Password rules are not used during registration process (feature request)

[markusmilkereit]

I installed and set up the extension, and everything regarding passwords works magically in the backend. What I could not see, but it would be a major component for my: validating the password during registration.

If I did something wrong please point me in the right direction :)

[aschempp]

maybe @richardhj can point this out? Not sure if that's even supported (yet)?

[richardhj]

Hm, we are using the addCustomRegexp hook and the ModuleRegistration.php triggers the rgxp check (on $objWidget->validate()), so it is supposed to work.

[markusmilkereit]

In PasswordRegexpListener::addCustomRegexp you're jumping out if there is no DC table set - which it's not during registration, there is no table attached yet (only after successful registration, when a member was created).

So I just did a quick hack to enable the regex during registration in lines 56ff:

} else {
       // return true;
      $userId = 0;
      $userEntity = FrontendUser::class;
}

And you should update the documentation, or the error messages will be very confusing - contao checks it's own min_length rule first, so usually it's a different number (and a misleading error message then):

contao:
    localconfig:
        minPasswordLength: <set same length as>

terminal42_password_validation:
    Contao\FrontendUser:
        min_length: 10

With those changes it works really nicely also for the registration process.

[richardhj]

So the fix is as easy as: https://github.com/terminal42/contao-password-validation/blob/8d6345ac6e2a7669cd177913cf280984e1703545/src/EventListener/PasswordRegexpListener.php#L60

- } elseif ('FE' === TL_MODE && FE_USER_LOGGED_IN) {
+ } elseif ('FE' === TL_MODE) {

❓

[markusmilkereit]

No, because $dc is set, just without a table name. And no ID (yet). That's why I went into the else condition in the first part of the code.