Problem/Motivation

It would be useful to allow altering covered form ids to make possible to process custom forms or ones provided by other module with Password policies.

Proposed resolution

To alter covered form ids as it was proposed in comment https://www.drupal.org/node/2362023#comment-9992235.

CommentFileSizeAuthor
#23 password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-23.patch7.02 KBaohrvetpv
#22 interdiff-2562481-19-22.txt407 bytesaohrvetpv
#22 password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-22.patch6.82 KBaohrvetpv
#19 password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-19.patch6.28 KBaohrvetpv
#15 password_policy-custom_forms_with_fieldsets-2562481-15.patch4.97 KBdeivamagalhaes
#14 password_policy-custom_forms_with_fieldsets-2562481-14.patch4.51 KBdeivamagalhaes
#13 password_policy-custom_forms_with_fieldsets-2562481-13.patch4.49 KBdeivamagalhaes
#12 password_policy-custom_forms_with_fieldsets-2562481-12.patch4.25 KBdeivamagalhaes
#4 password_policy-allowing_to_alter_covered_form_ids-2562481-4.patch1.34 KBoleksiy
#2 password_policy-allowing_to_alter_covered_form_ids-2562481-2.patch448 bytesoleksiy
#2 password_policy-allowing_to_alter_covered_form_ids-2562481-2-do-not-test.patch680 bytesoleksiy

Comments

Oleksiy created an issue. See original summary.

oleksiy’s picture

oleksiy
Primary language Ukrainian
Location Lutsk 🇺🇦
commented
Assigned: oleksiy » Unassigned
Status: Active » Needs review
StatusFileSize
new password_policy-allowing_to_alter_covered_form_ids-2562481-2-do-not-test.patch680 bytes
new password_policy-allowing_to_alter_covered_form_ids-2562481-2.patch448 bytes

do-not-test patch is for 7.x-2.0-alpha5.

aohrvetpv’s picture

aohrvetpv commented

If it is possible to detect account password elements on a form, and call password_policy_password_element_alter() for them, I think that would be preferable to adding a hook. This solution requires other modules to know about Password Policy (i.e., add Password Policy integration code). Ideally, Password Policy would not need to know about other modules, and other modules wouldn't need to know about Password Policy.

oleksiy’s picture

oleksiy
Primary language Ukrainian
Location Lutsk 🇺🇦
commented
StatusFileSize
new password_policy-allowing_to_alter_covered_form_ids-2562481-4.patch1.34 KB

Then we can totally remove a check for form_id and to check only if password_confirm form element exists in the form. Then Password Policy module can apply its rules for forms provided by other modules if they have the same form element. Also it will be useful in case we have replaced default user register\profile\password recovery pages.

andypost’s picture

andypost
he/him
Primary language Russian
commented

Looks nice, except why the altering removed in last patch?

oleksiy’s picture

oleksiy
Primary language Ukrainian
Location Lutsk 🇺🇦
commented

Alter was in _password_policy_is_covered_form() function which was removed in the last patch.

tessa bakker’s picture

tessa bakker
she/they
Primary language Dutch
commented
Status: Needs review » Reviewed & tested by the community

Patch #4 works nice on custom forms.

Much cleaner and more reliable, there isn't any need for an alter now.

aohrvetpv’s picture

aohrvetpv commented
Title: Allowing to alter covered form ids » Apply password policies to account password elements on custom forms

  • AohRveTPV committed 9f69062 on 7.x-2.x authored by Oleksiy 
    Issue #2562481 by Oleksiy: Apply password policies to account password...
aohrvetpv’s picture

aohrvetpv commented
Version: 7.x-2.x-dev » 7.x-1.x-dev
Status: Reviewed & tested by the community » Postponed

7.x-1.x hardcodes form IDs but I think it would be better not to make this change in that branch until it has been tested for a while through use.

andypost’s picture

andypost
he/him
Primary language Russian
commented
Status: Postponed » Patch (to be ported)
Issue tags: +needs forward port to Drupal 8
deivamagalhaes’s picture

deivamagalhaes commented
StatusFileSize
new password_policy-custom_forms_with_fieldsets-2562481-12.patch4.25 KB

Hello, first of all, thank you for the patch.
I am using it on top of 7.x-1.x-dev and I had to make some changes in order to use password policies in a custom form with fieldsets. Basically, what I am doing is getting the password elements from the form based only on their type, regardless of their name or their position on the form structure (inside a fieldset or not). Feel free to contact me if you have any questions about my changes.

deivamagalhaes’s picture

deivamagalhaes commented
StatusFileSize
new password_policy-custom_forms_with_fieldsets-2562481-13.patch4.49 KB

New version fixing some details to get even more custom forms.

deivamagalhaes’s picture

deivamagalhaes commented
StatusFileSize
new password_policy-custom_forms_with_fieldsets-2562481-14.patch4.51 KB

New version if the custom form uses container instead of fieldset.

deivamagalhaes’s picture

deivamagalhaes commented
StatusFileSize
new password_policy-custom_forms_with_fieldsets-2562481-15.patch4.97 KB

I have found another scenario that requires adjustments. When you are using a custom registration form, the policy is not loaded correctly, because the code is only checking for the specific form_id user_register_form. I've adjusted to check for the anonymous role. If the user is not logged in, he is trying to register (it is a registration form).

Please find attached the new patch containing this change.

oleksiy’s picture

oleksiy
Primary language Ukrainian
Location Lutsk 🇺🇦
commented

Thanks for the patches. Looks good. But, may be, we can alter "password_confirm" element directly without need to look for the element in the form. hook_element_info_alter() should help to add a new "#process" or "#after_build" function where we can add Password Policy related data. What do you think?

andypost’s picture

andypost
he/him
Primary language Russian
commented

@Oleksiy Nice idea +1

aohrvetpv’s picture

aohrvetpv commented

Took a quick look at #15. It seems like it finds all elements of type 'password_confirm'? Problem is a 'password_confirm' is not necessarily used for an account password. It's just a Form API control type that you can use for any sort of password requiring confirmation. That is, not all 'password_confirm' elements are necessarily for account passwords. Please correct me if wrong.

Commit in #9 ensures they are account password elements by requiring the presence of the 'account' array key.

aohrvetpv’s picture

aohrvetpv commented
StatusFileSize
new password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-19.patch6.28 KB

Ported #4 to 7.x-1.x.

This should apply password policies to account password elements on custom forms.

aohrvetpv’s picture

aohrvetpv commented
Status: Patch (to be ported) » Needs review

Status: Needs review » Needs work

The last submitted patch, 19: password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-19.patch, failed testing.

aohrvetpv’s picture

aohrvetpv commented
Status: Needs work » Needs review
StatusFileSize
new password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-22.patch6.82 KB
new interdiff-2562481-19-22.txt407 bytes

Fixed Password Change Tab submodule to work with changes from #19.

aohrvetpv’s picture

aohrvetpv commented
StatusFileSize
new password_policy-7.x-1.x-apply_policies_to_account_password_elements_on_custom_forms-2562481-23.patch7.02 KB

Moved function to different section of file for consistency.

  • AohRveTPV committed b70f9b1 on 7.x-1.x 
    Issue #2562481 by AohRveTPV, Oleksiy: Apply password policies to account...
aohrvetpv’s picture

aohrvetpv commented
Version: 7.x-1.x-dev » 8.x-3.x-dev
Status: Needs review » Active

Now implemented in 7.x-1.x and 7.x-2.x.

dakku’s picture

dakku commented

++ D8
cross ref: https://www.drupal.org/project/password_policy/issues/2924009

kristen pol’s picture

kristen pol
she/her
Primary language English
Location Santa Cruz, CA, USA
commented
Version: 8.x-3.x-dev » 7.x-2.x-dev
Status: Active » Fixed
Issue tags: -needs forward port to Drupal 8

Thanks everyone for their work on this issue.

Given #2924009: Apply password policies to password elements on custom forms is working on the D8+ version, closing this as fixed for Drupal 7.

kristen pol’s picture

kristen pol
she/her
Primary language English
Location Santa Cruz, CA, USA
commented
Status: Fixed » Closed (fixed)

And closing.