Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix: Password for mobileconfig that conforms to password-complexity policy

Browse Source
This commit is contained in:
Paul Sütterlin 2026-01-01 16:48:33 +01:00
parent 038b2efb75
commit 70101d1187
No known key found for this signature in database
GPG Key ID: CA87DA0C05A9CFC6
2 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
data/web/inc/functions.inc.php
View File

@ -205,6 +205,42 @@ function password_complexity($_action, $_data = null) {
break; break;
} }
} }
function password_generate(){
$password_complexity = password_complexity('get');
$min_length = max(16, intval($password_complexity['length']));
$lowercase = range('a', 'z');
$uppercase = range('A', 'Z');
$digits = range(0, 9);
$special_chars = str_split('!@#$%^&*()?=');
$password = [
$lowercase[random_int(0, count($lowercase) - 1)],
$uppercase[random_int(0, count($uppercase) - 1)],
$digits[random_int(0, count($digits) - 1)],
$special_chars[random_int(0, count($special_chars) - 1)],
];
$all = array_merge($lowercase, $uppercase, $digits, $special_chars);
while (count($password) < $min_length) {
$password[] = $all[random_int(0, count($all) - 1)];
}
// Cryptographically secure shuffle using Fisher-Yates algorithm
$count = count($password);
for ($i = $count - 1; $i > 0; $i--) {
$j = random_int(0, $i);
$temp = $password[$i];
$password[$i] = $password[$j];
$password[$j] = $temp;
}
return implode('', $password);
}
function password_check($password1, $password2) { function password_check($password1, $password2) {
$password_complexity = password_complexity('get'); $password_complexity = password_complexity('get');

11
data/web/mobileconfig.php
View File

@ -34,15 +34,15 @@ catch(PDOException $e) {
if (isset($_GET['only_email'])) { if (isset($_GET['only_email'])) {
$onlyEmailAccount = true; $onlyEmailAccount = true;
$description = 'IMAP'; $description = 'IMAP';
} else { } else {
$onlyEmailAccount = false; $onlyEmailAccount = false;
$description = 'IMAP, CalDAV, CardDAV'; $description = 'IMAP, CalDAV, CardDAV';
} }
if (isset($_GET['app_password'])) { if (isset($_GET['app_password'])) {
$app_password = true; $app_password = true;
$description .= ' with application password'; $description .= ' with application password';
if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE) if (strpos($_SERVER['HTTP_USER_AGENT'], 'iPad') !== FALSE)
$platform = 'iPad'; $platform = 'iPad';
elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE) elseif (strpos($_SERVER['HTTP_USER_AGENT'], 'iPhone') !== FALSE)
@ -51,8 +51,9 @@ if (isset($_GET['app_password'])) {
$platform = 'Mac'; $platform = 'Mac';
else else
$platform = $_SERVER['HTTP_USER_AGENT']; $platform = $_SERVER['HTTP_USER_AGENT'];
$password = bin2hex(openssl_random_pseudo_bytes(16)); $password = password_generate();
$attr = array( $attr = array(
'app_name' => $platform, 'app_name' => $platform,
'app_passwd' => $password, 'app_passwd' => $password,