Check for minimum password length upon self registration. #2459
Conversation
nickygerritsen
force-pushed
the
self-register-password-length
branch
from
ffe29b6
to
3cc0a54
Compare
| if ($user->getName() === null) { | ||
| $user->setName($user->getUsername()); | ||
| } | ||
| if (strlen($plainPass) < UserController::MIN_PASSWORD_LENGTH) { |
There was a problem hiding this comment.
Wouldn't it make more sense to store this constant here in the security controller, or possibly in some other global place?
There was a problem hiding this comment.
Do you have a good suggestion? Since we also use it in the jury controller.
There was a problem hiding this comment.
Maybe in webapp/config/static.yaml.in? Not sure whether we should also make it configurable from configure or so...
There was a problem hiding this comment.
I do like that idea, but then maybe we do that in a separate issue / PR?
There was a problem hiding this comment.
We had this in the past and had some discussions in #maintainer about it (if I remember correctly).
nickygerritsen
force-pushed
the
self-register-password-length
branch
from
3cc0a54
to
0f88011
Compare
|
Probably we need to tell the user what length we expect when we present the form? Not reject it after submission with a surprise limit that was never communicated before? |
Fixes #2458.