With "Show restrictions on password change page" (on admin/config/people/password_policy page) enabled, the password change forms there are lots of entries that say, for example:

Password must have a minimum of 0 digits in order to place any digits at the start or end of the password.
Password must contain at least 0 punctuation (not whitespace or an alphanumeric) characters.
Password must contain at least 0 lowercase characters.
Password must contain at least 0 digits.
Password must contain at least 0 letters.
Password may only be changed in 0 hours from the last change.
Password must contain at least 0 uppercase characters.

These empty or zero-based constraints should be hidden.

Comments

jim kirkpatrick’s picture

Status: Active » Needs review
StatusFileSize
new620 bytes

I've created a simple patch that hides the empty/zero based constraints as they're added for translation and much shortens the list of things users must read or care about.

Works for me but should be double-checked as it might hide other stuff I'm not aware of.

erikwebb’s picture

In the case of these settings, is the value empty or 0? I always want to avoid general if ($value) statements.

jim kirkpatrick’s picture

Either... No answer (empty on admin screen) or zero should both be ignored, hence the general if statement...

If we only want to ignore 0-based values, then the admin screen variables and creation of a password policy should default those fields to 0 too, rather than empty as now... But that's a separate issue with another patch altogether.

erikwebb’s picture

I've never actually seen these extra messages show up. Can you provide your policy settings? Use SELECT * FROM password_policy\G.

jim kirkpatrick’s picture

As requested, a bit of a mysql dump file for our password_policy:

INSERT INTO `password_policy` VALUES ('1','SOX','','1','a:12:{s:7:"history";s:2:"20";s:15:"digit_placement";s:1:"0";s:12:"alphanumeric";s:1:"1";s:6:"length";s:1:"8";s:11:"punctuation";s:1:"0";s:9:"lowercase";s:1:"0";s:5:"digit";s:1:"0";s:6:"letter";s:1:"0";s:10:"complexity";s:1:"3";s:5:"delay";s:1:"0";s:9:"uppercase";s:1:"0";s:8:"username";s:1:"1";}','1333461593','90','14,7,3,1','0');

Hope that helps...

erikwebb’s picture

Are there any cases where you would _want_ to set a zero value?

jim kirkpatrick’s picture

I personally doubt it as the whole point of the module is to move from the Drupal default of '0 requirements for characters' to something with a specific value to enforce...

jim kirkpatrick’s picture

I see there's a "Show restrictions on password change page" checkbox in the Visibility settings section of the admin/config/people/password_policy page which might be the reason you've never seen them. I've updated the issue text.

erikwebb’s picture

Status: Needs review » Fixed

I changed it a bit to be cleaner to read. Committed nonetheless. Thanks!

http://drupalcode.org/project/password_policy.git/commit/9dcf3cb

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

Anonymous’s picture

Issue summary: View changes

added information that Show restrictions on password change page. must be checked.