-
Improvement
-
Resolution: Fixed
-
Minor
-
3.4, 3.6
-
MOODLE_34_STABLE, MOODLE_36_STABLE
-
MOODLE_36_STABLE
-
wip-
MDL-61694_Check_Password_Callback -
Hi.
I have a requirement to add some new password validation to a variety of systems that I maintain.
Specifically, I need to integrate with the Have I Been Pwned API, which allows a system to check whether a newly entered password is known to be insecure because it has been previously found in a hacked database.
I have already written plugins for Joomla and Drupal to do this, and I now need to do so for Moodle as well.
Unfortunately, however, Moodle does not seem to provide the ability to easily do this; there is no extension point that hooks into the password validation. I tried working around it with an Auth plugin, using the user_update_password() method, but this method only gets called for the specific auth plugin that has been used to create the user account, which doesn't work for me; I need to continue using the existing auth types, and have my method get triggered for any of them that involve a password update.
I would therefore like to please request that an extension capability is added that will enable me to do this.
Many thanks.
Forum reference: https://moodle.org/mod/forum/discuss.php?d=367393