Roundcube Community Forum
Third Party Contributions => API Based Plugins => Topic started by: maxie_ro on October 12, 2009, 04:32:41 AM
-
Hi.
Is there any hack (or any plan to change the plugin) to force users to change passwords?
Also, the same to enforce a certain password strength (like not using parts of username, a minimum length, a certain types of characters (alpha+digits+other marks) etc?
Maybe also to not allow login to POP3/IMAP/SMTP before password is changed and a custom message if user tries to login with an email client?
Thanks!
-
Enforce a password strength wouldn't be that hard you just have to add JavaScript to the form to check if there password met all of the requirements. Not allow users to login to another email client before they change there password would be server-side and couldn't be done with RoundCube.
-
I see that there is something similar in the latest SVN trunk (btw, this is how I found out 'password' is not a third-party plugin, is in core :p). But it only accepts minimum size for password and the presence/absence of other chars than alphanumeric.
This should be expanded as I said above:
- test for alpha parts of username bigger than 3 not to be included in password (if username is "user.name.xx.2009", test for "user" and "name")
- minimum number of digits
- minimum number of another non-alphanumeric characters
Also, it would be nice to test for presence of certain white spaces ("\n", "\r", "\t") and warn/disallow to change in that case. Very useful if a user notes down in a file a password, and copy-pastes it with line-endings/spaces. Then, when writing it down by hand in the password box, he/she can't login and doesn't know why (it happened...)