d8-contrib-modules / password_policy Goto Github PK

Tries to download ctools as dependency of password policy, it downloads and keeps checking for it

Fatal error: Call to a member function getValue() on a non-object in /var/www/drupal/modules/contrib/password_policy/src/EventSubscriber/PasswordPolicyEventSubscriber.php on line 32

Error on new user registration

Drupal\Core\Entity\EntityStorageException: SQLSTATE[HY000]: General error: 1366 Incorrect integer value: '' for column 'field_password_expiration_value' at row 1: INSERT INTO {user__field_password_expiration} (entity_id, revision_id, bundle, delta, langcode, field_password_expiration_value) VALUES (:db_insert_placeholder_0, :db_insert_placeholder_1, :db_insert_placeholder_2, :db_insert_placeholder_3, :db_insert_placeholder_4, :db_insert_placeholder_5); Array ( [:db_insert_placeholder_0] => 2 [:db_insert_placeholder_1] => 2 [:db_insert_placeholder_2] => user [:db_insert_placeholder_3] => 0 [:db_insert_placeholder_4] => en [:db_insert_placeholder_5] => ) in Drupal\Core\Entity\Sql\SqlContentEntityStorage->save() (line 757 of /opt/devdesktop2/drupal/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php).

Add comments into the code

The password_policy_characters module and corresponding plugins have no schema definition as best as I can tell. Post #17 merger the password_policy_length module should have an example worth following.

Write YAML files to make policies and constraints exportable

The route defined for the admin page for the security category (/admin/config/security) returns a "page not found" message.

Users granted a new "Bypass Password Policies" permission would not be forced to have password policies on user add/edit form.

Useful for user creation and admin resetting of passwords

For admins only

Policies should be collection of constraints

Make this overridable from the default username and mail fields

1. identify anything that is broken
2. identify any gaps in automated tests
3. make general observations for improving UX

This is more generic to the route, not the actual path.

Consider dynamic parameters and how to pass those to the route

Uncaught PHP Exception Drupal\Core\Entity\EntityStorageException: "Entity validation was skipped." at /var/www/drupal/core/lib/Drupal/Core/Entity/Sql/SqlContentEntityStorage.php line 755, referer: http://d8.dev/user/1/edit

Steps:

1. go to /user/1/edit
2. try to save form

https://github.com/d8-contrib-modules/password_policy/blob/master/config/schema/password_policy.schema.yml#L38-L42

This needs moved from password_policy/config/schema into password_policy/password_length/config/schema

Need this issue to be resolved:

LionsAd/drupal_ti#39

Then, drop in custom logic for downloading ctools dependency between site install and module install

• Look at code base and determine what unit tests need created
• Enhance TravisCI to run

Password policy has configuration yml files under config/install. Currently they are not registered back to the password_policy module, and should be so the configuration is installed/uninstalled with the module.

Here are some examples from core that provide the functionality that Password Policy's configuration needs:

core/modules/user/config/optional/rdf.mapping.user.user.yml
dependencies:

• module:
• user

The example above demonstrates how configuration can set a dependency for the "user" module (install and uninstall will add/remove config respectively). In our case, we need our configuration to set the dependency of "password_policy" for all config files located under "config/install".

Currently, password_policy.install manually removes the field configuration defined in config/install. By enabling this dependency within Password Policy's "config/install", this means we can remove the code from the uninstall hook that manually removes some of the fields defined in configuration.

/admin/config

Since each plugin controls which policies are returned, we need to have the ability to specify a standard "delete" interface

-Test password reset admin interface
-Test password length module
-Test creating accounts, password enforcement
-Test resetting password

Replication:

1. Create a password policy with a length constraint, apply to Authed users.
2. Navigate to /admin/people/create
3. Note constraints exist
4. Type in failing password
5. Constraints disappear and only read "There are no constraints for the selected user roles"

Password confirm had to be stripped out of the user form because it was causing major conflicts when I attempted to validate the password against the applied policies.

define attributes of a policy

https://www.drupal.org/node/2469723

Steps:

• Create a password policy and enable for 'Administrator' role
• Create a test user with no roles, which has password that fails the policy 'password'
• Edit the test user and add the 'Administrator' role

Expected:

An error or message would be displayed when adding the role that states the user's password does not meet requirements.

Need to discuss options for what should happen.

Options:

• Password is marked for force reset
• User is not saved with form error
• (other ideas?)

Actual:

The user is saved and can login with the poor password into what should now be a policy enforced role.

Look at the existing password policy module, add other things like:

1. number of special characters
2. number of capital letters
   etc

This seems to occur after a password has expired (password reset)

I reset a user password and tried to log out. It kept redirecting back to the user edit page infinitely.

function password_policy_user_insert($account) {
  $account = \Drupal::currentUser();
  $date = date('Y-m-d\TH:i:s');
  $user = entity_load('user', $account->id());
  $user->set('field_last_password_reset', $date);
  $user->set('field_password_expiration', '0');
  $user->save();
}

This will run on the creating user, not necessarily the new user.

Should be able to just delete this line:

  $account = \Drupal::currentUser();