Bug: T233119
Change-Id: I2d0fa6f7116b407cbf62ad93da73d0800c9d14f9
* The checks supported by core are:
* - MinimalPasswordLength - Minimum length a user can set.
* - MinimumPasswordLengthToLogin - Passwords shorter than this will
* The checks supported by core are:
* - MinimalPasswordLength - Minimum length a user can set.
* - MinimumPasswordLengthToLogin - Passwords shorter than this will
- * not be allowed to login, regardless if it is correct.
+ * not be allowed to login, or offered a chance to reset their password
+ * as part of the login workflow, regardless if it is correct.
* - MaximalPasswordLength - maximum length password a user is allowed
* to attempt. Prevents DoS attacks with pbkdf2.
* - PasswordCannotMatchUsername - Password cannot match the username.
* - MaximalPasswordLength - maximum length password a user is allowed
* to attempt. Prevents DoS attacks with pbkdf2.
* - PasswordCannotMatchUsername - Password cannot match the username.
/**
* Check password is longer than minimum, fatal.
/**
* Check password is longer than minimum, fatal.
+ * Intended for locking out users with passwords too short to trust, requiring them
+ * to recover their account by some other means.
* @param int $policyVal minimal length
* @param User $user
* @param string $password
* @param int $policyVal minimal length
* @param User $user
* @param string $password