Skip to content
Snippets Groups Projects
Verified Commit c64a8290 authored by Jerome Boucher's avatar Jerome Boucher
Browse files

FIX #28129 TIME 01:00 fix password validity

parent 0a1eb632
No related branches found
No related tags found
2 merge requests!838Rebase develop,!837V3.0
...@@ -450,15 +450,16 @@ adminUsers = "['superadmin']" ...@@ -450,15 +450,16 @@ adminUsers = "['superadmin']"
; Allow the user to modify his or her information ; Allow the user to modify his or her information
allowUserModification = true allowUserModification = true
; Number of login attempts before the user account is locked. ignored if 0 ; Security parameters for password
; Duration of validity for password. ignored if 0 ; loginAttempts : Number of login attempts before the user account is locked. ignored if 0
; Duration in hour of the generated password. ignored if 0 ; passwordValidity : Duration of validity for password. ignored if 0
; Minimum length for password. ignored if 0 ; newPasswordValidity : Duration in hour of the generated password. ignored if 0
; Password must content non alphanumeric characters (On|Off, 0|1, true|false) ; passwordMinLength : Minimum length for password. ignored if 0
; Password must content character digits from 0 to 9 (On|Off, 0|1, true|false) ; passwordRequiresSpecialChars : Password must content non alphanumeric characters (On|Off, 0|1, true|false)
; Password must content mixed case alphabetic characters (On|Off, 0|1, true|false) ; passwordRequiresDigits : Password must content character digits from 0 to 9 (On|Off, 0|1, true|false)
; Time in second of the session ; passwordRequiresMixedCase : Password must content mixed case alphabetic characters (On|Off, 0|1, true|false)
; Lock time in seconds ; sessionTimeout : Time in second of the session
; lockDelay : Lock time in seconds
securityPolicy = "{ securityPolicy = "{
'loginAttempts' : 3, 'loginAttempts' : 3,
'passwordValidity' : 0, 'passwordValidity' : 0,
......
...@@ -582,7 +582,7 @@ class userAccount ...@@ -582,7 +582,7 @@ class userAccount
$encryptedPassword = password_hash($newPassword, PASSWORD_DEFAULT); $encryptedPassword = password_hash($newPassword, PASSWORD_DEFAULT);
$oldUserPassword = $this->sdoFactory->read("auth/account", $userAccountId)->password; $oldUserPassword = $this->sdoFactory->read("auth/account", $userAccount)->password;
$userAccount->password = $encryptedPassword; $userAccount->password = $encryptedPassword;
$userAccount->passwordLastChange = \laabs::newTimestamp(); $userAccount->passwordLastChange = \laabs::newTimestamp();
$userAccount->badPasswordCount = 0; $userAccount->badPasswordCount = 0;
......
...@@ -236,10 +236,11 @@ class userAuthentication ...@@ -236,10 +236,11 @@ class userAuthentication
private function verifyValidity($userAccount, $userLogin) private function verifyValidity($userAccount, $userLogin)
{ {
if ($this->securityPolicy['passwordValidity'] && $this->securityPolicy["passwordValidity"] != 0) { if ($this->securityPolicy['passwordValidity'] && $this->securityPolicy["passwordValidity"] != 0) {
$userPasswordLastChange = $userAccount->passwordLastChange->getTimestamp() ?? 0; $userLastPasswordChange = $userAccount->passwordLastChange->getTimestamp();
$diff = ($userLogin->lastLogin->getTimestamp() - $userPasswordLastChange); $now = new \DateTime('now');
// (timestamp de dernier login - timestamp de dernier chgt mdp) / durée de la session $dayInSeconds = 24 * 3600;
if ($diff > $this->securityPolicy['passwordValidity']) { $NbDaysSinceLastPasswordModification = ($now->getTimestamp() - $userLastPasswordChange) / $dayInSeconds;
if ($NbDaysSinceLastPasswordModification > $this->securityPolicy['passwordValidity']) {
throw \laabs::newException('auth/userPasswordValidityExpiredRequestException'); throw \laabs::newException('auth/userPasswordValidityExpiredRequestException');
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment