andrii-kryvoviaz
commented
5 months ago Certaenly, that's what I was going to change anyway.
As of now it uses this Symfony PasswordStrenght constraint, which is not that straightforward on how to configure the complexity:
#[Assert\PasswordStrength(minScore: Assert\PasswordStrength::STRENGTH_MEDIUM)]
private string $passwordMore information here: https://symfony.com/doc/current/reference/constraints/PasswordStrength.html
I will just introduce a custom constraint, since the Symfony option is too general and oversimplified in terms of configuration.
Currently, the password-setting rules need to be more straightforward and more friendly. There is no indication besides a short error. Moreover, the rule is based on the number of characters rather than their quality.
Example password: 1qaz@Wsx#Edc - number, low-uppercase, specials - NOT VALID, less than 16chars 1qaz2wsx3edc4rfv - number, lowercase only - VALID, 16chars
Suggested changes: Add a docker environment variable that can overwrite the character count requirement, eg, set it to x chars (or, allow the user to change it from the profile page with lower standards). Add a validation error message that will specify what exactly is wrong with the password. Adjust rules to something like: