, I believe.
|2019-03-12 15:22||DenisChenu||New Issue|
|2019-04-04 07:57||DenisChenu||Relationship added||has duplicate 14736|
|2019-04-04 07:58||DenisChenu||Assigned To||=> c_schmitz|
|2019-04-04 07:58||DenisChenu||Status||new => feedback|
|2019-04-04 07:58||DenisChenu||Note Added: 51334|
|2019-04-05 08:54||Mazi||Note Added: 51359|
|2019-04-05 08:57||DenisChenu||Note Added: 51362|
|2019-04-05 08:57||DenisChenu||Status||feedback => assigned|
|2019-04-05 08:58||DenisChenu||Note Edited: 51362|
|2019-04-12 22:06||blocka||Note Added: 51462|
|2019-04-13 05:11||blocka||File Added: application.zip|
|2019-04-13 05:11||blocka||Note Added: 51463|
|2019-04-15 18:02||ollehar||Note Added: 51472|
|2019-04-15 20:05||blocka||Note Added: 51473|
|2020-08-24 13:09||Mazi||Note Added: 59588|
|2020-08-26 15:38||DenisChenu||Note Added: 59638|
|2020-08-26 15:50||Mazi||Note Added: 59639|
|2023-02-03 17:26||ollehar||Status||assigned => resolved|
|2023-02-03 17:26||ollehar||Resolution||open => fixed|
|2023-02-03 17:26||ollehar||Note Added: 73658|