Removes client-side password checks and fixes a PHP warning on account save. See SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords for more details.
- Removed client-side password history checks. See SA-CONTRIB-2012-159 - Password policy - Information leakage of hashed passwords for more details.
- Add constraint includes to each test case.
- #1800280: Notice when $account->roles is not set
- #1666054: Stricter username constraint
- #1226418: The username constraint is always tested, despite the corresponding option is enabled or not
- #1424324: Make password redirect URL overridable
- #491158: Integrate with Password Change module
- #1332000: Feature to exclude pages from force password change
- #958794: Add a short description above policies for user
Password tab is finally ported to Drupal 7!
Also, the API used for constraints has changed. Please see this change record for more information - Password policy constraints now use submitted user account rather than database to check for password compliance.
New features -
API changes -
- #1226434: The username constraint compare the submited password with the login in database and not with the login in form
Bug fixes -
- #1711518: Users with expired passwords that get blocked by cron, when unblocked by admin, get reblocked on login
- #1479478: Force change checkbox should only display on the account tab
- #1699362: Password requirements item list CSS class
- #1694768: watchdog message category inconsistent
- #1612568: Redirect after password change
- #1601048: PHP notice on user account form
The username constraint now checks for the username anywhere in the password, rather than the exact password. This should probably have been the behavior all along and won't directly affect existing passwords.
Changes since 7.x-1.0:
Full CTools-based rewrite of Password Policy for D7.
It's about time for an official D7 release!
Changes since 7.x-1.0-rc3 -
#1515596: Password Policy throwing Notice: Undefined property: stdClass::$name on Features Recreate page by shadybar
#1251756: True unicode support
#1410172: Implementation of hook_user_login() was not ported
#1482378: Force Password Change checkbox doesn't work for users create while module is disabled
#1504958: Password Tab passing string instead of array to drupal_goto()
#1537526: Wrong description of password policies constraint (length)
#1551236: follow ux guidelines on an empty table by greggles
#1514906: Don't show users empty or 0-based constraints by Jim Kirkpatrick
#1403338: Password Policy text displaying in forms without password field
#1479514: Change password url should be more specific (user/edit/account) by rooby
#1468172: "Delay" constraint combined with "Force password change on next login" can result in a temporary catch-22 for the user by Matt V.
#1467184: Fatal error: Call to a member function condition() on a non-object in /.../password_policy/constraints/constraint_delay.inc
#1406342: Password strength message can't be translated
In an effort to get a final version out, Password Policy will be feature-frozen for the time being as the few remaining bugs are resolved.
#1315696: constraint_delay.inc still uses D6 database functions
#1252666: hook_user uses outdated D6 ops - move 'register' and 'form' ops to form_alter's
#1396388: Unable to block a user a second time
#1334202: Unable to delete policy
#1215328: Error when going to list before creating a password policy
#1211080: Force users to change password does not work
#1365450: Notice: Undefined property: stdClass::$force_password_change in password_policy_user_update()
This release fixes multiple security vulnerabilities, all users of Password Policy 7.x-1.0-beta2 or lower, or any 7.x-1.x-dev snapshot from before 2012-01-12 are urged to upgrade.
This release fixes multiple security vulnerabilities, all users of Password Policy 6.x-1.3 or lower, or any 6.x-1.x-dev snapshot from before 2012-01-12 are urged to upgrade.
#927886: Password Policy module not forcing force password change
#1174748: Erroneous "Failed" messages on updates 6003, 6004, 6005, and 6006
#1361392: Prevent empty page when no constraints are selected
#900822 by willesabrook: Password rules not taken into effect on create new account
#1133216 by dakku, subson: Fix PHP 5.3 incompatibility
#1189756 by dppeak, draenen: Update broken links after password_tab URL changes
#1131262 by dppeak, iva2k: Fix load arguments for by adding new category to user object
Nightly snapshot releases.
Issue #1283776: Wrong comment: "Implements hook_perm()." by kenorb: Wrong comment: "Implements hook_perm()."
Issue #1174318: SQL warning by hbergin: Fix ambiguous field in roles join
Straight upgrade from 6.x-1.x by ericwebb.
#786202: "Failed" message on Update #6002
#825664: German translation
#793598: duplicate account activation emails are sent when account activated by admin
#854144: Fix Engrish description of digit placement constraint
#992724: Constants are defined with variable_get
#1095146: Conflicts with email_registration module
#985758: Convert password_policy to use ctools exportables
#992866: password_policy_password_tab: Re-implementing core user_pass_reset() is not required and seems unsafe.
Followup to spelling error in patch for #760016: Patterns are loaded on every page request