Closed flyer303 closed 2 years ago
sounds reasonable to me, what do you think @richardhj ?
Except for CS, looking good to me. Sounds reasonable.
The sad story is, that we do not track the first user's password when registering in the frontend. For this to fix we can utilize the createNewUser
hook, then save the user password in the log password log table (this is the first occasion where the member ID is available).
userId ist set to null if validation is called from ModuleRegistration This will then throw an exception in
PasswordHistoryModel::findHistory($userEntity, $userId, $historyLength);
-> https://github.com/terminal42/contao-password-validation/blob/master/src/Validation/Validator/PasswordHistory.php#L53So this is my preferred fix option for the case "Validate password on ModuleRegistration events with configured pasword history as validator": Don't write a password history entry with userid null.