Add setting of password restrictions on registration

i-lateral · Feb 22, 2018 · 09ec5d0 · 09ec5d0
1 parent a879def
commit 09ec5d0
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 6 deletions.
diff --git a/changelog.md b/changelog.md
@@ -23,4 +23,8 @@ Minor update to:
 
 * Massivley simplify templates
 * Add new docs
-* Minor code imprevements
+* Minor code imprevements
+
+# 1.1.1
+
+* Allow setting of password restrictions on registration
diff --git a/code/Users.php b/code/Users.php
@@ -11,6 +11,33 @@
 class Users extends Object
 {
 
+	/**
+	 * Minimum character length of the password required
+     * on registration/account editing
+	 *
+	 * @var int
+     * @config
+	 */
+	private static $password_min_length = 6;
+
+	/**
+	 * Maximum character length of the password required
+     * on registration/account editing
+	 *
+	 * @var int
+     * @config
+	 */
+	private static $password_max_length = 16;
+
+	/**
+	 * Enforces strong password (at least one digit and one alphanumeric
+	 * character) on registration/account editing
+	 *
+	 * @var boolean
+     * @config
+	 */
+	private static $password_require_strong = false;
+
     /**
      * Stipulate if a user requires verification. NOTE this does not
      * actually deny the user the ability to login, it only alerts them
@@ -28,7 +55,7 @@ class Users extends Object
      * @var Boolean
      * @config
      */
-    private static $send_verification_email = true;
+    private static $send_verification_email = false;
 
     /**
      * Stipulate the sender address for emails sent from this module. If

diff --git a/code/control/Users_Register_Controller.php b/code/control/Users_Register_Controller.php
@@ -218,14 +218,20 @@ public function RegisterForm()
             Session::set('BackURL', $_REQUEST['BackURL']);
         }
 
+        $config = Users::config();
+
         // Setup form fields
         $fields = FieldList::create(
             TextField::create("FirstName"),
             TextField::create("Surname"),
             EmailField::create("Email"),
-            ConfirmedPasswordField::create("Password")
+            $password_field = ConfirmedPasswordField::create("Password")
         );
 
+        $password_field->minLength = $config->get("password_min_length");
+        $password_field->maxLength = $config->get("password_max_length");
+        $password_field->requireStrongPassword = $config->get("password_require_strong");
+
         // Setup form actions
         $actions = new FieldList(
             FormAction::create("doRegister", "Register")
@@ -241,9 +247,14 @@ public function RegisterForm()
             "Password"
         ));
 
-        $form = Form::create($this, "RegisterForm", $fields, $actions, $required)
-            ->addExtraClass("forms")
-            ->addExtraClass("forms-columnar");
+        $form = Form::create(
+            $this,
+            "RegisterForm",
+            $fields,
+            $actions,
+            $required
+        )->addExtraClass("forms")
+        ->addExtraClass("forms-columnar");
 
         $this->extend("updateRegisterForm", $form);
 

diff --git a/docs/en/Usage.md b/docs/en/Usage.md
@@ -17,6 +17,18 @@ following URL:
 
 You can add new fields to the registration form using provided extension hooks.
 
+### Password Security
+
+This module allows enforcement of password security on registration.
+By default it required a password between 6 & 16 characters in 
+length, but this can be changed and you can also enforce strong 
+passwords. To do this, you can add this to your `config.yml`:
+
+    Users:
+      password_min_length: 8
+      password_max_length: 20
+      password_require_strong: true
+
 ## Account Management
 
 You can access the account managment controller via the URL: