#8066 closed enhancement (fixed)
Missing password validation at password change
Reported by: | devnik | Owned by: | imath |
---|---|---|---|
Milestone: | 7.0.0 | Priority: | high |
Severity: | normal | Version: | 4.1.0 |
Component: | Members | Keywords: | has-patch |
Cc: |
Description
Hi,
I am looking for a way to validate my password before changing my profile.
I have already created a forum post. If there is no possibility, I can imagine that a hook before saving the changes would be helpful.
Best regards
devnik
Attachments (4)
Change History (17)
#2
@
5 years ago
Hi @imath and @devnik – I found this looking for a way to do server side validation requiring a strong password on the member settings page. Ie if the password is not strong, it throws an error and does not save.
Attached is a diff showing where the filters would be useful to me.
#3
@
5 years ago
- Milestone changed from Awaiting Review to 6.0.0
Hi @tharsheblows
Interesting. Thanks a lot for your patch I'm going to look into it more deeply asap.
#4
@
5 years ago
Thank you! Basically anything that replicated the functionality of the validate_password_reset
filter would work :) https://core.trac.wordpress.org/changeset/21923
#5
@
5 years ago
Hi @tharsheblows
I think we can use only one filter. Could you try to filter bp_members_validate_user_password
with 8066.2.patch applied and add a new error message to the WP_Error object you get from the filter to see if it matches your need.
8066.2.patch is also taking the registering process in account.
#6
@
5 years ago
- Milestone changed from 6.0.0 to Up Next
- Type changed from feature request to enhancement
We're going to be too short for 6.0.0. If @tharsheblows can confirm the patch is fine before before 6.0.0-beta1, I'm fine with moving back this ticket in 6.0.0 milestone. For now, I'm moving it to next milestone.
#7
@
5 years ago
@imath Thanks. It needs the user object (if it's available) for context, eg if you wanted to enforce strong passwords for moderators and roles with more capabilities but not members.
I messed up the naming of the patch, sorry, my head's all over the place.
#10
@
4 years ago
- Keywords needs-refresh added; reporter-feedback removed
I'm going to work on this to make it available in 7.0.0, but I believe the patch needs a refresh.
#11
@
4 years ago
- Keywords has-patch added; needs-refresh removed
8066.3.patch is a refreshed version of the patch. I also added a new unit test to test the filter so that it checks password has at least 4 characters.
Hi @devnik
I’m not sure to fully understand the need. When changing the password a regular member needs to give his current password before changing it. You want to add another validation like a confirmation link included into an email sent to a member is that it ?
Could you add a link to the forum you posted ?