mahara-contributors team mailing list archive

[Aaron Wells <1541171@xxxxxxxxxxxxxxxxxx>]

Hi Kristina,

I wasn't able to replicate this issue. When I tried to create a three-
letter password, either on my own account settings page, or in the
"Administration -> Users -> Add user" page, I got an error message
telling me my password must be at least six characters long.

And looking at the "is_password_valid()" method in
htdocs/auth/internal.php, I see that the current limitation on passwords
seems to be this regular expression:

/^[a-zA-Z0-9 ~!@#\$%\^&\*\(\)_\-=\+\,\.<>\/\?;:"\[\]\{\}\\|`\']{6,}$/

In other words at least 6 characters, with the allowed list of
characters being basically everything on a QWERTY keyboard. And there
doesn't seem to be any upper limit. (I set my password to something that
was 168 characters long, with no problem.)

Can you clarify if there's a screen I'm missing or something?

Cheers,
Aaron

** Changed in: mahara
       Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1541171

Title:
  Increase password length minimum requirement

Status in Mahara:
  Incomplete

Bug description:
  You can set a password that is only 3 characters long on your account
  settings page. When you set up your first password though you are
  already asked for a longer one.

  We agreed in the 50th developer meeting http://meetbot.mahara.org
  /mahara-dev/2016/mahara-dev.2016-02-02-07.34.log.html#l-243 to
  increase the minimum length and also increase the maximum length.

  Minimum length: 6 characters
  Maximum length: 255 characters

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1541171/+subscriptions