Bug 40711 – activate_groupmembers should not use special characters in password

Bug 40711 - activate_groupmembers should not use special characters in password


Summary:	activate_groupmembers should not use special characters in password

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Import scripts
Version:	UCS@school 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 4.1 R2 vXXX
Assigned To:	Daniel Tröder
QA Contact:	Sönke Schwardt-Krummrich

URL:
Keywords:	interim-3

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-02-17 13:42 CET by Michael Grandjean
Modified:	2016-10-04 13:24 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Forked for project
Max CVSS v3 score:

Attachments
patch proposal (804 bytes, patch) 2016-02-17 13:54 CET, Michael Grandjean	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grandjean

2016-02-17 13:42:05 CET

Currently, /usr/share/ucs-school-import/scripts/activate_groupmembers generates an 8 character long password and uses special characters.

Those special characters tend to be hard to type for some end users and easily cause problems when importing the CSV file in a spreadsheet software (e.g. leading '=' or '"').

For a better usability we should exclude special characters in these passwords. Maybe the character limit should then be raised to e.g. 12?

Comment 1 Michael Grandjean

2016-02-17 13:54:56 CET

Created attachment 7486 [details]
patch proposal

Comment 2 Daniel Tröder

2016-07-05 12:43:06 CEST

* Unified password generation code from ucs-school-lib and ucs-school-import.
* The length is taken from a password policy, if one exists, or is the default 8.
* New passwords are now guaranteed to be created from different character classes (lowercase, uppercase, digits, special chars).
* New passwords for activated group members now use a subset of special characters that are less difficult to type: -+.,;

ucs-school-lib: r70826
ucs-school-import: r70827
Advisory: r70828

Comment 3 Sönke Schwardt-Krummrich

2016-08-16 17:31:52 CEST

(In reply to Daniel Tröder from comment #2)
> * Unified password generation code from ucs-school-lib and ucs-school-import.

→ OK

> * The length is taken from a password policy, if one exists, or is the
> default 8.

→ Hmmm... see Bug 42012: the policy code was broken before, so I created a new bug

> * New passwords are now guaranteed to be created from different character
> classes (lowercase, uppercase, digits, special chars).

...if the password length is at least 4 characters.

> * New passwords for activated group members now use a subset of special
> characters that are less difficult to type: -+.,;

Yes. I don't think that "," is easily distinguishable from "." but I think this is ok for now.
 
> ucs-school-lib: r70826
> ucs-school-import: r70827
> Advisory: r70828

I removed "\" from special characters.

ucs-school-lib (9.0.21-2):
r71648 | Bug #40711: removed "\" from list of create_passwd's special characters

ucs-school-lib.yaml:
r71658 | Bug #40711: updated advisory

Comment 4 Sönke Schwardt-Krummrich

2016-10-04 13:24:52 CEST

UCS@school 4.1 R2 v5 has been released.

http://docs.software-univention.de/changelog-ucsschool-4.1R2v5-de.html

If this error occurs again, please clone this bug.