Score:1

Custom form password validation / strength enforcement

au flag

I have a custom form that would create user. The form is rendered with Form API and is using PasswordConfirm element, but it doesn't seem to validate the password against the default password rules (e.g. number of characters, combinations of characters).

How do I apply the default Drupal password rules to my custom form's password confirm field in the form validation method?

sonfd avatar
in flag
I don't think Drupal does have password rules by default? It lists some recommendations, but they're just recommendations AFAIK.
au flag
You're right. I just started to realize this.
Score:2
in flag

Built in is only recommendation. But there are several contrib modules like https://www.drupal.org/project/password_policy

Use such a module.

If you have created your own custom form, just use the usual

public function validateForm(array &$form, FormStateInterface $form_state)

method to implement your rules.

au flag
Thanks for the answer. I played with the module for a while, but there are issues with it. I'm using the "password_policy.validator" (`Drupal\password_policy\PasswordPolicyValidator`) to validate the password. While it works to provide a bool result, it does not tell you what is wrong when the test fail. That is certainly a problem.
au flag
I just extended the class to make things work for me. Thanks for the suggestion.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.