Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.4, 3.6
-
Fix Version/s: 3.6
-
Component/s: Authentication
-
Labels:
-
Testing Instructions:
-
Affected Branches:MOODLE_34_STABLE, MOODLE_36_STABLE
-
Fixed Branches:MOODLE_36_STABLE
-
Pull from Repository:
-
Pull Master Branch:wip-
MDL-61694_Check_Password_Callback
Description
Hi.
I have a requirement to add some new password validation to a variety of systems that I maintain.
Specifically, I need to integrate with the Have I Been Pwned API, which allows a system to check whether a newly entered password is known to be insecure because it has been previously found in a hacked database.
I have already written plugins for Joomla and Drupal to do this, and I now need to do so for Moodle as well.
Unfortunately, however, Moodle does not seem to provide the ability to easily do this; there is no extension point that hooks into the password validation. I tried working around it with an Auth plugin, using the user_update_password() method, but this method only gets called for the specific auth plugin that has been used to create the user account, which doesn't work for me; I need to continue using the existing auth types, and have my method get triggered for any of them that involve a password update.
I would therefore like to please request that an extension capability is added that will enable me to do this.
Many thanks.
Forum reference: https://moodle.org/mod/forum/discuss.php?d=367393