This week, I will make a short article regarding how to ensure the user has set a password long enough.
As you know, there is no password checking in Quality Center, and even a blank password is still considered as a valid password. If you have already installed the Quality Center Demo project, you are aware that the default users ‘alice_qc’, ‘cecil_qc’ and al. all have a blank password.
If you have some system administration background, you also certainly know that this is bad practice (very bad, to be exact).
So, now, the question is ‘How to check a user’s password?’ Good question and I will answer that in the next paragraphs.
If you remember from last week, the workflow provides a set of event functions where you can control the behavior of Quality Center. The one that interest us today is Project_CanLogin. Indeed, this function has the following prototype:
Function Project_CanLogin(DomainName, ProjectName, UserName)
where:
• DomainName: Name of the domain the user is trying to log in
• ProjectName: Name of the project the user is trying to log in
• UserName: Name of the user who is trying to log in
• and more importantly, this function returns a boolean value that indicates if you accept or not this user. False, for stay away from my project
Now, we can deny access to a user but we still cannot check his password. But this can be quickly resolved. There is an object called TDConnection (nearly the same as in the OTA API) that has an interesting property called Password.
If you try to do the following in Project_CanLogin then you will see your password:
MsgBox TDConnection.Password
We now have all the building blocks for solving the issue:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Else
Project_CanLogin = True
End If
End Function
OK, not too bad but maybe we can go a little bit further. Now, we can even enforce a length of minimum 8 characters and force the user to change his or her password if the size is incorrect. The full script is below:
Function Project_CanLogin(DomainName, ProjectName, UserName)
‘ First Check the password.
If TDConnection.Password = “” Then
MsgBox “Your user id does not have any password defined. Please contact the project administrator.”, 0, “Error”
Project_CanLogin = False
Exit Function
ElseIf Len(TDConnection.Password) < 8 Then
MsgBox “Your password length is too short. You have to change your password now and log in again.”, 0, “Error”
Project_PasswordChange UserName
Project_CanLogin = False
Exit Function
End If
Project_CanLogin = True
End Function
Sub Project_PasswordChange(UserName)
OldPassword = InputBox(“Type in your old password:”, “Password Change”)
Select Case OldPassword
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
End Select
NewPassword1 = InputBox(“Type a new password with 8 or more characters:”, “Password Change”)
Select Case NewPassword1
Case “”
MsgBox “You will not be allowed to log into this project.”
Exit Sub
Case Else
If Len(NewPassword1) < 8 Then
MsgBox “Your password is too short, please type a longer password.”, 0, “Error”
Project_PasswordChange UserName
Exit Sub
End If
End Select
NewPassword2 = InputBox(“Retype your new password:”, “Password Change”)
If NewPassword1 = NewPassword2 Then
On Error Resume Next
TDConnection.ChangePassword OldPassword, NewPassword1
If Err.Number <> 0 Then
MsgBox “Your password was not changed:” & vbNewLine & Err.Description, 0, “Error”
Else
MsgBox “Your password has been successfully changed”, 0, “Information”
End If
On Error GoTo 0
Else
MsgBox “Password is invalid.”, 0, “Error”
End If
End Sub
That’s it for today. One last remark: anything you define in the workflow only applies to 1 project. So, if you want to impose this rule to all your projects, you have to copy this code in all the workflows.
