Ticket #12521 (closed PLIP: duplicate)

Opened 4 years ago

Last modified 4 years ago

Customizable password generation & validation

Reported by: mitchell Owned by: mitchell
Priority: minor Milestone: Future
Component: Backend (Python) Version:
Keywords: Cc: djay

Description (last modified by mitchell) (diff)

Proposer: Richard Mitchell
Seconder: Andreas Jung

Motivation

Currently the testPasswordValidity, getPassword & generatePassword functions of Products.CMFPlone.RegistrationTool.RegistrationTool make certain assumptions about the length a password ought to be & the characters which ought to make it up in the case of generated passwords.

If one wishes to implement a password character limit or other password strength validation it is currently required to override completely or monkey-patch the registration tool.

Assumptions

Assumed that there are not any existing plans to overhaul the validation of passwords on password change / registration forms before 4.4.

Proposal & Implementation

To implement a new password validation / generation interface & utility, abstracting these methods, which may be overridden by add-on products.

To provide a default implementation of this utility which refers to a new property of the registration tool which may be customized through GenericSetup or the ZMI to govern the minimum accepted password length.

The default value of the minimum length should be 5 (to match the current default).

Deliverables

  • Code changes to CMFPlone.RegistrationTool.
  • Unit tests
  • Documentation on how to customize both password length validation & override default behaviour with a new utility.

Risks

In keeping the original function signatures (though changing the default values for password length keyword arguments), impact should be minimal. Existing monkey patches will still work.

Participants

Richard Mitchell (mitchell)

Progress

  • PLIP raised

Change History

comment:1 Changed 4 years ago by mitchell

  • Description modified (diff)

comment:2 Changed 4 years ago by esteele

  • Milestone changed from 4.4 to Future

comment:3 Changed 4 years ago by eleddy

  • Status changed from new to confirmed
  • Cc djay added
  • Component changed from Unknown to Backend (Python)

Okay guys - there is some overlap happening here. We have two plips that are basically the same, one that was partially implemented and one that is proposed. Any chance you (djay and mitchell) can get together, put together 1 plip and we can go from there???

Refs #10959, #12521

comment:4 Changed 4 years ago by mitchell

  • Status changed from confirmed to closed
  • Resolution set to duplicate

Closing in favour of #10959.

Note: See TracTickets for help on using tickets.