StandalonePasswordChange/python-flask/smeserver-password-app/README.md

Enhanced SME Server Password Change Application

Overview

An advanced Python Flask web application for SME Server password management with configurable strength validation and enhanced user experience features.

✨ New Features

🔒 Configurable Password Strength Validation

• Three Levels: None, Normal, Strong
• Database Driven: Controlled by Passwordstrength DB entry
• Real-time Validation: Instant feedback as users type

Password Strength Levels:

• None: Basic validation only
• Normal: 12+ characters with uppercase, lowercase, number, and special character
• Strong: Normal requirements + protection against common passwords, keyboard patterns, and dictionary words

👁️ Password Visibility Toggles

• Show/Hide Buttons: For all password fields
• Accessibility: Proper ARIA labels and keyboard support
• Security: Passwords cleared on page load

📊 Real-time Password Strength Indicator

• Visual Feedback: Color-coded strength levels
• Detailed Requirements: Shows exactly what's missing
• Live Updates: Changes as user types

⚙️ Admin Configuration Panel

• Web Interface: Easy password strength configuration
• Live Updates: Changes apply immediately
• Visual Selection: Clear indication of current setting

🔧 Technical Specifications

Compatibility

• ✅ Python 3.6.8 - Fully compatible
• ✅ Flask 2.0.3 - Tested and verified
• ✅ SME Server Integration - Full database and signal-event support

Enhanced Validation Features

• Crypto Testing: Protection against common passwords
• Pattern Detection: Keyboard sequences and repeated patterns
• Dictionary Checking: Common word detection
• Configurable Requirements: Adjustable via database setting

📋 Requirements

Flask==2.0.3
Flask-CORS==3.0.10
Werkzeug==2.0.3

🚀 Quick Installation

Automated Installation

# Extract and install
tar -xzf smeserver-password-app-enhanced.tar.gz
cd smeserver-password-app-enhanced
sudo ./install.sh

Manual Installation

# Install dependencies
pip3 install -r requirements.txt

# Copy to system directory
sudo cp -r . /opt/smeserver-password-app-enhanced/

# Create systemd service (see install.sh for details)
sudo systemctl enable smeserver-password-enhanced
sudo systemctl start smeserver-password-enhanced

🎯 Usage

User Interface

1. Access: http://your-server:5000
2. Enter Credentials: Username and current password
3. Set New Password: With real-time strength feedback
4. Toggle Visibility: Use Show/Hide buttons as needed

Admin Configuration

1. Access Admin Panel: http://your-server:5000/admin
2. Select Strength Level: None, Normal, or Strong
3. Apply Changes: Click "Update Password Strength Setting"
4. Verify: Changes apply immediately to all users

Database Configuration

# View current setting
db configuration getprop passwordstrength Passwordstrength

# Set password strength level
db configuration setprop passwordstrength Passwordstrength strong
db configuration setprop passwordstrength Passwordstrength normal
db configuration setprop passwordstrength Passwordstrength none

🧪 Testing

Demo Mode

# Start demo application
python3 demo_mode.py

# Access demo at http://localhost:5002
# Demo users: testuser/oldpassword123, admin/adminpass456, john/johnpass789

API Endpoints

• GET/POST /api/password-config - Manage password strength settings
• POST /api/password-strength - Real-time password validation
• GET /health - Application health check
• GET /demo-info - Demo mode information

📁 File Structure

smeserver-password-app-enhanced/
├── app.py                    # Main Flask application
├── smeserver_utils.py        # Enhanced SME Server utilities
├── demo_mode.py             # Demo version with all features
├── requirements.txt         # Python dependencies
├── install.sh              # Installation script
├── templates/
│   ├── password_change.html # Enhanced password form
│   └── admin_panel.html     # Admin configuration interface
├── static/
│   └── css/
│       └── style.css       # Enhanced styling with toggles
└── README.md               # This documentation

🔍 Enhanced Validation Examples

Normal Strength (12+ chars, complexity)

• ✅ MySecure123! - Valid
• ❌ password123 - Missing uppercase and special char
• ❌ MySecure! - Too short (less than 12 chars)

Strong Strength (Normal + crypto protection)

• ✅ MyUniqueP@ssw0rd2024 - Valid
• ❌ MyPassword123! - Contains common word "Password"
• ❌ Qwerty123456! - Keyboard pattern detected
• ❌ MySecure123123! - Repeated sequence detected

🛡️ Security Features

Enhanced Protection

• Common Password Detection: 50+ common passwords blocked
• Keyboard Pattern Detection: QWERTY, number sequences, etc.
• Repeated Sequence Detection: Prevents patterns like "123123"
• Dictionary Word Detection: Common English words blocked

Secure Implementation

• Password Masking: Default hidden with optional visibility
• Memory Clearing: Passwords cleared on page load
• Secure Transmission: HTTPS recommended for production
• Input Validation: Server-side validation for all inputs

🔧 Configuration Options

Password Strength Database Entry

# Set in SME Server configuration database
db configuration setprop passwordstrength Passwordstrength [none|normal|strong]

# Signal configuration change (if needed)
signal-event password-policy-update

Customization

• Strength Levels: Modify validation rules in smeserver_utils.py
• UI Styling: Update CSS in static/css/style.css
• Common Passwords: Add to list in PasswordStrengthValidator
• Patterns: Modify regex patterns for additional protection

🐛 Troubleshooting

Common Issues

1. Service Won't Start: Check Python version and dependencies
2. Database Errors: Verify SME Server tools are available
3. Permission Issues: Ensure proper file ownership and permissions
4. Port Conflicts: Check if port 5000 is available

Debug Commands

# Check service status
systemctl status smeserver-password-enhanced

# View logs
journalctl -u smeserver-password-enhanced -f

# Test database connectivity
db configuration show passwordstrength

# Verify signal-event works
signal-event password-update testuser

📈 Performance

Optimizations

• Client-side Validation: Reduces server load
• Efficient Patterns: Optimized regex for pattern detection
• Minimal Dependencies: Only essential packages included
• Caching: Password strength settings cached

Resource Usage

• Memory: ~50MB typical usage
• CPU: Minimal impact on password validation
• Network: Lightweight AJAX for real-time features

🔄 Migration from Previous Version

Upgrade Process

1. Backup Current: Save existing configuration
2. Stop Service: systemctl stop smeserver-password-web
3. Install Enhanced: Follow installation instructions
4. Migrate Settings: Password strength defaults to "normal"
5. Test Functionality: Verify all features work

Compatibility

• Existing Users: No impact on existing accounts
• Database: Fully compatible with existing SME Server DB
• Templates: Enhanced but backward compatible

📞 Support

Features Included

• ✅ Configurable password strength validation
• ✅ Password visibility toggles
• ✅ Real-time strength checking
• ✅ Admin configuration panel
• ✅ Enhanced crypto validation
• ✅ Python 3.6.8 compatibility
• ✅ SME Server integration
• ✅ Responsive design
• ✅ Accessibility features

This enhanced version provides enterprise-grade password management with user-friendly features and administrative control.