NEW Add parameter replaceambiguouschars on getRandomPassword function

2018-12-21 09:56:31 +01:00 · 2018-12-21 09:56:31 +01:00 · 8a70cf9ede
commit 8a70cf9ede
parent 44a6644969
2 changed files with 19 additions and 6 deletions
--- a/htdocs/core/lib/security2.lib.php
+++ b/htdocs/core/lib/security2.lib.php
@ -443,11 +443,12 @@ function encodedecode_dbpassconf($level=0)
 /**
 * Return a generated password using default module
 *
- * @param		boolean		$generic		true=Create generic password (32 chars/numbers), false=Use the configured password generation module
- * @return		string						New value for password
+ * @param		boolean		$generic				true=Create generic password (32 chars/numbers), false=Use the configured password generation module
+ * @param		string		$replaceambiguouschars	Discard ambigous characters. For example array('I').
+ * @return		string								New value for password
 * @see dol_hash
 */
-function getRandomPassword($generic=false)
+function getRandomPassword($generic=false, $replaceambiguouschars=array())
 {
 	global $db,$conf,$langs,$user;

@ -508,5 +509,13 @@ function getRandomPassword($generic=false)
 		unset($genhandler);
 	}

+	// Do we have to discard some alphabetic characters ?
+	if (is_array($replaceambiguouschars) && count($replaceambiguouschars) > 0)
+	{
+		$numbers = "ABCDEF";
+		$max = strlen($numbers) - 1;
+		$generated_password=str_replace($replaceambiguouschars, $numbers{random_int(0, $max)}, $generated_password);
+	}
+
 	return $generated_password;
 }
--- a/test/phpunit/SecurityTest.php
+++ b/test/phpunit/SecurityTest.php
@ -260,17 +260,21 @@ class SecurityTest extends PHPUnit_Framework_TestCase
    {
        global $conf;

-        $genpass1=getRandomPassword(true);    // Should be a string return by dol_hash (if no option set, will be md5)
+        $genpass1=getRandomPassword(true);				// Should be a string return by dol_hash (if no option set, will be md5)
+        print __METHOD__." genpass1=".$genpass1."\n";
+        $this->assertEquals(strlen($genpass1), 32);
+
+        $genpass1=getRandomPassword(true, array('I'));	// Should be a string return by dol_hash (if no option set, will be md5)
        print __METHOD__." genpass1=".$genpass1."\n";
        $this->assertEquals(strlen($genpass1), 32);

        $conf->global->USER_PASSWORD_GENERATED='None';
-        $genpass2=getRandomPassword(false);  // Should be an empty string
+        $genpass2=getRandomPassword(false);				// Should return an empty string
        print __METHOD__." genpass2=".$genpass2."\n";
        $this->assertEquals($genpass2, '');

        $conf->global->USER_PASSWORD_GENERATED='Standard';
-        $genpass3=getRandomPassword(false);
+        $genpass3=getRandomPassword(false);				// Should return a password of 8 chars
        print __METHOD__." genpass3=".$genpass3."\n";
        $this->assertEquals(strlen($genpass3), 8);