From 5e50af170a20e2b302e059f7eddd213d536a4d3d Mon Sep 17 00:00:00 2001
From: Jeff Godin <jgodin@tadl.org>
Date: Wed, 19 Aug 2015 13:42:15 -0400
Subject: [PATCH] Use password regex to text login password strength

Instead of using a PIN, use the global.password_regex OU setting to
test password strength at login.

Signed-off-by: Jeff Godin <jgodin@tadl.org>
---
 Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
index fee693c3b3..aad7df16f2 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader.pm
@@ -482,8 +482,18 @@ sub load_login {
         )
     ];
 
-    # test for four-digit PIN as password -- suggest password change
-    if ($password =~ m/^\d{4}$/) {
+    my $pw_regex = $self->ctx->{get_org_setting}->($org_unit, 'global.password_regex');
+
+    if(!$pw_regex) {
+        # This regex duplicates the JSPac's default "digit, letter, and 7 characters" rule
+        $pw_regex = '(?=.*\d+.*)(?=.*[A-Za-z]+.*).{7,}';
+    }
+
+    # test for password that does not meet regex requirements
+    if ($password !~ m/$pw_regex/) {
+        # redirect user to update_password page with url argument
+        # that can be used by a template to display additional text
+        # suggesting a password change
         my $update_password = sprintf(
                 'https://%s%s/myopac/update_password?initial=1',
                 $self->apache->hostname, $self->ctx->{opac_root} );
-- 
2.11.0