Password policy doesn't work when updating the user

Thanks to everyone for your work on this issue.

As the 8.x is no longer supported, I'm postponing this issue for now and need feedback as to whether or not this change is relevant to 4.0.x. If it is, please reopen and change the version and reroll the patch if necessary. If it's not, please closed as "won't fix".

If there is no response to this in a month addressing the above, it can be closed as "won't fix".

I am re-opening this as it is IMHO still relevant for 4.0.x. I will create an MR (based on the last patch #30) shortly.

The tests are passing based on the prior patch (#30) now that I have applied it properly against 4.0.x. cspell/eslint/phpcs/phpstan are failing. However, if I am not mistaken, these appear mostly to be pre-existing code style issues and should therefore likely be fixed in another issue (e.g. Fix the issues reported by phpcs 📌 Fix the issues reported by phpcs Needs review ).

The PasswordPolicyConstraintValidator coming from patch #30 would appear to have an off by one error as it only adds violations if there are more than 1 rather than more than 0. I have just pushed a commit to fix this. Test coverage must need to be expanded though as this was not captured by testing. Therefore, I am setting this issue back to 'needs work'.

I am also getting a type error when registering a new user as the password is null when registering a new user (until it is set subsequently upon email confirmation).

```

The website encountered an unexpected error. Try again later.

TypeError: Drupal\password_policy\PasswordPolicyValidator::validatePasswordPolicyConstraints(): Argument #1 ($password) must be of type string, null given, called in /app/docroot/modules/contrib/password_policy/src/Plugin/Validation/Constraint/PasswordPolicyConstraintValidator.php on line 88 in Drupal\password_policy\PasswordPolicyValidator->validatePasswordPolicyConstraints() (line 127 of modules/contrib/password_policy/src/PasswordPolicyValidator.php).

Drupal\password_policy\Plugin\Validation\Constraint\PasswordPolicyConstraintValidator->validate(Object, Object) (Line: 202)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator->validateConstraints(Object, '00000000000014ef0000000000000000', Array) (Line: 154)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator->validateNode(Object) (Line: 164)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator->validateNode(Object, Array, 1) (Line: 106)
Drupal\Core\TypedData\Validation\RecursiveContextualValidator->validate(Object, NULL, NULL) (Line: 93)
...

I have pushed a fix for the above type error to MR !78, but I am leaving the issue in the status of 'needs work' as test coverage is needed.

There is also an issue whereby the PasswordPolicyConstraintValidator does not trigger validation properly (where an existing password was not set) as getValue() returns an array.

    // Special case for the password, it being empty means that the existing
    // password should not be changed, ignore empty password fields.
    if ($userUnchanged && !empty($pass)) {
      // Compare the values of the field this is being validated on.
      $triggerValidation = $pass !== $userUnchanged->get('pass')->getValue() && !$user->checkExistingPassword($userUnchanged);
    }

Pushing a fix for this shortly.

Now that we correctly check whether the password has changed, the validation is not triggering when there is an existing password present. It is not clear why we should only trigger validation if the existing password is not correct valid.

    // password should not be changed, ignore empty password fields.
    if ($userUnchanged && !empty($pass)) {
      // Compare the values of the field this is being validated on.
      $triggerValidation = $pass != $userUnchanged->get('pass')->getValue() && !$user->checkExistingPassword($userUnchanged);
      $triggerValidation = $pass !== $userUnchanged->get('pass')->value && !$user->checkExistingPassword($userUnchanged);
    }

After fixing the issues I found, I have fixed the failing Kernel test and added some test coverage of the constraint validator. Therefore, I am moving this issue to 'Needs review'. Thanks in advance for a review.

Thank you for the review @czigor. I will work through your feedback as time permits. I am leaving the issue unassigned until I have capacity.