Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-61694

Create an extension point for adding extra password validation functionality

    XMLWordPrintable

Details

    • MOODLE_34_STABLE, MOODLE_36_STABLE
    • MOODLE_36_STABLE
    • wip-MDL-61694_Check_Password_Callback
    • Hide
      1. Create a "local" plugin that implements the <pluginname>_check_password_policy() function.
      2. The plugin function should accept a single string argument; this should be the password that was entered.
      3. The plugin function should output a single string value, this should be an error message if the password is invalid, or a blank string if it is ok.
      4. Testing can be done by checking that the password is passed into the function correctly, that the return value is treated as an error message in the same way as existing password check errors.
      5. You should also check that the existing password check mechanism continues to work as expected, per its own configuration.
      6. The plugin should be called regardless of whether the primary password check is enabled or not, because plugins can be enabled separately.
      7. I have also created a plugin of my own that implements this callback. You can find it here: https://github.com/Spudley/moodle-local_hibp. This is a 'real' plugin that implements the "HaveIBeenPwned" API as I mentioned in the original ticket description. Please feel free to use this plugin to test the callback as well.
      Show
      Create a "local" plugin that implements the <pluginname>_check_password_policy() function. The plugin function should accept a single string argument; this should be the password that was entered. The plugin function should output a single string value, this should be an error message if the password is invalid, or a blank string if it is ok. Testing can be done by checking that the password is passed into the function correctly, that the return value is treated as an error message in the same way as existing password check errors. You should also check that the existing password check mechanism continues to work as expected, per its own configuration. The plugin should be called regardless of whether the primary password check is enabled or not, because plugins can be enabled separately. I have also created a plugin of my own that implements this callback. You can find it here: https://github.com/Spudley/moodle-local_hibp . This is a 'real' plugin that implements the "HaveIBeenPwned" API as I mentioned in the original ticket description. Please feel free to use this plugin to test the callback as well.

    Description

      Hi.

      I have a requirement to add some new password validation to a variety of systems that I maintain.

      Specifically, I need to integrate with the Have I Been Pwned API, which allows a system to check whether a newly entered password is known to be insecure because it has been previously found in a hacked database.

      I have already written plugins for Joomla and Drupal to do this, and I now need to do so for Moodle as well.

      Unfortunately, however, Moodle does not seem to provide the ability to easily do this; there is no extension point that hooks into the password validation. I tried working around it with an Auth plugin, using the user_update_password() method, but this method only gets called for the specific auth plugin that has been used to create the user account, which doesn't work for me; I need to continue using the existing auth types, and have my method get triggered for any of them that involve a password update.

      I would therefore like to please request that an extension capability is added that will enable me to do this.

      Many thanks.

       

      Forum reference: https://moodle.org/mod/forum/discuss.php?d=367393

      Attachments

        Issue Links

          has a non-specific relationship to

          New Feature - A new Moodle feature which has yet to be developed. MDL-67309 Have options to call check_password_policy on every login

          • Minor - Minor loss of function where workaround is possible
          • Closed
          has been marked as being related by

          Bug - A problem which impairs or prevents Moodle from functioning correctly. MDL-67950 Logical inconsistency between $CFG->passwordpolicy between check_password_policy vs print_password_policy

          • Minor - Minor loss of function where workaround is possible
          • Closed

          Activity

            People

              sc-sfw Simon Champion
              sc-sfw Simon Champion
              Mark Nelson Mark Nelson
              David Monllaó David Monllaó
              David Mudrák (@mudrd8mz) David Mudrák (@mudrd8mz)
              Jake Dallimore, Mathew May, Mihail Geshoski
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                3/Dec/18