Added password strength checker class and Sync listener.#11643
Added password strength checker class and Sync listener.#11643
Conversation
As an accompanying code, also added the password strength checker library.
|
Thank you for the great PR description! When this PR is ready for review, please apply the Scheduled Jetpack release: April 2, 2019. |
| return $user; | ||
| } | ||
|
|
||
| call_user_func( |
There was a problem hiding this comment.
Instead of doing this.
I think it would be cleared to do a
do_action( 'jetpack_password_check_failed', $user->ID, $test_results['test_results']['failed'] );
and then in listeners we can then just call
add_action( 'jetpack_password_check_failed', $this->handler, 10, 2 );
| */ | ||
|
|
||
| class WP_Test_Jetpack_Sync_Module_Auth extends WP_Test_Jetpack_Sync_Base { | ||
|
|
|
I am not 100% since I haven't tested this but it looks like I think it would be really interesting to always send an event when the user password changes. |
At least use
Of interest: I think that may be the only place we can access a changing password before it is hashed when an user is |
| @@ -0,0 +1,1288 @@ | |||
| <?php //phpcs:ignore WordPress.Files.FileName.InvalidClassFileName | |||
There was a problem hiding this comment.
FYI @zinigor I added these ignore statements to the new files and added them to the phpcs whitelist since they're new and clean.
| } else { | ||
| $this->user_id = $user; | ||
| } | ||
| $this->min_password_length = apply_filters( 'better_password_min_length', $this->min_password_length ); |
There was a problem hiding this comment.
Needs docblock and likely changed hook name to jetpack_password_checker, etc
| } | ||
|
|
||
| /** | ||
| * Filters Jetpack's password strength enforcement settings. You can modify the minimum |
There was a problem hiding this comment.
We could include in the docs that 28 is weak, 32 is suggested, etc?
…/jetpack into add/password-strength-checker
|
Caution: This PR has changes that must be merged to WordPress.com |
Only call clear_flags when we after we acually use the flags. We had an issue where we were cleading the flags after login in before we could acually use the flags.
|
zinigor, Your synced wpcom patch D25993-code has been updated. |
|
I tested this and it works as expected for me. When I login as a user on my jetpack site as that has a week password. I can see the event come though on the .com side. the code on .com will need have this PR applied to it. |
|
zinigor, Your synced wpcom patch D25993-code has been updated. |
|
zinigor, Your synced wpcom patch D25993-code has been updated. |
* Initial Changelog for 7.2 * Testing list: add mention of IE11 testing * Initial Changelog for 7.2 * Testing list: add mention of IE11 testing * Add CL for #11224 * Add CL for #11426 * Add CL for #11442 * Add testing instructions for #11224 * Add CL for #11451 * Reclassify CL item * Add testing instructions for #11451 * Add CL for #11486 * Add CL for #11418 * Add CL for #11524 * Add CL and testing instructions for #11449 * Add CL for #11460 * Add CL for #11520 and #11582 * Add CL for #11531 * Add CL #11644 * Add testing instructions for #11644 * Add testing instructions for #11644 * Add CL for #11618 * Uniform changelog lines * CL #11679 * CL #11661 * CL #11654 * CL #11645 * CL #11643 * CL #11636 * CL #11635 and for other PHPCS commits * CL #11627 * CL #11626 * CL #11598 * CL #11596 * Remove nested items for shortcopy. I don't believe the detailed list is helpful * CL #11570 * CL #11569 * CL #11560 * CL #11558 * CL #11555 * CL #6704 * CL #11298 * CL #11324 * CL #11443 * CL #11484 * CL #11516 * CL #11529 * Expand Ads block enhancement CL item
This adds a class that listens to password verification events and checks the passwords for certain criteria.
Changes proposed in this Pull Request:
Testing instructions:
Proposed changelog entry for your changes: