From 412b231c92c2dc9efe221a9c00c08a97ea35a0a2 Mon Sep 17 00:00:00 2001
From: Thomas Berezansky <tsbere@mvlc.org>
Date: Sat, 24 Sep 2011 16:28:29 -0400
Subject: [PATCH 1/1] TPac: Default Password Strength Rule

Every other password interface seems to have it.
Implemented as a single regex in this case.

Signed-off-by: Thomas Berezansky <tsbere@mvlc.org>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---
 Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
index 726db95e4d..83257e7e02 100644
--- a/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
+++ b/Open-ILS/src/perlmods/lib/OpenILS/WWW/EGCatLoader/Account.pm
@@ -1217,6 +1217,11 @@ sub load_myopac_update_password {
 
     my $pw_regex = $ctx->{get_org_setting}->($e->requestor->home_ou, 'global.password_regex');
 
+    if(!$pw_regex) {
+        # This regex duplicates the JSPac's default "digit, letter, and 7 characters" rule
+        $pw_regex = '(?=.*\d+.*)(?=.*[A-Za-z]+.*).{7,}';
+    }
+
     if($pw_regex and $new_pw !~ /$pw_regex/) {
         $ctx->{password_invalid} = 1;
         return Apache2::Const::OK;
-- 
2.43.2