[Koha-bugs] [Bug 21314] Koha enforces three (3) character password length even if RequireStrongPassword is disabled
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 21 05:02:30 CET 2018
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21314
M. Tompsett <mtompset at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mtompset at hotmail.com
Status|Needs Signoff |Failed QA
--- Comment #15 from M. Tompsett <mtompset at hotmail.com> ---
git grep -l minPasswordLength
-- there are other places: Koha/Patron.pm, C4/InstallAuth.pm
--- BEGIN FURTHER THOUGHTS ---
Perhaps a C4::Context function to return this value, so you don't end up
putting the same code in 4 spots?
Also, perhaps cutting the minPasswordLength from the template variables set,
and update Koha/Template/Plugin/Koha.pm with a call to the new C4::Context
function?
because I also noticed the password_check.inc files.
just reading members/member-password.tt -- Hmmm... logic there might be broken,
because you could set minPasswordLength=2, RequireStrongPassword = true, and
then you need 3, but the message will say 2. Another good place for such a
tweak
to the plugin.
members/memberentrygen.tt bypasses this issue, by using the template value.
similarly, opac-passwd.tt.
similarly, opac-password-recovery.tt
opac-memberentry.tt uses the template value, but also has a direct preference
call too. DOH!
DOH! AuthUtils.t doesn't test for the 2 but strong case. That's beyond scope.
Koha/Patrons.t doesn't maybe? Beyond scope, but I'm still looking at all
minPasswordLength files not po files. :)
Hmmm... api patron test file mocks the system preference. *shrug*
--- END FURTHER THOUGHTS ---
Okay... to summarize: Failed QA because
git grep -l minPasswordLength
-- there are other places: Koha/Patron.pm, C4/InstallAuth.pm
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list