I'm using PasswordValidator()
SS 2.4

$pwdValidator = new PasswordValidator();
$pwdValidator->minLength(8);
$pwdValidator->checkHistoricalPasswords(2);
$pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));
Member::set_password_validator($pwdValidator);

In the CMS, when adding a new member. If the password doesn't validate, it properly gives feedback on why it didn't validate (ie "Password is too short, it must be 7 or more characters long. You need to increase the strength of your passwords by adding some of the following characters: uppercase").

But if on the site, a member says "Lost my Password". After clicking the email reset password link, on the Change Password form. Password Validator no longer gives feedback on why the password didn't validate. All it spits out is "We couldn't accept that password %s".

If someone can verify this issue and doesn't have a fix, I'll submit a bug report. And I'll just write the validation rules into the Security_changepassword.ss template.

Thanks

Hi Socks,

I know it's an old post, but I came across the same problem and finally figured it out.

It's the 4 argument in characterStrength:

$pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));

This represents: $minScore $minScore - The minimum number of character tests that must pass

I haven't gone into source to check what this does but my guess is it's saying you need 4 of each of the characters types specified in the array.

I'm happy with just 1 of each so I took out the argument. I think the lack of a validation error is only for the edge case where this type of validation is used.