password policy not applied when creating new user #997
Description
Steps to reproduce
- as administrator, Go to Users menu
- Create new user with a weak password, not respecting the password policy
- user is created without warning
Expected behaviour
User must not be created
Actual behaviour
Tell us what happens instead
Server configuration
Operating system:
ubuntu 16.04.1
Web server:
nginx 1.10.1
Database:
mariaDB 10.0.25
PHP version:
PHP 7.0.8-0ubuntu0.16.04.2 (cli) ( NTS )
Nextcloud version: (see Nextcloud admin page)
Nextcloud 10.0 RC1 (testing)
Updated from an older Nextcloud/ownCloud or fresh install:
updated from 9.0.53
Where did you install Nextcloud from:
Signing status:
Signing status
No errors have been found.
List of activated apps:
App list
Enabled:
- admin_audit: 1.0.0
- calendar: 1.3.2
- contacts: 1.3.1.0
- dav: 1.0.0
- encryption: 1.3.1
- federatedfilesharing: 1.0.1
- files: 1.5.2
- files_external: 1.0.2
- files_pdfviewer: 0.8.1
- files_sharing: 1.0.0
- files_texteditor: 2.1
- files_trashbin: 1.0.0
- mail: 0.5.2
- notifications: 0.3.0
- ownnote: true
- password_policy: 1.0.0
- richdocuments: 1.1.4
- serverinfo: 1.1.1
- survey_client: 0.1.5
- tasks: 0.9.3
- templateeditor: 0.1
- workflowengine: 1.0.0
Disabled: - activity
- announcementcenter
- comments
- direct_menu
- external
- federation
- files_accesscontrol
- files_automatedtagging
- files_retention
- files_versions
- files_videoplayer
- firstrunwizard
- gallery
- provisioning_api
- systemtags
- theming
- updatenotification
- user_external
- user_ldap
- user_saml
The content of config/config.php:
Config report
{
"system": {
"instanceid": "oc285cio3gct",
"passwordsalt": "_REMOVED SENSITIVE VALUE",
"secret": "_REMOVED SENSITIVE VALUE",
"trusted_domains": [
"nuage-prive.fr"
],
"datadirectory": "/var/nextcloud_data",
"overwrite.cli.url": "https://nuage-prive.fr",
"dbtype": "mysql",
"version": "9.1.0.15",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "_REMOVED SENSITIVE VALUE",
"dbpassword": "_REMOVED SENSITIVE VALUE",
"logtimezone": "Europe/Paris",
"logdateformat": "F d, Y H:i:s",
"installed": true,
"memcache.local": "\OC\Memcache\APCu",
"mail_from_address": "postmaster",
"mail_smtpmode": "smtp",
"mail_domain": "nuage-prive.fr",
"mail_smtpsecure": "tls",
"mail_smtpauthtype": "LOGIN",
"mail_smtpauth": 1,
"mail_smtphost": "SSL0.OVH.NET",
"mail_smtpname": "_REMOVED SENSITIVE VALUE",
"mail_smtppassword": "_REMOVED SENSITIVE VALUE",
"maintenance": false,
"loglevel": 0,
"enable_previews": false,
"preview_libreoffice_path": "/usr/bin/libreoffice",
"default_language": "fr",
"knowledgebaseenabled": false,
"check_for_working_webdav": true,
"check_for_working_wellknown_setup": true,
"theme": "my_theme",
"remember_login_cookie_lifetime": 1296000
}
}
Are you using external storage, if yes which one: local/smb/sftp/...
no
Are you using encryption: yes/no
no
Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
LDAP configuration (delete this part if not used)
LDAP config
With access to your command line run e.g.:
sudo -u www-data php occ ldap:show-config
from within your Nextcloud installation folder
Without access to your command line download the data/owncloud.db to your local
computer or access your SQL server remotely and run the select query:
SELECT * FROM `oc_appconfig` WHERE `appid` = 'user_ldap';
Eventually replace sensitive data as the name/IP-address of your LDAP server or groups.
Browser:
Firefox 48
Operating system:
OSX 10.11.6
Logs
Web server error log
Web server error log
Insert your webserver log here
Nextcloud log
Insert your Nextcloud log here
Browser log
Insert your browser log here, this could for example include:
a) The javascript console log
b) The network log
c) ...