feat(Users) password history control

build/changeSets/2021/PasswordHistoryFailedLoginAttempts.php

@@ -0,0 +1,41 @@
+<?php
+/*************************************************************************************************
+ * Copyright 2021 JPL TSolucio, S.L. -- This file is a part of TSOLUCIO coreBOS Customizations.
+* Licensed under the vtiger CRM Public License Version 1.1 (the "License"); you may not use this
+* file except in compliance with the License. You can redistribute it and/or modify it
+* under the terms of the License. JPL TSolucio, S.L. reserves all rights not expressly
+* granted by the License. coreBOS distributed by JPL TSolucio S.L. is distributed in
+* the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Unless required by
+* applicable law or agreed to in writing, software distributed under the License is
+* distributed on an "AS IS" BASIS, WITHOUT ANY WARRANTIES OR CONDITIONS OF ANY KIND,
+* either express or implied. See the License for the specific language governing
+* permissions and limitations under the License. You may obtain a copy of the License
+* at <http://corebos.org/documentation/doku.php?id=en:devel:vpl11>
+*************************************************************************************************/
+
+class PasswordHistoryFailedLoginAttempts extends cbupdaterWorker {
+
+	public function applyChange() {
+		if ($this->hasError()) {
+			$this->sendError();
+		}
+		if ($this->isApplied()) {
+			$this->sendMsg('Changeset '.get_class($this).' already applied!');
+		} else {
+			$this->ExecuteQuery(
+				'CREATE TABLE IF NOT EXISTS password_history (
+				crmid int(11),
+				crmtype char(1),
+				pass varchar(255),
+				PRIMARY KEY (crmid,crmtype,pass)
+				) ENGINE=InnoDB DEFAULT CHARSET=utf8',
+				array()
+			);
+			$this->ExecuteQuery('ALTER TABLE `vtiger_portalinfo` ADD `failed_login_attempts` int NOT NULL DEFAULT 0;');
+			$this->sendMsg('Changeset '.get_class($this).' applied!');
+			$this->markApplied();
+		}
+		$this->finishExecution();
+	}
+}

modules/Users/ChangePassword.js

@@ -124,7 +124,8 @@ function changepassword(is_admin, userid) {
 			const res = JSON.parse(response);
 			if (!res.password) {
 				document.getElementById('show-err_msg').style.display = 'block';
-				document.getElementById('err_msg').innerHTML = alert_arr['Old password is incorrect'];
+				let msg = typeof(res.msg) == 'undefined' ? alert_arr['Old password is incorrect'] : res.msg;
+				document.getElementById('err_msg').innerHTML = msg;
 			} else {
 				window.location.href = `index.php?module=Users&action=DetailView&record=${userid}`;
 			}

modules/Users/Users.php

@@ -538,7 +538,18 @@ public function change_password($user_password, $new_password, $dieOnError = tru
 		//set new password
 		$crypt_type = $this->DEFAULT_PASSWORD_CRYPT_TYPE;
 		$encrypted_new_password = $this->encrypt_password($new_password, $crypt_type);
-
+		$passhistory = $adb->pquery(
+			'select 1 from password_history where crmid=? and crmtype=? and pass=?',
+			array($this->id, 'U', $encrypted_new_password)
+		);
+		if (!$passhistory || $adb->num_rows($passhistory) > 0) {
+			$this->error_string = getTranslatedString('ERR_PASSWORD_REPEATED', 'Users');
+			return false;
+		}
+		$adb->pquery(
+			'insert into password_history values (?,?,?)',
+			array($this->id, 'U', $encrypted_new_password)
+		);
 		if (GlobalVariable::getVariable('Application_SendUserPasswordByEmail', 0, 'Users')) {
 			require_once 'modules/Emails/Emails.php';
 			$context = array(

modules/Users/language/de_de.lang.php

@@ -119,6 +119,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2'=>' nicht erfolgreich.  Ein neues Passwort muss gesetzt werden.',
 	'ERR_PASSWORD_INCORRECT_OLD'=>'Altes Passwort für Benutzer $this->user_name. Bitte nochmals eingeben..',
 	'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
 	'ERR_USER_NAME_EXISTS_1'=>'Benutzername ',
 	'ERR_USER_NAME_EXISTS_2'=>' existiert bereits.  Doppelte Benutzernamen sind nicht möglich.<br>Wechseln Sie den Benutzernamen.',

modules/Users/language/en_gb.lang.php

@@ -112,6 +112,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2' => 'failed. The new password must be set.',
 	'ERR_PASSWORD_INCORRECT_OLD' => 'Incorrect old password specified. Re-enter password information.',
 	'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
 	'ERR_USER_NAME_EXISTS_1' => 'The username ',
 	'ERR_USER_NAME_EXISTS_2' => 'already exists. Duplicate usernames are not allowed.<br />Change the username to be unique.',

modules/Users/language/en_us.lang.php

@@ -125,6 +125,7 @@
 'ERR_PASSWORD_CHANGE_FAILED_2'=>' failed.  The new password must be set.',
 'ERR_PASSWORD_INCORRECT_OLD'=>'Incorrect old password specified. Re-enter password information.',
 'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
 'ERR_USER_NAME_EXISTS_1'=>'The user name ',
 'ERR_USER_NAME_EXISTS_2'=>' already exists.  Duplicate user names are not allowed.<br>Change the user name to be unique.',

modules/Users/language/es_es.lang.php

@@ -127,6 +127,7 @@
 'ERR_PASSWORD_CHANGE_FAILED_2'=>' Error. La nueva contraseña debe ser fijada.',
 'ERR_PASSWORD_INCORRECT_OLD'=>'Contraseña actual incorrecta para el usuario. Vuelva a introducir la información de las contraseñas.',
 'ERR_PASSWORD_NOT_CHANGED' => 'La contraseña anterior y la nueva son iguales. Por favor utiliza una contraseña nueva distinta.',
+'ERR_PASSWORD_REPEATED' => 'Has utilizado esta contraseña en el pasado. Por favor utiliza una contraseña nueva distinta.',
 'ERR_USER_DOESNOT_EXISTS'=>'No existe ningún usuario con este identificador.',
 'ERR_USER_NAME_EXISTS_1'=>'El nombre de usuario ',
 'ERR_USER_NAME_EXISTS_2'=>' ya existe. Los nombres de usuario duplicados no estan permitidos.<br>Cambie el nombre de usuario para que sea único.',

modules/Users/language/es_mx.lang.php

@@ -128,6 +128,7 @@
 'ERR_PASSWORD_CHANGE_FAILED_2'=>' Error. La nueva contraseña debe ser fijada.',
 'ERR_PASSWORD_INCORRECT_OLD'=>'Contraseña actual incorrecta para el usuario. Vuelva a introducir la información de las contraseñas.',
 'ERR_PASSWORD_NOT_CHANGED' => 'La contraseña anterior y la nueva son iguales. Por favor utiliza una contraseña nueva distinta.',
+'ERR_PASSWORD_REPEATED' => 'Has utilizado esta contraseña en el pasado. Por favor utiliza una contraseña nueva distinta.',
 'ERR_USER_DOESNOT_EXISTS'=>'No existe ningún usuario con este identificador.',
 'ERR_USER_NAME_EXISTS_1'=>'El nombre de usuario ',
 'ERR_USER_NAME_EXISTS_2'=>' ya existe. Los nombres de usuario duplicados no estan permitidos.<br>Cambie el nombre de usuario para que sea único.',

modules/Users/language/fr_fr.lang.php

@@ -111,6 +111,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2' => ' échec. Le nouveau mot de passe doit être établi.',
 	'ERR_PASSWORD_INCORRECT_OLD' => 'Ancient mot de passe incorrect pour $this->user_name. Re-saisissez votre mot de passe.',
 	'ERR_PASSWORD_NOT_CHANGED' => 'L\'ancien et le nouveau mot de passe sont les mêmes. Veuillez utiliser un mot de passe différent.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS'=>'Cet utilisateur n\'existe pas.',
 	'ERR_USER_NAME_EXISTS_1' => 'Le nom d\'utilisateur ',
 	'ERR_USER_NAME_EXISTS_2' => ' existe déjà. Les doublons de noms d\'utilisateurs ne sont pas autorisés.<br>Changez de nom de manière à le rendre unique.',

modules/Users/language/hu_hu.lang.php

@@ -113,6 +113,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2' => ' Az új jelszót meg kell, hogy add.',
 	'ERR_PASSWORD_INCORRECT_OLD' => 'Hibásan adtad meg a régi jelszót. Add meg újra a jelszó adatokat.',
 	'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
 	'ERR_USER_NAME_EXISTS_1' => 'A felhasználó név ',
 	'ERR_USER_NAME_EXISTS_2' => ' már foglalt. Duplikált felhasználónevek nem engedélyezettek.<br>Válassz egyedi felhasználó nevet.',

modules/Users/language/it_it.lang.php

@@ -124,7 +124,8 @@
   'ERR_PASSWORD_CHANGE_FAILED_2' => 'errore. La nuova password deve essere impostata.',
   'ERR_PASSWORD_INCORRECT_OLD' => 'Vecchia password sbagliata per questo nome utente. Reinserisci la password',
   'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
-	'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
+  'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
+  'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
   'ERR_USER_NAME_EXISTS_1' => 'Il Nome Utente',
   'ERR_USER_NAME_EXISTS_2' => 'esiste già . Utenti duplicati non sono consentiti. Cambia il nome utente per essere unico',
   'ERR_LAST_ADMIN_1' => 'Il Nome Utente',

modules/Users/language/nl_nl.lang.php

@@ -110,6 +110,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2' => ' FOUT. Het nieuwe wachtwoord moet opnieuw.',
 	'ERR_PASSWORD_INCORRECT_OLD' => 'FOUT oude wachtwoord voor gebruiker $this->gebruikersnaam is niet correct. Opnieuw a.u.b..',
 	'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS'=>'User does not exist.',
 	'ERR_USER_NAME_EXISTS_1' => 'De gebruikersnaam ',
 	'ERR_USER_NAME_EXISTS_2' => ' bestaat al. Dubbele gebruikersnamen zijn niet toegestaan.<br>Verander de naam, deze moet uniek zijn.',

modules/Users/language/pt_br.lang.php

@@ -121,6 +121,7 @@
 'ERR_PASSWORD_CHANGE_FAILED_2'=>' falhou. Nova senha deve ser definida.',
 'ERR_PASSWORD_INCORRECT_OLD'=>'Senha antiga incorreta para usuário especificado. Entre novamente com a informação de senha.',
 'ERR_PASSWORD_NOT_CHANGED' => 'Antiga e nova senha são iguais. Por favor, use senhas diferentes.',
+'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 'ERR_USER_DOESNOT_EXISTS'=>'Usuário não existe.',
 'ERR_USER_NAME_EXISTS_1'=>'O nome de usuário',
 'ERR_USER_NAME_EXISTS_2'=>' já existe.  Nomes de usuários duplicados não são permitidos.<br>Mude o nome de usuário de forma que seja único.',

modules/Users/language/ro_ro.lang.php

@@ -118,6 +118,7 @@
 	'ERR_PASSWORD_CHANGE_FAILED_2' => ' failed.  The new password must be set.',
 	'ERR_PASSWORD_INCORRECT_OLD' => 'Incorrect old password specified. Re-enter password information.',
 	'ERR_PASSWORD_NOT_CHANGED' => 'Old and New Passwords are the same. Please use a different password.',
+	'ERR_PASSWORD_REPEATED' => 'You have used this password before. Please use a different password.',
 	'ERR_USER_DOESNOT_EXISTS' => 'User does not exist.',
 	'ERR_USER_NAME_EXISTS_1' => 'The user name ',
 	'ERR_USER_NAME_EXISTS_2' => ' already exists.  Duplicate user names are not allowed.<br>Change the user name to be unique.',

modules/Vtiger/ExecuteFunctions.php

@@ -483,10 +483,10 @@
 			if ($ret) {
 				$ret = array('password'=>$ret);
 			} else {
-				$ret = array('password'=>false);
+				$ret = array('password'=>false, 'msg' => $focus->error_string);
 			}
 		} else {
-			$ret = array('password'=>false);
+			$ret = array('password'=>false, 'msg' => $focus->error_string);
 		}
 		break;
 	case 'ismoduleactive':

modules/cbupdater/cbupdates/2021.xml

@@ -174,4 +174,11 @@
 	<classname>modifyGlobalVariableBA</classname>
 	<systemupdate>true</systemupdate>
 </changeSet>
+<changeSet>
+	<author>joebordes</author>
+	<description>Password History check table and Failed Login Attempts for contacts</description>
+	<filename>build/changeSets/2021/PasswordHistoryFailedLoginAttempts.php</filename>
+	<classname>PasswordHistoryFailedLoginAttempts</classname>
+	<systemupdate>true</systemupdate>
+</changeSet>
 </updatesChangeLog>