Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

PasswordValidator() not giving validation errors feedback


Reply

2 Posts   949 Views

Avatar
socks

22 July 2010 at 1:25pm Community Member, 190 Posts

I'm using PasswordValidator()
SS 2.4

$pwdValidator = new PasswordValidator();
$pwdValidator->minLength(8);
$pwdValidator->checkHistoricalPasswords(2);
$pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));
Member::set_password_validator($pwdValidator);

In the CMS, when adding a new member. If the password doesn't validate, it properly gives feedback on why it didn't validate (ie "Password is too short, it must be 7 or more characters long. You need to increase the strength of your passwords by adding some of the following characters: uppercase").

But if on the site, a member says "Lost my Password". After clicking the email reset password link, on the Change Password form. Password Validator no longer gives feedback on why the password didn't validate. All it spits out is "We couldn't accept that password %s".

If someone can verify this issue and doesn't have a fix, I'll submit a bug report. And I'll just write the validation rules into the Security_changepassword.ss template.

Thanks

Avatar
Ronan

16 July 2011 at 5:06am Community Member, 1 Post

Hi Socks,

I know it's an old post, but I came across the same problem and finally figured it out.

It's the 4 argument in characterStrength:

$pwdValidator->characterStrength(4,array('lowercase','uppercase','digits','punctuation'));

This represents: $minScore $minScore - The minimum number of character tests that must pass

I haven't gone into source to check what this does but my guess is it's saying you need 4 of each of the characters types specified in the array.

I'm happy with just 1 of each so I took out the argument. I think the lack of a validation error is only for the edge case where this type of validation is used.