When creating a policy and checking the " Password must not contain their username." box the setting does not get saved.

CommentFileSizeAuthor
#12 password_policy-username-constraint-setting-not-getting-saved-2268581-12.patch1.6 KBaohrvetpv
#8 password_policy-username-constraint-setting-not-getting-saved-2268581-8.patch1.61 KBaohrvetpv
#3 password_policy-username-constraint-setting-not-getting-saved-2268581-3.patch925 bytesjrglasgow
#1 password_policy-username-constraint-setting-not-getting-saved-2268581-1.patch1.45 KBjrglasgow

Comments

jrglasgow’s picture

jrglasgow commented
Status: Active » Needs review
StatusFileSize
new password_policy-username-constraint-setting-not-getting-saved-2268581-1.patch1.45 KB

It appears to me that the username constraint plugin is malformed so it doesn't know which field to save.

This patch worked for me.

Status: Needs review » Needs work

The last submitted patch, 1: password_policy-username-constraint-setting-not-getting-saved-2268581-1.patch, failed testing.

jrglasgow’s picture

jrglasgow commented
StatusFileSize
new password_policy-username-constraint-setting-not-getting-saved-2268581-3.patch925 bytes

updated the patch to put back a few things that were accidentally omitted

jrglasgow’s picture

jrglasgow commented
Status: Needs work » Needs review
aohrvetpv’s picture

aohrvetpv commented
Status: Needs review » Reviewed & tested by the community

Reviewed and looks good. Username constraint checkbox value was not getting saved because PasswordPolicyItem::admin_form_submit() expects the form element machine name ('username') to match the constraint config ID (was 'enabled', now 'username').

Applied patch and confirmed username constraint working.

Two additional comments:
1. Perhaps there should be SimpleTest functional tests that test enabling constraints as a user would do.
2. 'prime value' seems like an ambiguous name. Not clear to me what its purpose is. Best I can tell it is a machine name for the constraint, which allows a different name from the base filename of the constraint. Perhaps 'item name' or 'name' or something would be clearer? Or an explanatory comment?

erikwebb’s picture

erikwebb commented

@AohRveTPV - Since we are changing the name of the config ID, do we need an update function to change the values of existing policies?

aohrvetpv’s picture

aohrvetpv commented

If I understand your question correctly: There might be an unused 'enabled' element left in $config after applying this patch if the user had previously attempted to enable the username constraint. If so, it would probably be best to have an update function that removes that unused element. I will try to check.

aohrvetpv’s picture

aohrvetpv commented
Status: Reviewed & tested by the community » Needs review
StatusFileSize
new password_policy-username-constraint-setting-not-getting-saved-2268581-8.patch1.61 KB

Here's a patch that adds update code. I dislike the code though because I think it is operating at the wrong level of abstraction. I think a PasswordPolicy object ought to have a save method, abstracting away the details of how it gets saved. Code like the following would seem more elegant:

  $policies = PasswordPolicy::all_policies();
  foreach ($policies as $policy) {
    unset($policy->config['username']['enabled']);
    $policy->save();
  }

Maybe there is already a way to do it like that, skipping the direct ctools calls, and I am not aware.

erikwebb’s picture

erikwebb commented

@AohRveTPV - I agree. Let's fix this issue and open a new one to refactor that method.

aohrvetpv’s picture

aohrvetpv commented

Sounds good. Patch in #8 adding update code is ready for review and/or commit.

aohrvetpv’s picture

aohrvetpv commented

Found a minor coding standards problem in patch. Will post new one soon.

aohrvetpv’s picture

aohrvetpv commented
StatusFileSize
new password_policy-username-constraint-setting-not-getting-saved-2268581-12.patch1.6 KB

Changed update function comment to the imperative per documentation standards.

deekayen’s picture

deekayen commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.