From: Thalia <thalia.e.chan@googlemail.com>
Date: Tue, 17 Sep 2019 19:16:05 +0000 (+0100)
Subject: Improve documentation for the MinimumPasswordLengthToLogin policy
X-Git-Tag: 1.34.0-rc.0~176^2
X-Git-Url: https://git.cyclocoop.org/%27%20.%20%24this-%3EgetSkin%28%29-%3EescapeSearchLink%28%29%20.%20%27?a=commitdiff_plain;h=ca7869174fb8243658b5fc589d4db89393420467;p=lhc%2Fweb%2Fwiklou.git

Improve documentation for the MinimumPasswordLengthToLogin policy

Bug: T233119
Change-Id: I2d0fa6f7116b407cbf62ad93da73d0800c9d14f9
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c3a37f33e2..fd1affce3d 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4445,7 +4445,8 @@ $wgCentralIdLookupProvider = 'local';
  * The checks supported by core are:
  *	- MinimalPasswordLength - Minimum length a user can set.
  *	- MinimumPasswordLengthToLogin - Passwords shorter than this will
- *		not be allowed to login, regardless if it is correct.
+ *		not be allowed to login, or offered a chance to reset their password
+ *		as part of the login workflow, regardless if it is correct.
  *	- MaximalPasswordLength - maximum length password a user is allowed
  *		to attempt. Prevents DoS attacks with pbkdf2.
  *	- PasswordCannotMatchUsername - Password cannot match the username.
diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index 8eecbcc2e2..1475c2053c 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -54,6 +54,8 @@ class PasswordPolicyChecks {
 
 	/**
 	 * Check password is longer than minimum, fatal.
+	 * Intended for locking out users with passwords too short to trust, requiring them
+	 * to recover their account by some other means.
 	 * @param int $policyVal minimal length
 	 * @param User $user
 	 * @param string $password