- First commit to issue fork.
- last update
over 1 year ago Composer require failure - @rajeshreeputra opened merge request.
- last update
over 1 year ago Composer require failure - last update
over 1 year ago 50 pass, 1 fail - Assigned to Kristen Pol
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
This should be against 4.0.x as 8.x branches are no longer supported, so changing version.
- Issue was unassigned.
- Status changed to Needs work
10 months ago 7:04pm 11 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Thanks everyone for the work on this issue. Moving back to needs work based on the following:
I've tested the original behavior and read the summary and comments above.
1. Regarding repeating characters, I found this:
Repeating characters is a different story. The current NIST standards explicitly say that complexity rules should not be used. (Examples of complexity rules include requiring upper AND lower case, special characters or numbers, denying passwords with repeating characters, etc.) So current NIST guidelines recommend against restrictions on repeating characters.
https://www.quora.com/How-does-restricting-password-length-or-repeating-...
I ready some other posts that talk about this as well. So, rather than add a "unique" checkbox per #6, I think we can move forward with this approach.
But this claims to be a list of NIST guidelines:
https://blog.netwrix.com/2022/11/14/nist-password-guidelines
which has:
Users should be prevented from using sequential characters (e.g., β1234β) or repeated characters (e.g., βaaaaβ).
There is already a consecutive character constraint that can be used though I don't see a sequential one. A separate feature request issue can be created to add sequential character constraint.
2. The MR does not match the most recent patch. I'm okay with an MR or patch, so whoever updates can do either.
3. Nitpick: The logic could be slightly simpler, e.g.
$count_numeric = $count_numeric + $val;could be:
$count_numeric += $val;4. The documentation/messages should be updated to reflect these changes:
#2894929: Instructions unclear for constraint of Uppercase and Lowercase Characters β
- Status changed to Needs review
10 months ago 8:59pm 12 February 2024 - πΊπΈUnited States COBadger
Not sure why it's not automatically being added to this page, but I created a new MR against 4.0.x:
https://git.drupalcode.org/project/password_policy/-/merge_requests/72
- Assigned to Kristen Pol
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Assigning to myself for review.
-
Kristen Pol β
committed efa8c454 on 4.0.x authored by
marcos_lima β
Issue #3236423 by COBadger, marcos_lima, Kristen Pol, hmendes,...
-
Kristen Pol β
committed efa8c454 on 4.0.x authored by
marcos_lima β
- Issue was unassigned.
- Status changed to Fixed
9 months ago 11:27pm 22 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Thanks everyone. I reviewed the code and tested MR 72 and it works as expected. This has been merged and will be in the next release.
That said, there still might be missing tests. Don't we want to test things like the following? If so, we can have a followup issue with more tests.
1. We set min numbers to 3 and we set password to 3 numbers that are the same.
2. We set min numbers to 3 and we set password to 3 numbers that are the different.
3. We set min numbers to 3 and we set password to 2 numbers that are the same (or different).
4. We set min numbers to 3 and we set password to 4 numbers that are the same (or different).
Automatically closed - issue fixed for 2 weeks with no activity.
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
This is part of the new 4.0.1 release β .