Prior to this change user passwords were not validated on change aside from
their length, but validated on login/bind by ldap3 with SASLprep. Instead of
using SASLprep on password change, this change restricts passwords to 7-bit
ASCII without control characters. Control characters are forbidden by
SASLprep. Multi-byte characters are uncommon in password, especially in those
generated by password managers. This ensures that passwords are always
SASLprep-safe without implementing the rather complex SASLprep algorithm. It
also allows us to fully describe the alphabet restrictions in the relevant
forms.

Fixes #100

Ldap3 raises LDAPSASLPrepError on bind if the password contains characters
forbidden by SASLPrep (string preperation/normalization algorithm for user
names and passwords). Examples are carriage return ("\r") or newline ("\n")
characters. See #100.

sistason authored 3 years ago and Julian committed 3 years ago

This changes config key "LOGINNAME_BLACKLIST" to "LOGINNAME_BLOCKLIST".

Co-authored-by: nd <nd@cccv.de>

Broken mail clients like Thunderbird fail to recognize urlsafe characters
like "-" as part of an URL. token_urlfriendly avoids those characters.

Closes #93.

Co-authored-by: nd <nd@cccv.de>

The output of the "qrcode_svg" template filter emmitted a tag with a constant
id. When used multiple times in a single document (i.e. the invites list),
this leads to multiple elements sharing the same id value.