Details
-
Story
-
Resolution: Done
-
Medium
-
2.0.0
Description
It should be possible to configure password policies through ezuser fields definitions.
Constraints list:
| label | input type | default |
|---|---|---|
| Minimum password length | number | 8 |
| Require at least one uppercase letter | checkbox | checked |
| Require at least one lowercase letter | checkbox | checked |
| Require at least one number | checkbox | checked |
| Require at least one nonalphanumeric character | checkbox | checked |
Validation by regular expression
As an alternative to the above, a (perl compatible) regular expression can be entered. When it is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.
Error text
Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.
Validation scope
Validation should happen in all contexts where a user password can be set:
- User register
- User edit
- Change password (user profile, up v2.1)
- REST API
- Public API
Backward compatibility
Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.
New installations should have the defaults indicated above, prestored in the default user_account field definition.
Attachments
Issue Links
- links to