Initial commit.

Author: GLips

README.md

@@ -0,0 +1,18 @@
+# Magento Admin Password Strength Enforcer
+
+Your admin panel is home to *tons* of sensitive information—not something you want to expose to attackers easily. Unfortunately, if you have a lot of admin users and they're picking insecure passwords, you're opening yourself up to another vector of attack.
+
+Magento's default rules for admin password strength are good, but they could be better. This extension is straightforward and small—it allows you to increase the required length of new admin passwords.
+
+It is compact and does not modify any core code logic. It is upgrade safe and you should be able to install it on top of other extensions without worry.
+
+## Setup
+
+* Navigate to `System > Configuration > Admin Password Strength` in the Magento admin area
+* Set your desired admin password length
+* Done!
+
+## Features
+
+* After setup, all new admin passwords created will need to be the length you've set or larger
+* Defaults to a password length of >= 10 characters

app/code/community/BranchLabs/AdminPasswordStrength/Helper/Data.php

@@ -0,0 +1,2 @@
+<?php
+class BranchLabs_AdminPasswordStrength_Helper_Data extends Mage_Core_Helper_Abstract {}

app/code/community/BranchLabs/AdminPasswordStrength/Model/Observer.php

@@ -0,0 +1,18 @@
+<?php
+class BranchLabs_AdminPasswordStrength_Model_Observer {
+
+    // The admin 'Forgot Password' page is constructed in a weird way—without any layout handles.
+    // I've resorted to an observer that creates and appends the JS validator block to get updated
+    // functionality onto that page.
+    public function addValidationToForgotAdminPassword($observer) {
+        $template = $observer->getEvent()->getBlock()->getTemplate();
+        if($template === "resetforgottenpassword.phtml") {
+            $normalOutput = $observer->getTransport()->getHtml();
+            $validator = Mage::app()->getLayout()
+                                    ->createBlock('adminhtml/template')
+                                    ->setTemplate('branchlabs/adminpasswordstrength/validator_js.phtml')
+                                    ->toHtml();
+            $observer->getTransport()->setHtml($normalOutput . $validator);
+        }
+    }
+}

app/code/community/BranchLabs/AdminPasswordStrength/etc/config.xml

@@ -0,0 +1,70 @@
+<?xml version="1.0"?>
+<config>
+    <modules>
+        <BranchLabs_AdminPasswordStrength>
+            <version>1.0.0</version>
+        </BranchLabs_AdminPasswordStrength>
+    </modules>
+    <global>
+        <blocks>
+            <branchlabs_adminpasswordstrength>
+                <class>BranchLabs_AdminPasswordStrength_Block</class>
+            </branchlabs_adminpasswordstrength>
+        </blocks>
+        <helpers>
+            <branchlabs_adminpasswordstrength>
+                <class>BranchLabs_AdminPasswordStrength_Helper</class>
+            </branchlabs_adminpasswordstrength>
+        </helpers>
+        <models>
+            <branchlabs_adminpasswordstrength>
+                <class>BranchLabs_AdminPasswordStrength_Model</class>
+            </branchlabs_adminpasswordstrength>
+        </models>
+    </global>
+    <adminhtml>
+        <layout>
+            <updates>
+                <branchlabs_adminpasswordstrength>
+                    <file>branchlabs/adminpasswordstrength.xml</file>
+                </branchlabs_adminpasswordstrength>
+            </updates>
+        </layout>
+        <events>
+            <core_block_abstract_to_html_after>
+                <observers>
+                    <add_custom_admin_password_strength_validatior>
+                        <class>BranchLabs_AdminPasswordStrength_Model_Observer</class>
+                        <method>addValidationToForgotAdminPassword</method>
+                    </add_custom_admin_password_strength_validatior>
+                </observers>
+            </core_block_abstract_to_html_after>
+        </events>
+        <acl>
+            <resources>
+                <admin>
+                    <children>
+                        <system>
+                            <children>
+                                <config>
+                                    <children>
+                                        <adminpasswordstrength>
+                                            <title>Admin Password Strength Settings</title>
+                                        </adminpasswordstrength>
+                                    </children>
+                                </config>
+                            </children>
+                        </system>
+                    </children>
+                </admin>
+            </resources>
+        </acl>
+    </adminhtml>
+    <default>
+        <adminpasswordstrength>
+            <adminpasswordstrength_group>
+                <minimum_character_length>10</minimum_character_length>
+            </adminpasswordstrength_group>
+        </adminpasswordstrength>
+    </default>
+</config>

app/code/community/BranchLabs/AdminPasswordStrength/etc/system.xml

@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<config>
+  <tabs>
+    <branchlabs translate="label" module="branchlabs_adminpasswordstrength">
+      <label>BranchLabs</label>
+      <sort_order>100</sort_order>
+    </branchlabs>
+  </tabs>
+  <sections>
+    <adminpasswordstrength translate="label" module="branchlabs_adminpasswordstrength">
+      <label>Admin Password Strength</label>
+      <tab>branchlabs</tab>
+      <sort_order>1000</sort_order>
+      <show_in_default>1</show_in_default>
+      <show_in_website>0</show_in_website>
+      <show_in_store>0</show_in_store>
+      <groups>
+        <adminpasswordstrength_group translate="label" module="branchlabs_adminpasswordstrength">
+          <label>Admin Password Strength Settings</label>
+          <frontend_type>text</frontend_type>
+          <sort_order>1000</sort_order>
+          <show_in_default>1</show_in_default>
+          <show_in_website>0</show_in_website>
+          <show_in_store>0</show_in_store>
+          <fields>
+            <minimum_character_length translate="label">
+              <label>Minimum character length: </label>
+              <comment>Must be greater than 7.</comment>
+              <frontend_type>text</frontend_type>
+              <validate>validate-digits</validate>
+              <sort_order>20</sort_order>
+              <show_in_default>1</show_in_default>
+              <show_in_website>0</show_in_website>
+              <show_in_store>0</show_in_store>
+            </minimum_character_length>
+          </fields>
+        </adminpasswordstrength_group>
+      </groups>
+    </adminpasswordstrength>
+  </sections>
+</config>

app/design/adminhtml/default/default/layout/branchlabs/adminpasswordstrength.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<layout>
+
+    <!-- Admin user edit/create page under System > Permissions > Users -->
+    <adminhtml_permissions_user_edit>
+        <reference name="js">
+            <block type="adminhtml/template" name="adminhtml.permissions.admin.password.validation.js" template="branchlabs/adminpasswordstrength/validator_js.phtml"/>
+        </reference>
+    </adminhtml_permissions_user_edit>
+
+    <!-- 'My Account' page under the System dropdown -->
+    <adminhtml_system_account_index>
+        <reference name="content">
+            <block type="adminhtml/template" name="adminhtml.permissions.admin.password.validation.js" template="branchlabs/adminpasswordstrength/validator_js.phtml"/>
+        </reference>
+    </adminhtml_system_account_index>
+
+</layout>

app/design/adminhtml/default/default/template/branchlabs/adminpasswordstrength/validator_js.phtml

@@ -0,0 +1,20 @@
+<?php
+    $l = Mage::getStoreConfig('adminpasswordstrength/adminpasswordstrength_group/minimum_character_length');
+    $l = (is_numeric($l) && $l >= 7) ? $l : 7;
+?>
+<script type="text/javascript">
+if(typeof Validation == "function" && typeof Validation.addAllThese == "function" ) {
+    Validation.addAllThese([
+        ['validate-admin-password', 'Please enter <?php echo $l; ?> or more characters. Password should contain both numeric and alphabetic characters.', function(v) {
+                var pass=v.strip();
+                if (0 == pass.length) {
+                    return true;
+                }
+                if (!(/[a-z]/i.test(v)) || !(/[0-9]/.test(v))) {
+                    return false;
+                }
+                return !(pass.length < <?php echo $l; ?>);
+        }]
+    ]);
+}
+</script>

app/etc/modules/BranchLabs_AdminPasswordStrength.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<config>
+    <modules>
+        <BranchLabs_AdminPasswordStrength>
+            <active>true</active>
+            <codePool>community</codePool>
+            <depends></depends>
+        </BranchLabs_AdminPasswordStrength>
+    </modules>
+</config>