*/
$wgMinimalPasswordLength = 1;
+/**
+ * Specifies if users should be sent to a password-reset form on login, if their
+ * password doesn't meet the requirements of User::isValidPassword().
+ * @since 1.23
+ */
+$wgInvalidPasswordReset = true;
+
/**
* Whether to allow password resets ("enter some identifying data, and we'll send an email
* with a temporary password you can use to get back into the account") identified by
global $wgAuth, $wgLegacyEncoding;
$this->load();
- // Even though we stop people from creating passwords that
- // are shorter than this, doesn't mean people wont be able
- // to. Certain authentication plugins do NOT want to save
+ // Certain authentication plugins do NOT want to save
// domain passwords in a mysql database, so we should
// check this (in case $wgAuth->strict() is false).
- if ( !$this->isValidPassword( $password ) ) {
- return false;
- }
if ( $wgAuth->authenticate( $this->getName(), $password ) ) {
return true;
}
function processLogin() {
- global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle;
+ global $wgMemc, $wgLang, $wgSecureLogin, $wgPasswordAttemptThrottle,
+ $wgInvalidPasswordReset;
switch ( $this->authenticateUserData() ) {
case self::SUCCESS:
$this->renewSessionId();
if ( $this->getUser()->getPasswordExpired() == 'soft' ) {
$this->resetLoginForm( $this->msg( 'resetpass-expired-soft' ) );
+ } elseif ( $wgInvalidPasswordReset
+ && !$user->isValidPassword( $this->mPassword )
+ ) {
+ $status = $user->checkPasswordValidity( $this->mPassword );
+ $this->resetLoginForm(
+ $status->getMessage( 'resetpass-validity-soft' )
+ );
} else {
$this->successfulLogin();
}
'resetpass-abort-generic' => 'Password change has been aborted by an extension.',
'resetpass-expired' => 'Your password has expired. Please set a new password to log in.',
'resetpass-expired-soft' => 'Your password has expired and needs to be reset. Please choose a new password now, or click "{{int:resetpass-submit-cancel}}" to reset it later.',
+'resetpass-validity-soft' => 'Your password is not valid: $1
+
+Please choose a new password now, or click "{{int:resetpass-submit-cancel}}" to reset it later.',
# Special:PasswordReset
'passwordreset' => 'Reset password',
'resetpass-abort-generic' => 'Generic error message shown on [[Special:ChangePassword]] when an extension aborts a password change from a hook.',
'resetpass-expired' => "Generic error message shown on [[Special:ChangePassword]] when a user's password is expired",
'resetpass-expired-soft' => 'Generic warning message shown on [[Special:ChangePassword]] when a user needs to reset their password, but they are not prevented from logging in at this time',
+'resetpass-validity-soft' => 'Warning message shown on [[Special:ChangePassword]] when a user needs to reset their password, because their password is not valid.
+
+Parameters:
+* $1 - error message',
# Special:PasswordReset
'passwordreset' => 'Title of [[Special:PasswordReset]].
'resetpass-abort-generic',
'resetpass-expired',
'resetpass-expired-soft',
+ 'resetpass-validity-soft',
),
'passwordreset' => array(
'passwordreset',