Redirect with hook or after login if condition is met

9.0.x

#1

Hello,
I’ll try to describe what I need and the difficulty I have.

Challenge
When user logs in, check password strength and if it is weak, do one of these, until the user changes the password with a strong one:
  • Show a message (popup) only once after every login.
  • Or, redirect to change password app (custom app), only after login.

If password is strong enough, continue to general default app.

What I tried
I wrote a custom app to do this (types: authentication and prelogin). And tried the following approaches:
  • Check password strength and save result on the database for later use. (DONE)
  • Set a hook on post_login. (DONE)
  • Make the hook do a redirect or popup (DON’T KNOW HOW)
  • Popup: Copy code from firstrunwizard, couldn’t make it to work and it’s not recommended to load scripts on “app.php”. (NOT WORKING)
  • Redirect: Go to custom app if password is weak. (DON’T KNOW HOW)
  • Redirect: Change user landing page if password is weak. (DON’T KNOW HOW)

Another option could be to move this logic to a modified firstrunwizard…

Any hint is welcome. :wink:
Thank you!


#2

You can look to password_policy app, it is forcing user to change password when password expired. https://github.com/owncloud/password_policy/blob/master/lib/HooksHandler.php#L260

Also, you can use notification API for informing user. All of them are implemented in password policy app.


#3

Note that min server version of the password_policy app is 10.0.9. By the way, why don’t you use password policy app :). Looks like it satisfies your needs. Also, if you have suggestion to improve it, all ideas and Pull requests are welcome.


#4

Thanks for the reply, the thing is that we use imap for authentication and the custom app changes the password directly in the imap server, so we cannot benefit of the policy app, besides the oC version is not satisfied, and there are some issues to resolve before upgrading… :slightly_frowning_face:

Anyway, I’ll take a look at the code of the policy app…


#5

I gave another shot to the code of firstrunwizard, and I was able to get it working, with some javascript trouble, but at least the popup shows up. There was a route missing similar to the firstrunwizard routes.php. And I dismissed the hook.