Item6528: Set the Flag to Change Password in next Login

Set the Flag to Change Password in next Login

-- TWiki:Main/SopanShewale - 2010-07-20

Following can be sample change in TWiki::Users::HtpasswdUser module if we included extra fields discussed in proposal. Please note - this also makes .htpasswd file backword compatible. One do not need to existing .htpasswd file to use new code.

--- HtPasswdUser.pm.orig   2010-07-20 21:36:56.968482632 +0530
+++ HtPasswdUser.pm   2010-07-20 21:39:04.209473745 +0530
@@ -126,15 +126,38 @@
     my $line = '';
     while ( defined( $line = <IN_FILE> ) ) {
         if ( $TWiki::cfg{Htpasswd}{Encoding} eq 'md5' ) {    # htdigest format
-            if ( $line =~ /^(.*?):(.*?):(.*?)(?::(.*))?$/ ) {
+            if (
+                   $line =~ /^(.*?):(.*?):(.*?):(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?):(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?):(.*?)(?::(.*))?$/
+
+              )
+            {
                 $data->{$1}->{pass} = $3;
                 $data->{$1}->{emails} = $4 || '';
+                $data->{$1}->{flag} =
+                  ( ( defined $5 ) && ( $5 == 0 ) ) ? 0 : ( $5 || '' );
+                $data->{$1}->{pass_change} = $6 || '';
+                $data->{$1}->{flag_change} = $7 || '';
             }
         }
-        else {                                               # htpasswd format
-            if ( $line =~ /^(.*?):(.*?)(?::(.*))?$/ ) {
+        else {    # htpasswd format
+            if (
+                   $line =~ /^(.*?):(.*?):(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?):(.*?)(?::(.*))?$/
+                || $line =~ /^(.*?):(.*?)(?::(.*))?$/
+
+              )
+            {
                 $data->{$1}->{pass} = $2;
                 $data->{$1}->{emails} = $3 || '';
+                $data->{$1}->{flag} =
+                  ( ( defined $4 ) && ( $4 == 0 ) ) ? 0 : ( $4 || '' );
+                $data->{$1}->{pass_change} = $5 || '';
+                $data->{$1}->{flag_change} = $6 || '';
+
             }
         }
     }

-- TWiki:Main/SopanShewale - 2010-07-20

70 commits later: I enhanced the underlying API and redesigned the design based on the spec of this SetFlagtoChangePassword proposal. We have now:

1. New TWiki:Codev.UserDataManagementApiAndGUI feature:
   • An API for password managers to declare user data to display and modify (data driven approach)
   • A TWiki.QueryUsers form that lists users, regardless of password manager used
   • A TWiki.EditUserAccount form to display or modify a user data record (data driven)
   • The TWiki.EditUserAccount form shows the user account save action result below the submit button - with red or green LED based on error condition.
2. New TWiki:Codev.SupportDisabledUsersInPasswordManager feature:
   • A "disabled" flag that can be set per user in the HtPasswdUser manager - if set, user can no longer login (works with template login as well as apache login)
3. This TWiki:Codev.SetFlagtoChangePassword feature:
   • A "must change password" flag that can be set per user in the HtPasswdUser manager - if set, user is forced to change password after successful authentication
   • Conditionally show a new "must change password" checkbox in user registration if logged-in user is an admin
   • Conditionally show a new "system generated password" checkbox in user registration if logged-in user is an admin and if {Register}{AllowSystemGeneratedPassword} setting is set
4. Miscellaneous features:
   • Don't use '.' in random password, which can be confused with line end punctuation in password reset e-mail
   • More robust error handling in HtPasswdUser password manager

TWiki:Main.PeterThoeny

This has been implemented a while ago. Changing status to waiting for release.

-- TWiki:Main.PeterThoeny - 2010-11-22