brianr/StandalonePasswordChange
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0127326b77cb7c2aef751f512557a1a4660e96de
StandalonePasswordChange/python-flask/smeserver-password-app/README.md

244 lines
7.8 KiB
Markdown
Raw Blame History

# Enhanced SME Server Password Change Application
## Overview
An advanced Python Flask web application for SME Server password management with configurable strength validation and enhanced user experience features.
## ✨ New Features
### 🔒 Configurable Password Strength Validation
- **Three Levels**: None, Normal, Strong
- **Database Driven**: Controlled by `Passwordstrength` DB entry
- **Real-time Validation**: Instant feedback as users type
#### Password Strength Levels:
- **None**: Basic validation only
- **Normal**: 12+ characters with uppercase, lowercase, number, and special character
- **Strong**: Normal requirements + protection against common passwords, keyboard patterns, and dictionary words
### 👁️ Password Visibility Toggles
- **Show/Hide Buttons**: For all password fields
- **Accessibility**: Proper ARIA labels and keyboard support
- **Security**: Passwords cleared on page load
### 📊 Real-time Password Strength Indicator
- **Visual Feedback**: Color-coded strength levels
- **Detailed Requirements**: Shows exactly what's missing
- **Live Updates**: Changes as user types
### ⚙️ Admin Configuration Panel
- **Web Interface**: Easy password strength configuration
- **Live Updates**: Changes apply immediately
- **Visual Selection**: Clear indication of current setting
## 🔧 Technical Specifications
### Compatibility
-**Python 3.6.8** - Fully compatible
-**Flask 2.0.3** - Tested and verified
-**SME Server Integration** - Full database and signal-event support
### Enhanced Validation Features
- **Crypto Testing**: Protection against common passwords
- **Pattern Detection**: Keyboard sequences and repeated patterns
- **Dictionary Checking**: Common word detection
- **Configurable Requirements**: Adjustable via database setting
## 📋 Requirements
```
Flask==2.0.3
Flask-CORS==3.0.10
Werkzeug==2.0.3
```
## 🚀 Quick Installation
### Automated Installation
```bash
# Extract and install
tar -xzf smeserver-password-app-enhanced.tar.gz
cd smeserver-password-app-enhanced
sudo ./install.sh
```
### Manual Installation
```bash
# Install dependencies
pip3 install -r requirements.txt
# Copy to system directory
sudo cp -r . /opt/smeserver-password-app-enhanced/
# Create systemd service (see install.sh for details)
sudo systemctl enable smeserver-password-enhanced
sudo systemctl start smeserver-password-enhanced
```
## 🎯 Usage
### User Interface
1. **Access**: `http://your-server:5000`
2. **Enter Credentials**: Username and current password
3. **Set New Password**: With real-time strength feedback
4. **Toggle Visibility**: Use Show/Hide buttons as needed
### Admin Configuration
1. **Access Admin Panel**: `http://your-server:5000/admin`
2. **Select Strength Level**: None, Normal, or Strong
3. **Apply Changes**: Click "Update Password Strength Setting"
4. **Verify**: Changes apply immediately to all users
### Database Configuration
```bash
# View current setting
db configuration getprop passwordstrength Passwordstrength
# Set password strength level
db configuration setprop passwordstrength Passwordstrength strong
db configuration setprop passwordstrength Passwordstrength normal
db configuration setprop passwordstrength Passwordstrength none
```
## 🧪 Testing
### Demo Mode
```bash
# Start demo application
python3 demo_mode.py
# Access demo at http://localhost:5002
# Demo users: testuser/oldpassword123, admin/adminpass456, john/johnpass789
```
### API Endpoints
- **GET/POST** `/api/password-config` - Manage password strength settings
- **POST** `/api/password-strength` - Real-time password validation
- **GET** `/health` - Application health check
- **GET** `/demo-info` - Demo mode information
## 📁 File Structure
```
smeserver-password-app-enhanced/
├── app.py # Main Flask application
├── smeserver_utils.py # Enhanced SME Server utilities
├── demo_mode.py # Demo version with all features
├── requirements.txt # Python dependencies
├── install.sh # Installation script
├── templates/
│ ├── password_change.html # Enhanced password form
│ └── admin_panel.html # Admin configuration interface
├── static/
│ └── css/
│ └── style.css # Enhanced styling with toggles
└── README.md # This documentation
```
## 🔍 Enhanced Validation Examples
### Normal Strength (12+ chars, complexity)
-`MySecure123!` - Valid
-`password123` - Missing uppercase and special char
-`MySecure!` - Too short (less than 12 chars)
### Strong Strength (Normal + crypto protection)
-`MyUniqueP@ssw0rd2024` - Valid
-`MyPassword123!` - Contains common word "Password"
-`Qwerty123456!` - Keyboard pattern detected
-`MySecure123123!` - Repeated sequence detected
## 🛡️ Security Features
### Enhanced Protection
- **Common Password Detection**: 50+ common passwords blocked
- **Keyboard Pattern Detection**: QWERTY, number sequences, etc.
- **Repeated Sequence Detection**: Prevents patterns like "123123"
- **Dictionary Word Detection**: Common English words blocked
### Secure Implementation
- **Password Masking**: Default hidden with optional visibility
- **Memory Clearing**: Passwords cleared on page load
- **Secure Transmission**: HTTPS recommended for production
- **Input Validation**: Server-side validation for all inputs
## 🔧 Configuration Options
### Password Strength Database Entry
```bash
# Set in SME Server configuration database
db configuration setprop passwordstrength Passwordstrength [none|normal|strong]
# Signal configuration change (if needed)
signal-event password-policy-update
```
### Customization
- **Strength Levels**: Modify validation rules in `smeserver_utils.py`
- **UI Styling**: Update CSS in `static/css/style.css`
- **Common Passwords**: Add to list in `PasswordStrengthValidator`
- **Patterns**: Modify regex patterns for additional protection
## 🐛 Troubleshooting
### Common Issues
1. **Service Won't Start**: Check Python version and dependencies
2. **Database Errors**: Verify SME Server tools are available
3. **Permission Issues**: Ensure proper file ownership and permissions
4. **Port Conflicts**: Check if port 5000 is available
### Debug Commands
```bash
# Check service status
systemctl status smeserver-password-enhanced
# View logs
journalctl -u smeserver-password-enhanced -f
# Test database connectivity
db configuration show passwordstrength
# Verify signal-event works
signal-event password-update testuser
```
## 📈 Performance
### Optimizations
- **Client-side Validation**: Reduces server load
- **Efficient Patterns**: Optimized regex for pattern detection
- **Minimal Dependencies**: Only essential packages included
- **Caching**: Password strength settings cached
### Resource Usage
- **Memory**: ~50MB typical usage
- **CPU**: Minimal impact on password validation
- **Network**: Lightweight AJAX for real-time features
## 🔄 Migration from Previous Version
### Upgrade Process
1. **Backup Current**: Save existing configuration
2. **Stop Service**: `systemctl stop smeserver-password-web`
3. **Install Enhanced**: Follow installation instructions
4. **Migrate Settings**: Password strength defaults to "normal"
5. **Test Functionality**: Verify all features work
### Compatibility
- **Existing Users**: No impact on existing accounts
- **Database**: Fully compatible with existing SME Server DB
- **Templates**: Enhanced but backward compatible
## 📞 Support
### Features Included
- ✅ Configurable password strength validation
- ✅ Password visibility toggles
- ✅ Real-time strength checking
- ✅ Admin configuration panel
- ✅ Enhanced crypto validation
- ✅ Python 3.6.8 compatibility
- ✅ SME Server integration
- ✅ Responsive design
- ✅ Accessibility features
This enhanced version provides enterprise-grade password management with user-friendly features and administrative control.
Reference in New Issue View Git Blame Copy Permalink