[Koha-bugs] [Bug 21314] Koha enforces three (3) character password length even if RequireStrongPassword is disabled

Wed Nov 21 05:02:30 CET 2018

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21314

M. Tompsett <mtompset at hotmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mtompset at hotmail.com
             Status|Needs Signoff               |Failed QA

--- Comment #15 from M. Tompsett <mtompset at hotmail.com> ---
git grep -l minPasswordLength
-- there are other places: Koha/Patron.pm, C4/InstallAuth.pm

--- BEGIN FURTHER THOUGHTS ---
Perhaps a C4::Context function to return this value, so you don't end up
putting the same code in 4 spots?

Also, perhaps cutting the minPasswordLength from the template variables set,
and update Koha/Template/Plugin/Koha.pm with a call to the new C4::Context
function?

because I also noticed the password_check.inc files.

just reading members/member-password.tt -- Hmmm... logic there might be broken,
because you could set minPasswordLength=2, RequireStrongPassword = true, and
then you need 3, but the message will say 2. Another good place for such a
tweak
to the plugin.

members/memberentrygen.tt bypasses this issue, by using the template value.
similarly, opac-passwd.tt.
similarly, opac-password-recovery.tt

opac-memberentry.tt uses the template value, but also has a direct preference
call too. DOH!

DOH! AuthUtils.t doesn't test for the 2 but strong case. That's beyond scope.
Koha/Patrons.t doesn't maybe? Beyond scope, but I'm still looking at all
minPasswordLength files not po files. :)
Hmmm... api patron test file mocks the system preference. *shrug*
--- END FURTHER THOUGHTS ---

Okay... to summarize: Failed QA because 
git grep -l minPasswordLength
-- there are other places: Koha/Patron.pm, C4/InstallAuth.pm

-- 
You are receiving this mail because:
You are watching all bug changes.