Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29122

As a developer, I want to configure password policies in ezuser Field Definitions

    Details

      Description

      It should be possible to configure password policies through ezuser fields definitions.

      Constraints list:

      label input type default
      Minimum password length number 8
      Require at least one uppercase letter checkbox checked
      Require at least one lowercase letter checkbox checked
      Require at least one number checkbox checked
      Require at least one nonalphanumeric character checkbox checked

      Validation by regular expression

      As an alternative to the above, a (perl compatible) regular expression can be entered. When it is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

      Error text

      Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

      Validation scope

      Validation should happen in all contexts where a user password can be set:

      • User register
      • User edit
      • Change password (user profile, up v2.1)
      • REST API
      • Public API

      Backward compatibility

      Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

      New installations should have the defaults indicated above, prestored in the default user_account field definition.

        Issue Links

          Activity

          Ramzi Arfaoui created issue -
          Bertrand Dunogier made changes -
          Field Original Value New Value
          Issue Type Feature [ 2 ] Story [ 7 ]
          Workflow EZ* Feature Request Workflow [ 133321 ] EZEE and EZP Story Workflow [ 133356 ]
          Status Open [ 1 ] Backlog [ 10000 ]
          Bertrand Dunogier made changes -
          Status Backlog [ 10000 ] Specification [ 10002 ]
          André Rømcke made changes -
          Link This issue relates to CS-6772 [ CS-6772 ]
          Jacek Foremski (Inactive) made changes -
          Fix Version/s Customer request [ 11018 ]
          Sylvain Guittard made changes -
          Component/s Platform UI (Admin UI & Content UI) [ 10301 ]
          Bertrand Dunogier made changes -
          Summary As a developer, I want to add password policies in ezuser FieldType As a developer, I want to configure password policies in ezuser FieldType
          Bertrand Dunogier made changes -
          Summary As a developer, I want to configure password policies in ezuser FieldType As a developer, I want to configure password policies in ezuser Field Definitions
          Bertrand Dunogier made changes -
          Description It should be possible to add password policies when adding ezuser FieldType to an existing ContentType.
          Nice to have:
          - Minimum password length (Input)
          - Require at least one uppercase letter (checkbox)
          - Require at least one lowercase letter(checkbox)
          - Require at least one number (checkbox)
          - Require at least one nonalphanumeric character (checkbox)
          - Validation Regexp (for advanced developer)(Input)
          - Error Text (Input)

          The Validation should be then available in following forms:
          - User edit
          - Change password (user profile, up v2.1)
          It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API
          Bertrand Dunogier made changes -
          Description It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API
          It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API

          h3. Backward compatibility
          Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

          New installations should have the defaults indicated above, prestored in the default {{user_account}} field definition.
          Bertrand Dunogier made changes -
          Description It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API

          h3. Backward compatibility
          Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

          New installations should have the defaults indicated above, prestored in the default {{user_account}} field definition.
          It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User register
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API

          h3. Backward compatibility
          Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

          New installations should have the defaults indicated above, prestored in the default {{user_account}} field definition.
          Bertrand Dunogier made changes -
          Description It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a regular expression can be entered. When one is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User register
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API

          h3. Backward compatibility
          Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

          New installations should have the defaults indicated above, prestored in the default {{user_account}} field definition.
          It should be possible to configure password policies through {{ezuser}} fields definitions.

          h3. Constraints list:
          ||label||input type||default||
          |Minimum password length|number|8|
          |Require at least one uppercase letter|checkbox|checked|
          |Require at least one lowercase letter|checkbox|checked|
          |Require at least one number|checkbox|checked|
          |Require at least one nonalphanumeric character|checkbox|checked|

          h3. Validation by regular expression
          As an alternative to the above, a (perl compatible) regular expression can be entered. When it is, the "simple" constraints in the previous chapter are disabled (greyed out), and not applied. The regular expression's validity must be tested when the form is submitted.

          h3. Error text
          Independently of the chosen validation method, an input field sets the validation error message shown when the constraints aren't met.

          h3. Validation scope
          Validation should happen in all contexts where a user password can be set:
          - User register
          - User edit
          - Change password (user profile, up v2.1)
          - REST API
          - Public API

          h3. Backward compatibility
          Existing installations shouldn't have any of those options enabled. It can be detected in the converter / fieldtype, since the configuration for them won't exist in the database.

          New installations should have the defaults indicated above, prestored in the default {{user_account}} field definition.
          Bertrand Dunogier made changes -
          Status Specification [ 10002 ] Specification Review [ 10038 ]
          Sylvain Guittard made changes -
          Remote Link This issue links to "Feature (Web Link)" [ 18622 ]
          Barbara Grajczyk made changes -
          Assignee Bertrand Dunogier [ bertrand.dunogier@ez.no ] Barbara Grajczyk [ barbara.grajczyk@ez.no ]
          Barbara Grajczyk made changes -
          Status Specification Review [ 10038 ] Specification Done [ 10003 ]
          Barbara Grajczyk made changes -
          Status Specification Done [ 10003 ] Development [ 3 ]
          Barbara Grajczyk made changes -
          Status Development [ 3 ] Development Done [ 5 ]
          Barbara Grajczyk made changes -
          Status Development Done [ 5 ] QA [ 10008 ]
          Barbara Grajczyk made changes -
          Status QA [ 10008 ] QA Done [ 10007 ]
          Fix Version/s 2.4.0-rc1 [ 15090 ]
          Assignee Barbara Grajczyk [ barbara.grajczyk@ez.no ]
          Barbara Grajczyk made changes -
          Status QA Done [ 10007 ] Closed [ 6 ]
          Resolution Done [ 9 ]

            People

            • Assignee:
              Unassigned
              Reporter:
              Ramzi Arfaoui
            • Votes:
              1 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: