"password_generated_length" & "password_min_length" not working

[syberknight]

xpost @ https://forums.modx.com/thread/100064/forgot-password-length-too-small#dis-post-541129

i've discovered (after getting all the complaints & having to fix manually all the people who's having this problem) that the "Forgot Password" option auto-generates an 8 character password. but it never works to sign-in with because i have all my validation set to 10 characters.

i would prefer not to have to drop my password registration/login validation to 8 characters, but if there's no solution, i realize i'll have to.

so i went hunting first & found in the System Settings > Core listing a couple parameters that seem to me should fix this to my preference... but they aren't working. they are... Password Auto-Generated Length "password_generated_length" which defaults to "8" (https://rtfm.modx.com/revolution/2.x/administering-your-site/settings/system-settings/password_generated_length) Minimum Password Length "password_min_length" which also defaults to "8" (https://rtfm.modx.com/revolution/2.x/administering-your-site/settings/system-settings/password_min_length)

so i changed them to 11 & 10 respectively. but the forgot password emails STILL are only sending 8 character passwords.

am i missing something? thanks!!!

fyi: using Revolution 2.4.3-pl & the Login extra 1.9.2-pl.

[syberknight]

anybody? nobody?

[Mark-H]

• Manager password resets: Looks like a potential bug in manager/controllers/default/security/login.class.php. Line 226 generates the new password through modUser->generatePassword which accepts a $length parameter, but that isn't passed. The default password length in that case would be 10 though, not 8.
• Login package password resets: components/login/controllers/web/ForgotPassword.php calls generatePassword without parameters, which has a standard length of 8. Does not check the proper setting at all. Sounds like a bug to report at https://github.com/modxcms/Login/issues

[syberknight]

thanks Mark-H. fyi, sottwell & BobRay came up with a workaround for now @ https://forums.modx.com/thread/100064/forgot-password-length-too-small#dis-post-541202

[alroniks]

Issue fixed in a general but there are also some new issues opened with more detailed cases according to respecting system settings values. Closing it now. Feel free to reopen if needed.