Defining a password policy

[joeholdcroft]

It'd be super to have some way for the installation to define a password policy.

[joeholdcroft]

This could use the validation component perhaps...

or, it could just be a regex in the config file. The only trouble with this is that the feedback would be kinda dumb, it would just have to say "your password doesn't adhere to the password policy" or something. Unless we made the message configurable?

In the config file:

password:
  policy: 
    regex: '/(.*){2,8}/'
    description: 'Between 2 and 8 characters long'

Discuss!

[lsjroberts]

To have easier feedback we could instead define rules that can be turned on / off or passed options. Rules could include requireUppercase, requireLowercase, requireSpecialChar, minLength, maxLength etc.

[irisSchaffer]

@lsjroberts some of these rules already exist, we just need a way to set these validations for a certain object or form (-field) ONCE instead of setting them every time we use a field...

Some kind of configuration file would probably work in this case but we should also think about how to generally improve the validation-component and maybe add validation-rules for objects/members in these objects... I am thinking about something like

password:
    minLength: 2
    maxLength: 8