- Merge request !10Issue #3227004: Value 0 as password passed the validation โ (Closed) created by hmendes
- First commit to issue fork.
- last update
about 2 years ago Composer require failure - last update
about 2 years ago Composer require failure - ๐บ๐ฆUkraine i-trokhanenko Lutsk ๐บ๐ฆ
+1 RTBC
Merge request #10 works well for me. Thanks!
- Assigned to Kristen Pol
- ๐บ๐ธUnited States Kristen Pol Santa Cruz, CA, USA
Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.
- Issue was unassigned.
- Status changed to Needs work
over 1 year ago 3:17am 9 February 2024 - ๐บ๐ธUnited States Kristen Pol Santa Cruz, CA, USA
Thanks to everyone for working on this issue.
1. The MR doesn't have the same code that the patch has. Unclear why the patch has more.
2. We need tests (see the tag) so this is not ready.
- Assigned to cobadger
- ๐บ๐ธUnited States cobadger
Assigning this to myself to work on the issue.
- Merge request !703227004-4.0.x: Value 0 as password passed the validation โ (Open) created by cobadger
- Open on Drupal.org โCore: 10.2.1 + Environment: PHP 7.4 & MySQL 5.7last update
over 1 year ago Waiting for branch to pass - Issue was unassigned.
- Status changed to Needs review
over 1 year ago 8:55pm 9 February 2024 - ๐บ๐ธUnited States cobadger
I'm changing the version for this issue from 8.x-3.x-dev to 4.0.0 because 3.x is not compatible with Drupal 10 and 4.0.0 is the recommended release.
I altered the approach to solving this problem from adding a conditional in PasswordPolicyValidator to enabling PasswordPolicyValidator to use constraints that are independent of password_policy submodules, making it easier to maintain and test against those constraints.
MR #70 contains:
- An update to PasswordPolicyValidator to enable the use of constraints
- PasswordNotZeroConstraint
- PasswordNotZeroConstraintTest
- An update to _password_policy_user_profile_form_validate() that enables password validation when the password is the character zero
@Kristen-Pol, to answer your question about why patch #7 has more logic than MR #10, the update to _password_policy_user_profile_form_validate() -- which originally was in MR10 and was subsequently removed -- is necessary in order for the module to perform password validation when the password has been set as "0".
- Assigned to Kristen Pol
- ๐บ๐ธUnited States Kristen Pol Santa Cruz, CA, USA
Assigning to myself to review.
- Merge request !713236423: Corrected PasswordCharacter constraint to not require unique letters... โ (Closed) created by cobadger
- Merge request !723236423: Corrected PasswordCharacter constraint to not require unique letters... โ (Open) created by cobadger
- ๐บ๐ธUnited States cobadger
Please ignore MR 72. That MR is intended to go against https://www.drupal.org/project/password_policy/issues/3236423 โจ Do not require unique characters in "Password character type" constraint Needs review .
- Issue was unassigned.
- Status changed to Needs work
over 1 year ago 11:42pm 22 February 2024 - ๐บ๐ธUnited States Kristen Pol Santa Cruz, CA, USA
Thanks for the updates. I looked at MR 70 and noted a couple formatting fixes and had a question.
- ๐บ๐ธUnited States Kristen Pol Santa Cruz, CA, USA
This still needs work per feedback above and needs tests.
- ๐ฎ๐ณIndia dev20.addweb
empty()
considers "0" as false$str === ""
would work instead - ๐ฎ๐ณIndia vishalkhode
vishalkhode โ made their first commit to this issueโs fork.
- ๐ฎ๐ณIndia vishalkhode
Update MR !70 and reverted changes from @COBadger. I think we shouldn't create a new password policy constraint for zero password validation as this should be treated normally because user can enter other single digit numeric / string values like 1 or 2 or 3 or a or b etc. The policy validator should be more of generic validations. I've added
strlen
condition to fix this issue and added PHPUnit tests as well. - ๐ฎ๐ณIndia vishalkhode
vishalkhode โ changed the visibility of the branch 3236423-4.0.x-do-not-require-unique-characters to hidden.
Have updated summary. A password of '0' does not pass the validation, rather the validation is skipped entirely as PHP considers the string 0 as empty, but the password is not saved due to the same logic error existing in Core.
I agree with vishalkhode that there is no need for a new constraint, just explicitly check for empty string instead of using the empty function.