Multibyte support for PasswordLength constraint

Added patch which:

* Adds a Unit test case for this issue to `\Drupal\Tests\password_policy_length\Unit\PasswordLengthTest::lengthDataProvider()`
* Replaces the use of `strlen()` with `mb_strlen()` in `\Drupal\password_policy_length\Plugin\PasswordConstraint\PasswordLength::validate()`

Changes tested on Drupal Version 9.5.10 and Password Policy 4.0.0.
The minimum password length is set to 5 characters and aaa$ or tes£ passwords are failing the validation.
Without the patch those passwords are valid.

Assigning to myself as I'm reviewing/merging ready RTBC fixes/updates over the next few days.

Looks like we are missing a couple of places, but I can update these:

  public function validatePassword(string $password, UserInterface $user, array $edited_user_roles = []): PasswordPolicyValidationReport {
    // Stop before policy-based validation if password exceeds maximum length.
    if (strlen($password) > PasswordInterface::PASSWORD_MAX_LENGTH) {
      return TRUE;
    }

and perhaps:

    $blacklisted_passwords = array_filter($blacklisted_passwords, 'strlen');

I'll test this.

Actually, I think I'm wrong here. Core is using strlen:

core/lib/Drupal/Core/Password/PhpPassword.php:    if (strlen($password) > static::PASSWORD_MAX_LENGTH

so I'll change it back and add a comment.

Tested both min and max and it works as expected.

Since I didn't add logic, just a comment, back to RTBC. I'll get this merged.

Thanks everyone for the help on this issue. The fix has been merged and will be part of the next release.

Automatically closed - issue fixed for 2 weeks with no activity.

This is part of the new 4.0.1 release → .