Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66280

Improve output string building for print_password_policy() when $CFG->minpasswordlength = 0

XMLWordPrintable

    • MOODLE_38_STABLE
    • MOODLE_38_STABLE
    • mdl-66280
    • Hide

      1) Edit config.php to add the lines:

      $CFG->passwordpolicy = true;
      $CFG->minpasswordlength = 8;
      $CFG->minpassworddigits = 1;

      This ensures that the password policy is active, and has some controls set.

      2) Ensure that a user has a way to Self-signup, such as email-based self-signup.

      3) Visit /login/signup.php while not logged in, and ensure that the password policy is visible above the "Password" text entry box.

      4) Edit config.php again to add/change the lines:

      $CFG->passwordpolicy = true; 
      $CFG->minpasswordlength = 0;
      $CFG->minpassworddigits = 0;
      $CFG->minpasswordlower = 0;
      $CFG->minpasswordupper = 0;
      $CFG->minpasswordnonalphanum = 0;
      $CFG->maxconsecutiveidentchars = 0;

      This keeps the password policy enabled, but sets all of the controls to 0, to disable them.

      5) Revisit /login/signup.php and verify that there is no text displayed above the "Password" text entry box.

      Show
      1) Edit config.php to add the lines: $CFG->passwordpolicy = true ; $CFG->minpasswordlength = 8 ; $CFG->minpassworddigits = 1 ; This ensures that the password policy is active, and has some controls set. 2) Ensure that a user has a way to Self-signup, such as email-based self-signup. 3) Visit /login/signup.php while not logged in, and ensure that the password policy is visible above the "Password" text entry box. 4) Edit config.php again to add/change the lines: $CFG->passwordpolicy = true ; $CFG->minpasswordlength = 0 ; $CFG->minpassworddigits = 0 ; $CFG->minpasswordlower = 0 ; $CFG->minpasswordupper = 0 ; $CFG->minpasswordnonalphanum = 0 ; $CFG->maxconsecutiveidentchars = 0 ; This keeps the password policy enabled, but sets all of the controls to 0, to disable them. 5) Revisit /login/signup.php and verify that there is no text displayed above the "Password" text entry box.

      The way that print_password_policy builds the ouput string for displaying the policy is inconsistent. The minimum password length is always displayed, even when set to 0 characters, while other password policy controls such as minimum digits are not displayed when set to 0.

      This creates issues when the password policy needs to be enabled,  but you don't want $CFG->minpasswordlength set in lieu of some other more complex or nuanced policy. A proposed use case for this is MDL-66278.

            peterburnett Peter Burnett
            peterburnett Peter Burnett
            Brendan Heywood Brendan Heywood
            Andrew Lyons Andrew Lyons
            Janelle Barcega Janelle Barcega
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m

                  Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.