--- loncom/interface/lonuserutils.pm 2019/05/04 19:57:29 1.196
+++ loncom/interface/lonuserutils.pm 2019/05/11 21:34:01 1.200
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Utility functions for managing LON-CAPA user accounts
#
-# $Id: lonuserutils.pm,v 1.196 2019/05/04 19:57:29 raeburn Exp $
+# $Id: lonuserutils.pm,v 1.200 2019/05/11 21:34:01 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -750,7 +750,7 @@ sub passwd_validation_js {
}
if ($rules{'spec'}) {
$intargjs .= q|
- var specRegExp = /[!"#$%&'()*+,\-.\/:;<=>?@[\\\]^_`{\|}~]/;
+ var specRegExp = /[!"#$%&'()*+,\-.\/:;<=>?@[\\^\]_`{\|}~]/;
if (!specRegExp.test(currpwval)) {
brokerules.push('spec');
}
@@ -773,7 +773,7 @@ sub passwd_validation_js {
if (rulesmsg != '') {
rulesmsg = '$alertmsg'+rulesmsg;
alert(rulesmsg);
- return;
+ return false;
}
|;
}
@@ -4251,7 +4251,7 @@ sub print_first_users_upload_form {
.&Apache::lonhtmlcommon::end_pick_box();
$str .= '<p>'
- .'<input type="submit" name="fileupload" value="'.&mt('Next').'"'
+ .'<input type="button" name="fileupload" value="'.&mt('Next').'"'
.' onclick="javascript:checkUpload(this.form);" />'
.'</p>';
@@ -4377,6 +4377,7 @@ sub upfile_drop_add {
}
my $amode = '';
my $genpwd = '';
+ my @genpwdfail;
if ($env{'form.login'} eq 'krb') {
$amode='krb';
$amode.=$env{'form.krbver'};
@@ -4385,6 +4386,8 @@ sub upfile_drop_add {
$amode='internal';
if ((defined($env{'form.intarg'})) && ($env{'form.intarg'})) {
$genpwd=$env{'form.intarg'};
+ @genpwdfail =
+ &Apache::loncommon::check_passwd_rules($domain,$genpwd);
}
} elsif ($env{'form.login'} eq 'loc') {
$amode='localauth';
@@ -4465,7 +4468,6 @@ sub upfile_drop_add {
\@statuses,\@poss_roles);
&gather_userinfo($context,'view',\%userlist,$indexhash,\%info,
\%cstr_roles,$permission);
-
}
}
}
@@ -4543,7 +4545,8 @@ sub upfile_drop_add {
my $newuserdom = $env{'request.role.domain'};
map { $cancreate{$_} = &can_create_user($newuserdom,$context,$_); } keys(%longtypes);
# Get new users list
- my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname);
+ my (%existinguser,%userinfo,%disallow,%rulematch,%inst_results,%alerts,%checkuname,
+ %showpasswdrules,$haspasswdmap);
my $counter = -1;
my (%willtrust,%trustchecked);
foreach my $line (@userdata) {
@@ -4694,12 +4697,44 @@ sub upfile_drop_add {
}
}
# determine user password
- my $password = $genpwd;
+ my $password;
+ my $passwdfromfile;
if (defined($fields{'ipwd'})) {
if ($entries{$fields{'ipwd'}}) {
$password=$entries{$fields{'ipwd'}};
+ $passwdfromfile = 1;
+ if ($env{'form.login'} eq 'int') {
+ my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+ if (($uhome eq 'no_host') || ($changeauth)) {
+ my @brokepwdrules =
+ &Apache::loncommon::check_passwd_rules($domain,$password);
+ if (@brokepwdrules) {
+ $disallow{$counter} = &mt('[_1]: Password included in file for this user did not meet requirements.',
+ '<b>'.$username.'</b>');
+ map { $showpasswdrules{$_} = 1; } @brokepwdrules;
+ next;
+ }
+ }
+ }
}
}
+ unless ($passwdfromfile) {
+ if ($env{'form.login'} eq 'int') {
+ if (@genpwdfail) {
+ my $uhome=&Apache::lonnet::homeserver($username,$userdomain);
+ if (($uhome eq 'no_host') || ($changeauth)) {
+ $disallow{$counter} = &mt('[_1]: No specific password in file for this user; default password did not meet requirements',
+ '<b>'.$username.'</b>');
+ unless ($haspasswdmap) {
+ map { $showpasswdrules{$_} = 1; } @genpwdfail;
+ $haspasswdmap = 1;
+ }
+ }
+ next;
+ }
+ }
+ $password = $genpwd;
+ }
# determine user role
my $role = '';
if (defined($fields{'role'})) {
@@ -5061,6 +5096,7 @@ sub upfile_drop_add {
$counts{'auth'})."</p>\n");
}
$r->print(&print_namespacing_alerts($domain,\%alerts,\%curr_rules));
+ $r->print(&passwdrule_alerts($domain,\%showpasswdrules));
#####################################
# Display list of students to drop #
#####################################
@@ -5130,6 +5166,38 @@ sub print_namespacing_alerts {
}
}
+sub passwdrule_alerts {
+ my ($domain,$passwdrules) = @_;
+ my $warning;
+ if (ref($passwdrules) eq 'HASH') {
+ my %showrules = %{$passwdrules};
+ if (keys(%showrules)) {
+ my %passwdconf = &Apache::lonnet::get_passwdconf($domain);
+ $warning = '<b>'.&mt('Password requirement(s) unmet for one or more users:').'</b><ul>';
+ if ($showrules{'min'}) {
+ $warning .= '<li>'.&mt('minimum [quant,_1,character]',$passwdconf{'min'}).'</li>';
+ }
+ if ($showrules{'max'}) {
+ $warning .= '<li>'.&mt('maximum [quant,_1,character]',$passwdconf{'max'}).'</li>';
+ }
+ if ($showrules{'uc'}) {
+ $warning .= '<li>'.&mt('contain at least one upper case letter').'</li>';
+ }
+ if ($showrules{'lc'}) {
+ $warning .= '<li>'.&mt('contain at least one lower case letter').'</li>';
+ }
+ if ($showrules{'num'}) {
+ $warning .= '<li>'.&mt('contain at least one number').'</li>';
+ }
+ if ($showrules{'spec'}) {
+ $warning .= '<li>'.&mt('contain at least one non-alphanumeric').'</li>';
+ }
+ $warning .= '</ul>';
+ }
+ }
+ return $warning;
+}
+
sub user_change_result {
my ($r,$userresult,$authresult,$roleresult,$idresult,$counts,$flushc,
$username,$userdomain,$userchg) = @_;
@@ -6014,7 +6082,26 @@ sub can_change_internalpass {
unless ($env{'course.'.$env{'request.course.id'}.'.internal.nopasswdchg'}) {
my ($cnum,$cdom) = &get_course_identity();
if ((&Apache::lonnet::is_course_owner($cdom,$cnum)) && ($udom eq $env{'user.domain'})) {
- my $noupdate;
+ my @userstatuses = ('default');
+ my %userenv = &Apache::lonnet::userenvironment($udom,$uname,'inststatus');
+ if ($userenv{'inststatus'} ne '') {
+ @userstatuses = split(/:/,$userenv{'inststatus'});
+ }
+ my $noupdate = 1;
+ my %passwdconf = &Apache::lonnet::get_passwdconf($cdom);
+ if (ref($passwdconf{'crsownerchg'}) eq 'HASH') {
+ if (ref($passwdconf{'crsownerchg'}{'for'}) eq 'ARRAY') {
+ foreach my $status (@userstatuses) {
+ if (grep(/^\Q$status\E$/,@{$passwdconf{'crsownerchg'}{'for'}})) {
+ undef($noupdate);
+ last;
+ }
+ }
+ }
+ }
+ if ($noupdate) {
+ return;
+ }
my %owned = &Apache::lonnet::courseiddump($cdom,'.',1,'.',
$env{'user.name'}.':'.$env{'user.domain'},
undef,undef,undef,'.');