ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
Password strength requirements string in a helper method (Feature #272)
| Status: | Ready for review | Start date: | 2011-03-11 |
|---|---|---|---|
| Priority: | Normal | Due date: | |
| Assignee: |  Eric Davis |
% Done: | 0% |
| Category: | Refactoring | ||
| Target version: | - | ||
| Remote issue URL: | Affected version: |
Description
In the current version of ChiliProject the requirements to the strength of a password are specified in a static string (:text_caracters_minimum) which is referenced directly in the views. If there are extensions that enforce additional requirements (e.g. classes of characters that must be present in the password) the extension would have to overwrite the according view which is probably not a good idea. It would therefore be nice to extract this string into a helper method which can then be extended.
Later on one could further extend this helper method to correctly reflect the validations on the password attribute in the User model.
The first of these steps I did already (extract the string to a helper method)
The patch is in this branch: https://github.com/finnlabs/chiliproject/tree/feature/password_complexity_requirements_helper
History
Updated by Felix Schäfer at 2011-03-20 08:39 am
Wouldn't overriding the :text_caracters_minimum locale string in the plugin be enough?
Anyway, could you please extract the relevant commits to a separate branch and possibly send a pull request on github, that makes reviewing easier than having to guess which commits pertain to this issue or not, thanks.
Updated by Gregor Schmidt at 2011-06-23 01:07 pm
The pull request is at https://github.com/chiliproject/chiliproject/pull/79
Updated by Eric Davis at 2011-06-27 10:12 pm
I agree with Felix, this is handled better by just changing the locale string.
Updated by Gregor Schmidt at 2011-06-28 05:50 am
We've got a plugin, that allows configuring additional complexity rules of the password, e.g. how many character groups must be present. This would then be dependent of the actual settings. We therefore need to be able to execute code, the get a useful complexity hint. As far as I know, this is not possible in locale strings. (This is not intended to be ironic. I think, there is actually a way to inject code in locale strings, but that code is not very flexible.)
I would like to argue, that password complexity is of general interest and therefore having an extension point here would be a benefit for everybody, not just us - finnlabs.
Updated by Eric Davis at 2011-07-01 04:41 pm
Gregor:
So your reason to have a method hold the locale string is because you allow changing the strength requirement dynamically? (through a Setting or similar)
- "Password requires 3 characters"
- "Password requires 4 characters and 1 number"
- "Password must be the name of a color spelled in reverse" ...
Updated by Gregor Schmidt at 2011-07-01 04:42 pm
Eric Davis wrote:
Gregor:
So your reason to have a method hold the locale string is because you allow changing the strength requirement dynamically? (through a Setting or similar)
- "Password requires 3 characters"
- "Password requires 4 characters and 1 number"
- "Password must be the name of a color spelled in reverse" ...
Exactly. That's what we're trying to do. And that's the reason, why we need it to be code and not just an i18n string.
Updated by Eric Davis at 2011-07-01 04:50 pm
Thanks Gregor, in that light this change might be worth it. I'm just trying to avoid unnecessary code complexity where I can (we have enough already) but with a real requirement like this it could be worth it.
I'm focused on 2.0.0 right now so I won't be able to review or merge until it's released. If you don't hear back from me after 2.0 is out, feel free to bump this issue to remind me.
Updated by Gregor Schmidt at 2011-11-16 07:01 am
Hi Eric,
This is a friendly reminder. 2.0 has been released for some time now and I stumbled upon this code yesterday while mangaging our internal branches. It would be great, if you could merge this.
Thanks for taking the time.
Gregor
- Assignee set to Eric Davis