- Issue created by @justanothermark
- Merge request !59#3366875 - Use mb_strlen() to more accurately calculate password length in length constraint. β (Merged) created by justanothermark
- Status changed to Needs review
over 1 year ago 9:23pm 14 June 2023 - π¬π§United Kingdom justanothermark
Added patch which:
* Adds a Unit test case for this issue to `\Drupal\Tests\password_policy_length\Unit\PasswordLengthTest::lengthDataProvider()`
* Replaces the use of `strlen()` with `mb_strlen()` in `\Drupal\password_policy_length\Plugin\PasswordConstraint\PasswordLength::validate()` - Status changed to RTBC
over 1 year ago 1:10pm 9 August 2023 - π¬π§United Kingdom Alina Basarabeanu
Changes tested on Drupal Version 9.5.10 and Password Policy 4.0.0.
The minimum password length is set to 5 characters and aaa$ or tesΒ£ passwords are failing the validation.
Without the patch those passwords are valid. - Assigned to Kristen Pol
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.
- Status changed to Needs work
11 months ago 7:16pm 8 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Looks like we are missing a couple of places, but I can update these:
public function validatePassword(string $password, UserInterface $user, array $edited_user_roles = []): PasswordPolicyValidationReport { // Stop before policy-based validation if password exceeds maximum length. if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) { return TRUE; }
and perhaps:
$blacklisted_passwords = array_filter($blacklisted_passwords, 'strlen');
- Status changed to Needs review
11 months ago 7:28pm 8 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Actually, I think I'm wrong here. Core is using
strlen
:core/lib/Drupal/Core/Password/PhpPassword.php: if (strlen($password) > static::PASSWORD_MAX_LENGTH
so I'll change it back and add a comment.
- Status changed to RTBC
11 months ago 7:48pm 8 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Tested both min and max and it works as expected.
Since I didn't add logic, just a comment, back to RTBC. I'll get this merged.
-
Kristen Pol β
committed dbbf2f93 on 4.0.x authored by
justanothermark β
#3366875 - Use mb_strlen() to more accurately calculate password length...
-
Kristen Pol β
committed dbbf2f93 on 4.0.x authored by
justanothermark β
- Issue was unassigned.
- Status changed to Fixed
11 months ago 7:51pm 8 February 2024 - πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
Thanks everyone for the help on this issue. The fix has been merged and will be part of the next release.
Automatically closed - issue fixed for 2 weeks with no activity.
- πΊπΈUnited States Kristen Pol Santa Cruz, CA, USA
This is part of the new 4.0.1 release β .