diff --git a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php index 9bc32b7..3a093b7 100644 --- a/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php +++ b/core/lib/Drupal/Core/Render/Element/PasswordConfirm.php @@ -77,9 +77,17 @@ public static function processPasswordConfirm(&$element, FormStateInterface $for public static function validatePasswordConfirm(&$element, FormStateInterface $form_state, &$complete_form) { $pass1 = trim($element['pass1']['#value']); $pass2 = trim($element['pass2']['#value']); + $minimum_password_length = \Drupal::config('user.settings')->get('minimum_password_length'); if (!empty($pass1) || !empty($pass2)) { + // Check that the password is long enough. + if (strlen($pass1) < $minimum_password_length) { + $form_state->setError($element, t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length))); + drupal_set_message(t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length)), 'error'); + } + // Check that the passwords match. if (strcmp($pass1, $pass2)) { $form_state->setError($element, t('The specified passwords do not match.')); + drupal_set_message(t('The specified passwords do not match.'), 'error'); } } elseif ($element['#required'] && $form_state->getUserInput()) { diff --git a/core/modules/user/config/install/user.settings.yml b/core/modules/user/config/install/user.settings.yml index bf3d5bc..12f9956 100644 --- a/core/modules/user/config/install/user.settings.yml +++ b/core/modules/user/config/install/user.settings.yml @@ -1,6 +1,7 @@ admin_role: '' anonymous: Anonymous verify_mail: true +minimum_password_length: 6 notify: cancel_confirm: true password_reset: true diff --git a/core/modules/user/config/schema/user.schema.yml b/core/modules/user/config/schema/user.schema.yml index 772deea..69fe021 100644 --- a/core/modules/user/config/schema/user.schema.yml +++ b/core/modules/user/config/schema/user.schema.yml @@ -13,6 +13,9 @@ user.settings: verify_mail: type: boolean label: 'Require email verification when a visitor creates an account' + minimum_password_length: + type: integer + label: 'The minimum password length required for registration.' notify: type: mapping label: 'Notify user' diff --git a/core/modules/user/src/AccountSettingsForm.php b/core/modules/user/src/AccountSettingsForm.php index bce6a60..d00b3a9 100644 --- a/core/modules/user/src/AccountSettingsForm.php +++ b/core/modules/user/src/AccountSettingsForm.php @@ -145,6 +145,13 @@ public function buildForm(array $form, FormStateInterface $form_state) { '#default_value' => $config->get('cancel_method'), '#description' => $this->t('Users with the %select-cancel-method or %administer-users permissions can override this default method.', array('%select-cancel-method' => $this->t('Select method for cancelling account'), '%administer-users' => $this->t('Administer users'), '@permissions-url' => $this->url('user.admin_permissions'))), ); + $form['registration_cancellation']['minimum_password_length'] = array( + '#type' => 'number', + '#title' => $this->t('Minimum password length'), + '#default_value' => $config->get('minimum_password_length'), + '#description' => $this->t("The minimum password length required for registration."), + '#min' => '1', + ); $form['registration_cancellation']['user_cancel_method'] += user_cancel_methods(); foreach (Element::children($form['registration_cancellation']['user_cancel_method']) as $key) { // All account cancellation methods that specify #access cannot be @@ -418,6 +425,7 @@ public function submitForm(array &$form, FormStateInterface $form_state) { ->set('anonymous', $form_state->getValue('anonymous')) ->set('admin_role', $form_state->getValue('user_admin_role')) ->set('register', $form_state->getValue('user_register')) + ->set('minimum_password_length', $form_state->getValue('minimum_password_length')) ->set('password_strength', $form_state->getValue('user_password_strength')) ->set('verify_mail', $form_state->getValue('user_email_verification')) ->set('signatures', $form_state->getValue('user_signatures')) diff --git a/core/modules/user/src/Tests/UserEditTest.php b/core/modules/user/src/Tests/UserEditTest.php index 308fad9..3a05274 100644 --- a/core/modules/user/src/Tests/UserEditTest.php +++ b/core/modules/user/src/Tests/UserEditTest.php @@ -42,6 +42,13 @@ function testUserEdit() { $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); $this->assertText(t("The specified passwords do not match."), 'Typing mismatched passwords displays an error message.'); + // Check that entering to few characters does not validate. + $minimum_password_length = \Drupal::config('user.settings')->get('minimum_password_length'); + $edit['pass[pass1]'] = $this->randomString($minimum_password_length - 1); + $edit['pass[pass2]'] = ''; + $this->drupalPostForm("user/" . $user1->id() . "/edit", $edit, t('Save')); + $this->assertText(t('Password must be at least @minimum_password_length characters long.', array('@minimum_password_length' => $minimum_password_length)), 'Typing a password less than the minimum length displays an error.'); + // Test that the error message appears when attempting to change the mail or // pass without the current password. $edit = array(); diff --git a/core/modules/user/user.js b/core/modules/user/user.js index 51fb591..ac4464f 100644 --- a/core/modules/user/user.js +++ b/core/modules/user/user.js @@ -101,10 +101,11 @@ var usernameBox = $('input.username'); var username = (usernameBox.length > 0) ? usernameBox.val() : translate.username; - // Lose 5 points for every character less than 6, plus a 30 point penalty. - if (password.length < 6) { + // Lose 5 points for every character less than translate.numCharacters + // plus a 30 point penalty. + if (password.length < translate.minPasswordLength) { msg.push(translate.tooShort); - strength -= ((6 - password.length) * 5) + 30; + strength -= ((translate.minPasswordLength - password.length) * 5) + 30; } // Count weaknesses. diff --git a/core/modules/user/user.module b/core/modules/user/user.module index a251fd7..be39860 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -1324,10 +1324,11 @@ function user_form_process_password_confirm($element) { if (\Drupal::config('user.settings')->get('password_strength')) { $password_settings['showStrengthIndicator'] = TRUE; + $password_settings['minPasswordLength'] = \Drupal::config('user.settings')->get('minimum_password_length'); $password_settings += array( 'strengthTitle' => t('Password strength:'), 'hasWeaknesses' => t('To make your password stronger:'), - 'tooShort' => t('Make it at least 6 characters'), + 'tooShort' => t('Make it at least @minimum_password_length characters', array('@minimum_password_length' => \Drupal::config('user.settings')->get('minimum_password_length'))), 'addLowerCase' => t('Add lowercase letters'), 'addUpperCase' => t('Add uppercase letters'), 'addNumbers' => t('Add numbers'),