diff --git a/core/includes/form.inc b/core/includes/form.inc index 42206a4..5de3102 100644 --- a/core/includes/form.inc +++ b/core/includes/form.inc @@ -1213,9 +1213,19 @@ function form_process_password_confirm($element) { function password_confirm_validate($element, &$element_state) { $pass1 = trim($element['pass1']['#value']); $pass2 = trim($element['pass2']['#value']); + $minimum_password_length = \Drupal::config('user.settings')->get('minimum_password_length'); + + // Error message workaround because of: https://drupal.org/node/549020 if (!empty($pass1) || !empty($pass2)) { + // Check that the password is long enough. + if (strlen($pass1) < $minimum_password_length) { + \Drupal::formBuilder()->setError($element, $element_state, t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length))); + drupal_set_message(t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length)), 'error'); + } + // Check that the passwords match. if (strcmp($pass1, $pass2)) { form_error($element, $element_state, t('The specified passwords do not match.')); + drupal_set_message(t('The specified passwords do not match.'), 'error'); } } elseif ($element['#required'] && !empty($element_state['input'])) { diff --git a/core/modules/user/config/install/user.settings.yml b/core/modules/user/config/install/user.settings.yml index fbb0d98..9a0dc24 100644 --- a/core/modules/user/config/install/user.settings.yml +++ b/core/modules/user/config/install/user.settings.yml @@ -1,6 +1,7 @@ admin_role: '' anonymous: Anonymous verify_mail: true +minimum_password_length: 6 notify: cancel_confirm: true password_reset: true diff --git a/core/modules/user/config/schema/user.schema.yml b/core/modules/user/config/schema/user.schema.yml index 7f61921..36ef6cc 100644 --- a/core/modules/user/config/schema/user.schema.yml +++ b/core/modules/user/config/schema/user.schema.yml @@ -13,6 +13,9 @@ user.settings: verify_mail: type: boolean label: 'Require e-mail verification when a visitor creates an account.' + minimum_password_length: + type: integer + label: 'The minimum password length required for registration.' notify: type: mapping label: 'Notify user' diff --git a/core/modules/user/lib/Drupal/user/AccountSettingsForm.php b/core/modules/user/lib/Drupal/user/AccountSettingsForm.php index e29bc26..679173b 100644 --- a/core/modules/user/lib/Drupal/user/AccountSettingsForm.php +++ b/core/modules/user/lib/Drupal/user/AccountSettingsForm.php @@ -141,6 +141,13 @@ public function buildForm(array $form, array &$form_state) { '#default_value' => $config->get('cancel_method'), '#description' => $this->t('Users with the %select-cancel-method or %administer-users permissions can override this default method.', array('%select-cancel-method' => $this->t('Select method for cancelling account'), '%administer-users' => $this->t('Administer users'), '@permissions-url' => url('admin/people/permissions'))), ); + $form['registration_cancellation']['minimum_password_length'] = array( + '#type' => 'number', + '#title' => $this->t('Minimum password length'), + '#default_value' => $config->get('minimum_password_length'), + '#description' => $this->t("The minimum password length required for registration."), + '#min' => '1', + ); $form['registration_cancellation']['user_cancel_method'] += user_cancel_methods(); foreach (Element::children($form['registration_cancellation']['user_cancel_method']) as $key) { // All account cancellation methods that specify #access cannot be @@ -414,6 +421,7 @@ public function submitForm(array &$form, array &$form_state) { ->set('anonymous', $form_state['values']['anonymous']) ->set('admin_role', $form_state['values']['user_admin_role']) ->set('register', $form_state['values']['user_register']) + ->set('minimum_password_length', $form_state['values']['minimum_password_length']) ->set('password_strength', $form_state['values']['user_password_strength']) ->set('verify_mail', $form_state['values']['user_email_verification']) ->set('signatures', $form_state['values']['user_signatures']) diff --git a/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php b/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php index 105fdea..fadf525 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php @@ -48,6 +48,13 @@ function testUserEdit() { $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); $this->assertText(t("The specified passwords do not match."), 'Typing mismatched passwords displays an error message.'); + // Check that entering to few characters does not validate. + $minimum_password_length = \Drupal::config('user.settings')->get('minimum_password_length'); + $edit['pass[pass1]'] = $this->randomString($minimum_password_length - 1); + $edit['pass[pass2]'] = ''; + $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); + $this->assertText(t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length)), 'Typing a password less than the minimum length displays an error.'); + // Test that the error message appears when attempting to change the mail or // pass without the current password. $edit = array(); diff --git a/core/modules/user/user.js b/core/modules/user/user.js index 1748a2c..a03282c 100644 --- a/core/modules/user/user.js +++ b/core/modules/user/user.js @@ -99,10 +99,10 @@ var usernameBox = $('input.username'); var username = (usernameBox.length > 0) ? usernameBox.val() : translate.username; - // Lose 5 points for every character less than 6, plus a 30 point penalty. - if (password.length < 6) { + // Lose 5 points for every character less than translate.numCharacters, plus a 30 point penalty. + if (password.length < translate.minPasswordLength) { msg.push(translate.tooShort); - strength -= ((6 - password.length) * 5) + 30; + strength -= ((translate.minPasswordLength - password.length) * 5) + 30; } // Count weaknesses. diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 955f644..1e11bad 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -1504,10 +1504,11 @@ function user_form_process_password_confirm($element) { if (\Drupal::config('user.settings')->get('password_strength')) { $password_settings['showStrengthIndicator'] = TRUE; + $password_settings['minPasswordLength'] = \Drupal::config('user.settings')->get('minimum_password_length'); $password_settings += array( 'strengthTitle' => t('Password strength:'), 'hasWeaknesses' => t('To make your password stronger:'), - 'tooShort' => t('Make it at least 6 characters'), + 'tooShort' => t('Make it at least @minimum_password_length characters', array('@minimum_password_length' => \Drupal::config('user.settings')->get('minimum_password_length'))), 'addLowerCase' => t('Add lowercase letters'), 'addUpperCase' => t('Add uppercase letters'), 'addNumbers' => t('Add numbers'),