Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show all failed password criteria when changing a password to a not-strong-enough value #10270

Closed
1 task
andrewandante opened this issue Mar 31, 2022 · 0 comments · Fixed by #10966
Closed
1 task

Comments

@andrewandante
Copy link
Contributor

andrewandante commented Mar 31, 2022

Affected Version

4.10

Description

I've just added a robust password policy to my site (yay me). When I attempt to set my password to "test" I am warned that:

Please increase password strength by adding some of the following characters: uppercase, digits, punctuation

which is fine, but then when I do I get:

Password is too short, it must be 10 or more characters long

which is super annoying. It would be much better to flag all the password failures at once, please.

Steps to Reproduce

Add the following password requirements via yaml:

---
Name: app-passwords
After: '#corepasswords'
---
SilverStripe\Core\Injector\Injector:
  SilverStripe\Security\PasswordValidator:
    properties:
      MinLength: 10
      MinTestScore: 3

Then attempt to set a password of "test", followed by a password of "Test1!"

PR

@andrewandante andrewandante changed the title Show _all_ password criteria when changing a password to a not-strong-enough value Show all failed password criteria when changing a password to a not-strong-enough value Mar 31, 2022
@GuySartorelli GuySartorelli self-assigned this Oct 5, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants