From: Thalia <thalia.e.chan@googlemail.com>
Date: Tue, 17 Sep 2019 19:16:05 +0000 (+0100)
Subject: Improve documentation for the MinimumPasswordLengthToLogin policy
X-Git-Tag: 1.31.4~9
X-Git-Url: http://git.cyclocoop.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=a5ea73070652d807afb780a5bd9c6614b5e5a872

Improve documentation for the MinimumPasswordLengthToLogin policy

Bug: T233119
Change-Id: I2d0fa6f7116b407cbf62ad93da73d0800c9d14f9
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index 0fb0173199..fd4c7af6a3 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4472,7 +4472,8 @@ $wgCentralIdLookupProvider = 'local';
  * Statements:
  *	- MinimalPasswordLength - minimum length a user can set
  *	- MinimumPasswordLengthToLogin - passwords shorter than this will
- *		not be allowed to login, regardless if it is correct.
+ *		not be allowed to login, or offered a chance to reset their password
+ *		as part of the login workflow, regardless if it is correct.
  *	- MaximalPasswordLength - maximum length password a user is allowed
  *		to attempt. Prevents DoS attacks with pbkdf2.
  *	- PasswordCannotMatchUsername - Password cannot match username to
diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index 502f1e024c..cec82c7fbc 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -44,7 +44,9 @@ class PasswordPolicyChecks {
 	}
 
 	/**
-	 * Check password is longer than minimum, fatal
+	 * Check password is longer than minimum, fatal.
+	 * Intended for locking out users with passwords too short to trust, requiring them
+	 * to recover their account by some other means.
 	 * @param int $policyVal minimal length
 	 * @param User $user
 	 * @param string $password