acceptable_password

See also

Forms and validation, username_unique

A validator to check whether a password conforms to the password secutiry requirements.

It can be attached to a password entry field used to set a new password:

<input type="password" id="password" name="password" autocomplete="new-password" value="">
{% validate id="password"
            type={acceptable_password}
            only_on_blur
%}

The password will be sent to the server when the user leaves the password field.

The server will then check for:

• minimum password length, as configured in mod_authentication.password_min_length (defaults to 8)

• matching a regular expression with criteria, as configured in mod_authentication.password_min_length

• check if the password does not appear in a leak, unless mod_authentication.password_disable_leak_check is set (this uses the service at Have I Been Pwned)

You can pass a failure_message:

<input type="password" id="password" name="password" autocomplete="new-password" value="">
{% validate id="password"
            type={acceptable_password
                failure_message=_"Your new password is too short or not strong enough"
            }
            only_on_blur
%}

There is an optional parameter allow_empty to allow empty passwords. This is useful if the password should only be filled in special circumstances (like when changing the password) and the handler code knows not to do anything if the password is empty:

<label for="password">{_ Optionally set a new password _}</label>
<input type="password" id="password" name="password" autocomplete="new-password" value="">
{% validate id="password"
            type={acceptable_password
                allow_empty
                failure_message=_"Your new password is too short or not strong enough"
            }
            only_on_blur
%}