From 8cc273fb399f72c222c0fbad98325718de9e762b Mon Sep 17 00:00:00 2001 From: Maksim Martynov Date: Thu, 16 Apr 2026 18:11:54 +0300 Subject: [PATCH] feat: add scope control for password complexity rules Allow admins to selectively apply complexity rules to user account passwords, public link passwords, or both via two new checkboxes in the security settings. --- lib/Controller/SettingsController.php | 8 +++++++- lib/Engine.php | 10 ++++++++++ templates/admin.php | 12 ++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index 2acbd63..62e1c23 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -56,6 +56,8 @@ class SettingsController extends Controller implements ISettings { 'spv_expiration_password_value' => 7, 'spv_expiration_nopassword_checked' => false, 'spv_expiration_nopassword_value' => 7, + 'spv_apply_to_users_checked' => 'true', + 'spv_apply_to_links_checked' => 'true', ]; /** @@ -97,7 +99,11 @@ public function updatePolicy() { $this->config->setAppValue('password_policy', $key, $this->request->getParam($key)); } } else { - $this->config->setAppValue('password_policy', $key, $default); + if (\substr($key, -8) === '_checked') { + $this->config->setAppValue('password_policy', $key, false); + } else { + $this->config->setAppValue('password_policy', $key, $default); + } } } } diff --git a/lib/Engine.php b/lib/Engine.php index 5c6c81f..4deb563 100644 --- a/lib/Engine.php +++ b/lib/Engine.php @@ -117,6 +117,16 @@ public function verifyPassword($password, $uid = null, $type = 'user') { return; } + // skip complexity rules if this type is not in scope + if ($type === 'user' && !$this->yes('spv_apply_to_users_checked')) { + if ($uid !== null && $this->yes('spv_password_history_checked')) { + $val = (int) $this->configValues['spv_password_history_value']; + $dbMapper = new OldPasswordMapper($this->db); + $r = new PasswordHistory($this->l10n, $dbMapper, $this->hasher); + $r->verify($password, $val, $uid); + } + return; + } if ($this->yes('spv_min_chars_checked')) { $val = (int) $this->configValues['spv_min_chars_value']; $r = new Length($this->l10n); diff --git a/templates/admin.php b/templates/admin.php index 5d49a7a..2989382 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -34,6 +34,18 @@

t('Minimum password requirements for user accounts and public links:'));?>

+