Confusing/incorrect message and failure to validate correctly

langleyfoxall / laravel-nist-password-rules

🔒 Laravel validation rules that follow the password related recommendations found in NIST Special Publication 800-63B section 5.

GNU Lesser General Public License v3.0

208 stars 49 forks source link

Confusing/incorrect message and failure to validate correctly #29

Closed SteJaySulli closed 4 years ago

SteJaySulli commented 4 years ago

In testing (specifically using PasswordRules::optionallyChangePassword) I entered the password "CorrectHorseBatteryStaple"; the message reads:

The password and password confirmation must be different.

This is confusing for the user, as their password and password confirmation must match - Please consider changing this to something that better represents the actual error, such as "Your password cannot be based on dictionary words".

SteJaySulli commented 4 years ago

I cannot seem to locate where this message is coming from - I have confirmed that this message is coming from the PasswordRules::optionallyChangePassword rule, but it seems to happen no matter what password I provide, even if the password should pass validation.

SteJaySulli commented 4 years ago

I've found the problem, I hadn't enclosed it in an array!