diff --git a/.gitattributes b/.gitattributes index c850a859..376848c4 100644 --- a/.gitattributes +++ b/.gitattributes @@ -1 +1,5 @@ +# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: CC0-1.0 + /js/* binary +/screenshots/* binary diff --git a/.gitignore b/.gitignore index 0c30fdf0..0490062f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: CC0-1.0 + /vendor/ /.php-cs-fixer.cache diff --git a/README.md b/README.md index e2785364..8df9e993 100644 --- a/README.md +++ b/README.md @@ -4,23 +4,45 @@ --> # Password policy -[![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/password_policy)](https://api.reuse.software/info/github.com/nextcloud/password_policy) +[![REUSE status](https://api.reuse.software/badge/github.com/nextcloud/password_policy)](https://api.reuse.software/info/github.com/nextcloud/password_policy) [![PHPUnit status](https://github.com/nextcloud/password_policy/actions/workflows/phpunit-sqlite.yml/badge.svg)](https://github.com/nextcloud/password_policy/actions/workflows/phpunit-sqlite.yml) This app enables the the admin to define certain rules for passwords, for example the minimum length of a password. -Once the app is enabled you find the "Password policy" settings in the admin section: - -![](https://github.com/nextcloud/screenshots/blob/master/password_policy/password_policy_settings.png) - By default the app enforces a minimum password length of 8 characters and checks every password against the 1.000.000 most common passwords. Currently the app checks passwords for public link shares and for user passwords if the database backend is used. -You can easily check passwords for your own app by adding following code to your app: +Once the app is enabled you find the "Password policy" settings in the admin section: -```` -$eventDispatcher = \OC::$server->query(IEventDispatcher::class); +![screenshot of the admin section](./screenshots/password_policy_settings.png) + +## Integrate in other apps + +### Generate passwords +This app is capable of generating passwords according to the configured policy, so to create a password for your app: + +````php +$eventDispatcher = \OCP\Server::get(IEventDispatcher::class); $event = new \OCP\Security\Events\GenerateSecurePasswordEvent(); -$eventDispatcher->dispatchTyped($event); +try { + $eventDispatcher->dispatchTyped($event); +} catch (\OCP\HintException $e) { + // ⚠️ The password generation failed, more information is set on the exception +} $password = $event->getPassword() ?? 'fallback when this app is not enabled'; ```` + +### Validate passwords +You can easily check passwords for your own app by adding following code to your app: + +````php +$eventDispatcher = \OCP\Server::get(IEventDispatcher::class); +$password = 'the-password-you-want-to-validate'; +$event = new \OCP\Security\Events\ValidatePasswordPolicyEvent($password); +try { + $eventDispatcher->dispatchTyped($event); + // ✅ The password is valid; +} catch (\OCP\HintException $e) { + // ❌ The password is invalid +} +```` diff --git a/REUSE.toml b/REUSE.toml index daf11e8e..90d29278 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -6,11 +6,17 @@ SPDX-PackageSupplier = "Nextcloud " SPDX-PackageDownloadLocation = "https://github.com/nextcloud/external" [[annotations]] -path = [".gitattributes", ".editorconfig", "babel.config.js", ".php-cs-fixer.dist.php", "package-lock.json", "package.json", "composer.json", "composer.lock", "webpack.js", "stylelint.config.js", ".eslintrc.js", ".gitignore", ".jshintrc", ".l10nignore", "action/.gitignore", "action/package.json", "action/package-lock.json", "action/dist/index.js", "tests/**", "psalm.xml", "vendor-bin/**/composer.json", "vendor-bin/**/composer.lock", ".tx/config", "webpack.config.js", "js/vendor.LICENSE.txt", ".github/CODEOWNERS", "vite.config.js", "stylelint.config.cjs", ".eslintrc.json"] +path = ["package-lock.json", "package.json", ".l10nignore", "composer.json", "composer.lock", "vendor-bin/**/composer.json", "vendor-bin/**/composer.lock", ".tx/config", "js/vendor.LICENSE.txt", ".github/CODEOWNERS", ".eslintrc.json"] precedence = "aggregate" SPDX-FileCopyrightText = "none" SPDX-License-Identifier = "CC0-1.0" +[[annotations]] +path = ["screenshots/*.png"] +precedence = "aggregate" +SPDX-FileCopyrightText = "2024 Nextcloud GmbH and Nextcloud contributors" +SPDX-License-Identifier = "CC0-1.0" + [[annotations]] path = ["l10n/**.js", "l10n/**.json", "js/**.mjs.map", "js/**.mjs", "js/templates/**.handlebars", "css/password_policy-settings.css"] precedence = "aggregate" diff --git a/screenshots/password_policy_settings.png b/screenshots/password_policy_settings.png new file mode 100644 index 00000000..93714efb Binary files /dev/null and b/screenshots/password_policy_settings.png differ diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 1a488b4f..d57ac53d 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -1,5 +1,10 @@ - * - * @author Arthur Schiwon - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Compliance; diff --git a/tests/lib/PasswordPolicyConfigTest.php b/tests/lib/PasswordPolicyConfigTest.php index 78525b30..1c823efc 100644 --- a/tests/lib/PasswordPolicyConfigTest.php +++ b/tests/lib/PasswordPolicyConfigTest.php @@ -1,22 +1,7 @@ - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests; diff --git a/tests/lib/PasswordValidatorTest.php b/tests/lib/PasswordValidatorTest.php index 397ffd46..321c1e05 100644 --- a/tests/lib/PasswordValidatorTest.php +++ b/tests/lib/PasswordValidatorTest.php @@ -1,22 +1,7 @@ - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests; diff --git a/tests/lib/Validator/CommonPasswordsValidatorTest.php b/tests/lib/Validator/CommonPasswordsValidatorTest.php index 5378cfe9..2860dad8 100644 --- a/tests/lib/Validator/CommonPasswordsValidatorTest.php +++ b/tests/lib/Validator/CommonPasswordsValidatorTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma - * - * @author Roeland Jago Douma - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Validator; diff --git a/tests/lib/Validator/LengthValidatorTest.php b/tests/lib/Validator/LengthValidatorTest.php index 6bacb49c..3b4ff1f5 100644 --- a/tests/lib/Validator/LengthValidatorTest.php +++ b/tests/lib/Validator/LengthValidatorTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma - * - * @author Roeland Jago Douma - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Validator; diff --git a/tests/lib/Validator/NumericCharacterValidatorTest.php b/tests/lib/Validator/NumericCharacterValidatorTest.php index 1468676f..bc38bff1 100644 --- a/tests/lib/Validator/NumericCharacterValidatorTest.php +++ b/tests/lib/Validator/NumericCharacterValidatorTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma - * - * @author Roeland Jago Douma - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Validator; diff --git a/tests/lib/Validator/SpecialCharactersValidatorTest.php b/tests/lib/Validator/SpecialCharactersValidatorTest.php index 5a3931f0..41eeda5f 100644 --- a/tests/lib/Validator/SpecialCharactersValidatorTest.php +++ b/tests/lib/Validator/SpecialCharactersValidatorTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma - * - * @author Roeland Jago Douma - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Validator; diff --git a/tests/lib/Validator/UpperCaseLowerCaseValidatorTest.php b/tests/lib/Validator/UpperCaseLowerCaseValidatorTest.php index 44449310..2d2bacb8 100644 --- a/tests/lib/Validator/UpperCaseLowerCaseValidatorTest.php +++ b/tests/lib/Validator/UpperCaseLowerCaseValidatorTest.php @@ -2,25 +2,8 @@ declare(strict_types=1); /** - * @copyright Copyright (c) 2019, Roeland Jago Douma - * - * @author Roeland Jago Douma - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * + * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Password_Policy\Tests\Validator; diff --git a/tests/phpunit.xml b/tests/phpunit.xml index 0af1e431..3e253b21 100644 --- a/tests/phpunit.xml +++ b/tests/phpunit.xml @@ -1,4 +1,8 @@ +