Add minimum lowercase rule for password validation.#24230
Add minimum lowercase rule for password validation.#24230wilsonge merged 6 commits intojoomla:stagingfrom
Conversation
| ; Messages | ||
| COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required." | ||
| COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required." | ||
| COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lowercase characters. At least %s lower case characters are required." |
There was a problem hiding this comment.
Lower case can be written as either one word or two. At a minimum we should be consistent in only using one variant. Using the gov.uk website as a source we should standardise on one word not two
| COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N="Password does not have enough digits. At least %s digits are required." | ||
| COM_USERS_MSG_NOT_ENOUGH_INTEGERS_N_1="Password does not have enough digits. At least 1 digit is required." | ||
| COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N="Password does not have enough lowercase characters. At least %s lower case characters are required." | ||
| COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N_1="Password does not have enough lowercase characters. At least 1 lower case character is required." |
|
I did a copy of the uppercase sentence,.. should be changed too? |
|
I just realised that too ;) I don't care if we use one word or two but we should be consistent - especially in the same sentence. Should help the translators as well |
| COM_USERS_CONFIG_FIELD_MINIMUM_INTEGERS="Minimum Integers" | ||
| COM_USERS_CONFIG_FIELD_MINIMUM_INTEGERS_DESC="Set the minimum number of integers that must be included in a password." | ||
| COM_USERS_CONFIG_FIELD_MINIMUM_LOWERCASE="Minimum Lower Case" | ||
| COM_USERS_CONFIG_FIELD_MINIMUM_LOWERCASE_DESC="Set the minimum number of lower case alphabetical characters required for a password." |
|
Tested with Joomla! Patch Tester and it works fine |
|
@agerix please mark your Test at Issue Tracker as "Tested successfully". |
|
I have tested this item ✅ successfully on ee1d90a This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
|
I've just do it Franz, I'm a new tester... :) This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
|
@Quy you are right, I changed all to two words as in the label. |
|
@HLeithner you need to reflect these changes here: https://github.com/joomla/joomla-cms/blob/staging/media/system/js/passwordstrength.js A fair warning tho, that file is Mootools based so in essence wouldn't be advisable to ask anyone to add any new functionality there. In short better do this in the 4.0 repo... |
|
This is already available in j4 |
Well I lost track of the things I did already for J4 😉 Anyways, then at a bare minimum, the last function in the Mootools version needs to be adapted |
|
@dgrammatiko this file looks like its only show the password strength and doesn't have anything to do with the requirement. |
|
@HLeithner it should read the requirements for calculating the strength, or maybe not... |
|
The script uses the threshold that is set as parameter I didn't find any calculation based on the requirements parameters... |
|
I have tested this item ✅ successfully on da122f3 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
|
@agerix can you please submit again your test? |
|
|
||
| if ($nLowercase < $minimumLowercase) | ||
| { | ||
| \JFactory::getApplication()->enqueueMessage( |
There was a problem hiding this comment.
should be easy to namespace
| if ($nLowercase < $minimumLowercase) | ||
| { | ||
| \JFactory::getApplication()->enqueueMessage( | ||
| \JText::plural('COM_USERS_MSG_NOT_ENOUGH_LOWERCASE_LETTERS_N', $minimumLowercase), |
|
If I add the name spaces here I have to change the complete file and I think this would maybe give a merge conflict when george merge it into 4.0 |
|
J4 already has a lowercase rule |
|
maybe it's me but the 4.0 https://github.com/joomla/joomla-cms/blob/4.0-dev/libraries/src/Form/Rule/PasswordRule.php didn't have lowercase yet.... @HLeithner not an expert on "easy merging" matter but looking the 2 file side by side .... |
|
I have tested this item ✅ successfully on e386929 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
1 similar comment
|
I have tested this item ✅ successfully on e386929 This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
|
RTC This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/24230. |
10 participants
Pull Request for Issue #24156 .
Summary of Changes
Add missing lower case requirement for passwords
Testing Instructions
Set minimum lowercase count to 0 or higher.
Change password. Use password with more and less lowercase characters
Expected result
It should be possible to force a minimum of lowercase characters.
Actual result
Option is missing.