Ticket #12521 (closed PLIP: duplicate)
Customizable password generation & validation
Reported by: | mitchell | Owned by: | mitchell |
---|---|---|---|
Priority: | minor | Milestone: | Future |
Component: | Backend (Python) | Version: | |
Keywords: | Cc: | djay |
Description (last modified by mitchell) (diff)
Proposer: Richard Mitchell
Seconder: Andreas Jung
Motivation
Currently the testPasswordValidity, getPassword & generatePassword functions of Products.CMFPlone.RegistrationTool.RegistrationTool make certain assumptions about the length a password ought to be & the characters which ought to make it up in the case of generated passwords.
If one wishes to implement a password character limit or other password strength validation it is currently required to override completely or monkey-patch the registration tool.
Assumptions
Assumed that there are not any existing plans to overhaul the validation of passwords on password change / registration forms before 4.4.
Proposal & Implementation
To implement a new password validation / generation interface & utility, abstracting these methods, which may be overridden by add-on products.
To provide a default implementation of this utility which refers to a new property of the registration tool which may be customized through GenericSetup or the ZMI to govern the minimum accepted password length.
The default value of the minimum length should be 5 (to match the current default).
Deliverables
- Code changes to CMFPlone.RegistrationTool.
- Unit tests
- Documentation on how to customize both password length validation & override default behaviour with a new utility.
Risks
In keeping the original function signatures (though changing the default values for password length keyword arguments), impact should be minimal. Existing monkey patches will still work.
Participants
Richard Mitchell (mitchell)
Progress
- PLIP raised