Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-66280

Improve output string building for print_password_policy() when $CFG->minpasswordlength = 0

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      1) Edit config.php to add the lines:

      $CFG->passwordpolicy = true;
      $CFG->minpasswordlength = 8;
      $CFG->minpassworddigits = 1;

      This ensures that the password policy is active, and has some controls set.

      2) Ensure that a user has a way to Self-signup, such as email-based self-signup.

      3) Visit /login/signup.php while not logged in, and ensure that the password policy is visible above the "Password" text entry box.

      4) Edit config.php again to add/change the lines:

      $CFG->passwordpolicy = true; 
      $CFG->minpasswordlength = 0;
      $CFG->minpassworddigits = 0;
      $CFG->minpasswordlower = 0;
      $CFG->minpasswordupper = 0;
      $CFG->minpasswordnonalphanum = 0;
      $CFG->maxconsecutiveidentchars = 0;

      This keeps the password policy enabled, but sets all of the controls to 0, to disable them.

      5) Revisit /login/signup.php and verify that there is no text displayed above the "Password" text entry box.

      Show
      1) Edit config.php to add the lines: $CFG->passwordpolicy = true ; $CFG->minpasswordlength = 8 ; $CFG->minpassworddigits = 1 ; This ensures that the password policy is active, and has some controls set. 2) Ensure that a user has a way to Self-signup, such as email-based self-signup. 3) Visit /login/signup.php while not logged in, and ensure that the password policy is visible above the "Password" text entry box. 4) Edit config.php again to add/change the lines: $CFG->passwordpolicy = true ; $CFG->minpasswordlength = 0 ; $CFG->minpassworddigits = 0 ; $CFG->minpasswordlower = 0 ; $CFG->minpasswordupper = 0 ; $CFG->minpasswordnonalphanum = 0 ; $CFG->maxconsecutiveidentchars = 0 ; This keeps the password policy enabled, but sets all of the controls to 0, to disable them. 5) Revisit /login/signup.php and verify that there is no text displayed above the "Password" text entry box.
    • Affected Branches:
      MOODLE_38_STABLE
    • Fixed Branches:
      MOODLE_38_STABLE
    • Pull Master Branch:
      mdl-66280

      Description

      The way that print_password_policy builds the ouput string for displaying the policy is inconsistent. The minimum password length is always displayed, even when set to 0 characters, while other password policy controls such as minimum digits are not displayed when set to 0.

      This creates issues when the password policy needs to be enabled,  but you don't want $CFG->minpasswordlength set in lieu of some other more complex or nuanced policy. A proposed use case for this is MDL-66278.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  18/Nov/19

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m