From 49d006287b4c46d546a80fce57d2584b88364645 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem.moulin@fripost.org>
Date: Tue, 15 May 2012 08:32:01 +0200
Subject: New password policy.

---
 lib/Fripost/Password.pm | 17 +++++++----------
 lib/Fripost/Prompt.pm   | 18 +++++++++++++-----
 2 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/lib/Fripost/Password.pm b/lib/Fripost/Password.pm
index fc1f7ce..0f2cf6e 100755
--- a/lib/Fripost/Password.pm
+++ b/lib/Fripost/Password.pm
@@ -77,9 +77,11 @@ sub hash {
 sub is_salted { return ( not ( defined $_[0] ) or $_[0] ne '' ) };
 
 
-# Generate (random) salt, with a (random) length of 24 to 31 bytes.
+# Generate a (random) 4 bytes salt. We only generates 4 bytes here to
+# match the other way to hash & salt passwords (`slappasswd' and the
+# RoundCube passwords).
 sub make_salt {
-    my $len   = 31 - int( rand(8) );
+    my $len   = 4;
     my @bytes = ();
     for my $i ( 1 .. $len ) {
         push( @bytes, rand(255) );
@@ -87,11 +89,6 @@ sub make_salt {
     return pack( 'C*', @bytes );
 }
 
-sub random_string {
-    my ($len, $range) = @_;
-    return join '', @$range[ map {rand $#$range} (1..$len) ];
-}
-
 
 # Add trailing `='s to the input string to ensure its length is a
 # multiple of 4.
@@ -107,9 +104,9 @@ sub pad_base64 {
 # Our policy for automatically generated passwords.
 sub mkpasswd {
     return String::MkPasswd::mkpasswd(
-        -length => 20,
-        -minnum => 5,
-        -minspecial => 3
+        -length => 12,
+        -minnum => 2,
+        -minspecial => 1
     );
 }
 
diff --git a/lib/Fripost/Prompt.pm b/lib/Fripost/Prompt.pm
index 4f71faf..0edc22f 100755
--- a/lib/Fripost/Prompt.pm
+++ b/lib/Fripost/Prompt.pm
@@ -58,7 +58,7 @@ sub prompt_email {
 
         unless (Email::Valid->address($email)) {
             undef $email;
-            say "This is not a valid e-mail address. Try again."
+            say "Error: This is not a valid e-mail address. Try again."
         }
     }
     until (defined $email);
@@ -72,11 +72,19 @@ sub prompt_password {
 
     my $password;
     do {
-        $password   = prompt -in => \*STDIN, -out => \*STDOUT, $msg,  -echo => '*';
-        my $confirm = prompt -in => \*STDIN, -out => \*STDOUT, $msg2, -echo => '*';
-        unless ($password eq $confirm) {
+        $password   = prompt -in => \*STDIN, -out => \*STDOUT,
+                             $msg,  -echo => '*';
+        if ($password ne '' and length $password < 12) {
             undef $password;
-            say "Passwords do not match";
+            say STDERR "Error: Passwords have to be at least 12 characters long.";
+        }
+        else {
+            my $confirm = prompt -in => \*STDIN, -out => \*STDOUT,
+                                 $msg2, -echo => '*';
+            unless ($password eq $confirm) {
+                undef $password;
+                say STDERR "Error: Passwords do not match";
+            }
         }
     }
     until (defined $password);
-- 
cgit v1.2.3