I'm using PasswordValidator()
$pwdValidator = new PasswordValidator(); $pwdValidator->minLength(8); $pwdValidator->checkHistoricalPasswords(2); $pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation')); Member::set_password_validator($pwdValidator);
In the CMS, when adding a new member. If the password doesn't validate, it properly gives feedback on why it didn't validate (ie "Password is too short, it must be 7 or more characters long. You need to increase the strength of your passwords by adding some of the following characters: uppercase").
But if on the site, a member says "Lost my Password". After clicking the email reset password link, on the Change Password form. Password Validator no longer gives feedback on why the password didn't validate. All it spits out is "We couldn't accept that password %s".
If someone can verify this issue and doesn't have a fix, I'll submit a bug report. And I'll just write the validation rules into the Security_changepassword.ss template.