Show the blacklisted terms that are substrings of the password

Open on Drupal.org →

Created on 14 January 2025, 8 days ago

With the password_policy_blacklist module is enabled and a Password Blacklist constraint, when the user enters a password that contains a blacklisted term, the failure message displayed is "There are restricted terms in your password. Please modify your password."

In the case where "Also disallow passwords containing blacklisted passwords" is enabled for the constraint, it may not be obvious to the user which part of the password is a problem.

Could we add an option to show the restricted terms? I'm thinking basically the same thing that AohRveTPV [proposed]( https://www.drupal.org/project/password_policy/issues/1603210#comment-99... → ) a while ago:

Indicate only the blacklisted passwords that the user has entered.

Have this indication be an option which is off by default.

Attached is a patch with a prototype that shows one of the terms (maybe one is sufficient?). It is not yet conditional on a setting.

✨ Feature request

Status

Active

Version

4.0

Component

User interface

Created by

🇺🇸United States jlstrecker Athens, Ohio, USA

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!101Show the blacklisted terms that are substrings of the password
Open
sourabhsisodia_
updated 7 days ago

Comments & Activities

Issue created by @jlstrecker
Comment 8 days ago →
🇺🇸United States jlstrecker Athens, Ohio, USA
Comment 8 days ago →
sourabhsisodia_
Merge request !101Issue #3499696: added a new configuration option to show/hide specific... → (Open) created by sourabhsisodia_
Comment 7 days ago →
sourabhsisodia_
Pipeline finished with Failed
7 days ago
Total: 892s
#396471
Comment 6 days ago →
🇺🇸United States jlstrecker Athens, Ohio, USA
Here the placeholder doesn't match:

$validation->setErrorMessage($this->t('The password "@password" is not allowed. Please choose a different password.', [ '@term' => $blacklisted_password ]));
That's the only problem I found. I reviewed the code and tested:

Enabling show_blacklisted_term on an existing constraint with match_substrings

Enabling show_blacklisted_term on a new constraint without match_substrings

Disabling show_blacklisted_term on the previous constraint

I appreciate the improved wording in the error messages.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024