StandalonePasswordChange/python-flask/smeserver-password-app/README.md

# Enhanced SME Server Password Change Application

## Overview
An advanced Python Flask web application for SME Server password management with configurable strength validation and enhanced user experience features.

## ✨ New Features

### 🔒 Configurable Password Strength Validation
- **Three Levels**: None, Normal, Strong
- **Database Driven**: Controlled by `Passwordstrength` DB entry
- **Real-time Validation**: Instant feedback as users type

#### Password Strength Levels:
- **None**: Basic validation only
- **Normal**: 12+ characters with uppercase, lowercase, number, and special character
- **Strong**: Normal requirements + protection against common passwords, keyboard patterns, and dictionary words

### 👁️ Password Visibility Toggles
- **Show/Hide Buttons**: For all password fields
- **Accessibility**: Proper ARIA labels and keyboard support
- **Security**: Passwords cleared on page load

### 📊 Real-time Password Strength Indicator
- **Visual Feedback**: Color-coded strength levels
- **Detailed Requirements**: Shows exactly what's missing
- **Live Updates**: Changes as user types

### ⚙️ Admin Configuration Panel
- **Web Interface**: Easy password strength configuration
- **Live Updates**: Changes apply immediately
- **Visual Selection**: Clear indication of current setting

## 🔧 Technical Specifications

### Compatibility
- ✅ **Python 3.6.8** - Fully compatible
- ✅ **Flask 2.0.3** - Tested and verified
- ✅ **SME Server Integration** - Full database and signal-event support

### Enhanced Validation Features
- **Crypto Testing**: Protection against common passwords
- **Pattern Detection**: Keyboard sequences and repeated patterns
- **Dictionary Checking**: Common word detection
- **Configurable Requirements**: Adjustable via database setting

## 📋 Requirements
```
Flask==2.0.3
Flask-CORS==3.0.10
Werkzeug==2.0.3
```

## 🚀 Quick Installation

### Automated Installation
```bash
# Extract and install
tar -xzf smeserver-password-app-enhanced.tar.gz
cd smeserver-password-app-enhanced
sudo ./install.sh
```

### Manual Installation
```bash
# Install dependencies
pip3 install -r requirements.txt

# Copy to system directory
sudo cp -r . /opt/smeserver-password-app-enhanced/

# Create systemd service (see install.sh for details)
sudo systemctl enable smeserver-password-enhanced
sudo systemctl start smeserver-password-enhanced
```

## 🎯 Usage

### User Interface
1. **Access**: `http://your-server:5000`
2. **Enter Credentials**: Username and current password
3. **Set New Password**: With real-time strength feedback
4. **Toggle Visibility**: Use Show/Hide buttons as needed

### Admin Configuration
1. **Access Admin Panel**: `http://your-server:5000/admin`
2. **Select Strength Level**: None, Normal, or Strong
3. **Apply Changes**: Click "Update Password Strength Setting"
4. **Verify**: Changes apply immediately to all users

### Database Configuration
```bash
# View current setting
db configuration getprop passwordstrength Passwordstrength

# Set password strength level
db configuration setprop passwordstrength Passwordstrength strong
db configuration setprop passwordstrength Passwordstrength normal
db configuration setprop passwordstrength Passwordstrength none
```

## 🧪 Testing

### Demo Mode
```bash
# Start demo application
python3 demo_mode.py

# Access demo at http://localhost:5002
# Demo users: testuser/oldpassword123, admin/adminpass456, john/johnpass789
```

### API Endpoints
- **GET/POST** `/api/password-config` - Manage password strength settings
- **POST** `/api/password-strength` - Real-time password validation
- **GET** `/health` - Application health check
- **GET** `/demo-info` - Demo mode information

## 📁 File Structure
```
smeserver-password-app-enhanced/
├── app.py                    # Main Flask application
├── smeserver_utils.py        # Enhanced SME Server utilities
├── demo_mode.py             # Demo version with all features
├── requirements.txt         # Python dependencies
├── install.sh              # Installation script
├── templates/
│   ├── password_change.html # Enhanced password form
│   └── admin_panel.html     # Admin configuration interface
├── static/
│   └── css/
│       └── style.css       # Enhanced styling with toggles
└── README.md               # This documentation
```

## 🔍 Enhanced Validation Examples

### Normal Strength (12+ chars, complexity)
- ✅ `MySecure123!` - Valid
- ❌ `password123` - Missing uppercase and special char
- ❌ `MySecure!` - Too short (less than 12 chars)

### Strong Strength (Normal + crypto protection)
- ✅ `MyUniqueP@ssw0rd2024` - Valid
- ❌ `MyPassword123!` - Contains common word "Password"
- ❌ `Qwerty123456!` - Keyboard pattern detected
- ❌ `MySecure123123!` - Repeated sequence detected

## 🛡️ Security Features

### Enhanced Protection
- **Common Password Detection**: 50+ common passwords blocked
- **Keyboard Pattern Detection**: QWERTY, number sequences, etc.
- **Repeated Sequence Detection**: Prevents patterns like "123123"
- **Dictionary Word Detection**: Common English words blocked

### Secure Implementation
- **Password Masking**: Default hidden with optional visibility
- **Memory Clearing**: Passwords cleared on page load
- **Secure Transmission**: HTTPS recommended for production
- **Input Validation**: Server-side validation for all inputs

## 🔧 Configuration Options

### Password Strength Database Entry
```bash
# Set in SME Server configuration database
db configuration setprop passwordstrength Passwordstrength [none|normal|strong]

# Signal configuration change (if needed)
signal-event password-policy-update
```

### Customization
- **Strength Levels**: Modify validation rules in `smeserver_utils.py`
- **UI Styling**: Update CSS in `static/css/style.css`
- **Common Passwords**: Add to list in `PasswordStrengthValidator`
- **Patterns**: Modify regex patterns for additional protection

## 🐛 Troubleshooting

### Common Issues
1. **Service Won't Start**: Check Python version and dependencies
2. **Database Errors**: Verify SME Server tools are available
3. **Permission Issues**: Ensure proper file ownership and permissions
4. **Port Conflicts**: Check if port 5000 is available

### Debug Commands
```bash
# Check service status
systemctl status smeserver-password-enhanced

# View logs
journalctl -u smeserver-password-enhanced -f

# Test database connectivity
db configuration show passwordstrength

# Verify signal-event works
signal-event password-update testuser
```

## 📈 Performance

### Optimizations
- **Client-side Validation**: Reduces server load
- **Efficient Patterns**: Optimized regex for pattern detection
- **Minimal Dependencies**: Only essential packages included
- **Caching**: Password strength settings cached

### Resource Usage
- **Memory**: ~50MB typical usage
- **CPU**: Minimal impact on password validation
- **Network**: Lightweight AJAX for real-time features

## 🔄 Migration from Previous Version

### Upgrade Process
1. **Backup Current**: Save existing configuration
2. **Stop Service**: `systemctl stop smeserver-password-web`
3. **Install Enhanced**: Follow installation instructions
4. **Migrate Settings**: Password strength defaults to "normal"
5. **Test Functionality**: Verify all features work

### Compatibility
- **Existing Users**: No impact on existing accounts
- **Database**: Fully compatible with existing SME Server DB
- **Templates**: Enhanced but backward compatible

## 📞 Support

### Features Included
- ✅ Configurable password strength validation
- ✅ Password visibility toggles
- ✅ Real-time strength checking
- ✅ Admin configuration panel
- ✅ Enhanced crypto validation
- ✅ Python 3.6.8 compatibility
- ✅ SME Server integration
- ✅ Responsive design
- ✅ Accessibility features

This enhanced version provides enterprise-grade password management with user-friendly features and administrative control.