From: Thomas Berezansky <tsbere@mvlc.org>
Date: Sat, 24 Sep 2011 20:28:29 +0000 (-0400)
Subject: TPac: Default Password Strength Rule
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=412b231c92c2dc9efe221a9c00c08a97ea35a0a2;p=evergreen%2Fmasslnc.git

TPac: Default Password Strength Rule

Every other password interface seems to have it.
Implemented as a single regex in this case.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
index 726db95e4d..83257e7e02 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
@@ -1217,6 +1217,11 @@ sub load_myopac_update_password {
 
     my $pw_regex = $ctx->{get_org_setting}->($e->requestor->home_ou, 'global.password_regex');
 
+    if(!$pw_regex) {
+        # This regex duplicates the JSPac's default "digit, letter, and 7 characters" rule
+        $pw_regex = '(?=.*\d+.*)(?=.*[A-Za-z]+.*).{7,}';
+    }
+
     if($pw_regex and $new_pw !~ /$pw_regex/) {
         $ctx->{password_invalid} = 1;
         return Apache2::Const::OK;