public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-06-06 06:33:17 +00:00
Code Issues Releases Wiki Activity

Refactor generate_app_passwd to properly respect all password policy requirements

Browse Source 
Co-authored-by: DerLinkman <62480600+DerLinkman@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2025-12-12 11:49:10 +00:00
parent 2b38f348a5
commit 7e6003ef24
1 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/web/inc/functions.inc.php
+20 -10
View File
@@ -264,24 +264,28 @@ function generate_app_passwd($length = 32) {
$digits = '0123456789'; $digits = '0123456789';
$special = '!@#$%^&*()-_=+[]{}|;:,.<>?'; $special = '!@#$%^&*()-_=+[]{}|;:,.<>?';
// Build the character pool based on requirements // Build the character pool and required chars based on policy
$pool = ''; $pool = '';
$required_chars = ''; $required_chars = '';
// Always include digits and lowercase (basic requirement for hex compatibility) // Add digits to pool and ensure at least one if required
$pool .= $digits . $lowercase; if ($password_complexity['numbers'] == 1) {
$pool .= $digits;
$required_chars .= $digits[random_int(0, strlen($digits) - 1)];
}
// Add one required digit // Add alphabetic characters if required
$required_chars .= $digits[random_int(0, strlen($digits) - 1)];
// Add alphabetic character if required
if ($password_complexity['chars'] == 1) { if ($password_complexity['chars'] == 1) {
$required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)]; $pool .= $lowercase;
// Only add required char if not already added by lowerupper requirement
if ($password_complexity['lowerupper'] != 1) {
$required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)];
}
} }
// Add both uppercase and lowercase letters if lowerupper required // Add both uppercase and lowercase letters if lowerupper required
if ($password_complexity['lowerupper'] == 1) { if ($password_complexity['lowerupper'] == 1) {
$pool .= $uppercase; $pool .= $lowercase . $uppercase;
$required_chars .= $uppercase[random_int(0, strlen($uppercase) - 1)]; $required_chars .= $uppercase[random_int(0, strlen($uppercase) - 1)];
$required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)]; $required_chars .= $lowercase[random_int(0, strlen($lowercase) - 1)];
} }
@@ -292,10 +296,16 @@ function generate_app_passwd($length = 32) {
$required_chars .= $special[random_int(0, strlen($special) - 1)]; $required_chars .= $special[random_int(0, strlen($special) - 1)];
} }
// If no requirements specified, use alphanumeric as default
if (empty($pool)) {
$pool = $lowercase . $uppercase . $digits;
$required_chars .= $digits[random_int(0, strlen($digits) - 1)];
}
// Ensure the password is at least as long as the required characters // Ensure the password is at least as long as the required characters
$final_length = max($required_length, strlen($required_chars)); $final_length = max($required_length, strlen($required_chars));
// Generate remaining characters // Generate remaining characters from the pool
$remaining_length = $final_length - strlen($required_chars); $remaining_length = $final_length - strlen($required_chars);
$password = $required_chars; $password = $required_chars;