Add custom password (regexp) validation to user and security app

16 views
Skip to first unread message

Christoph Damm

unread,
Jun 1, 2022, 10:14:28 AMJun 1
to Magnolia User Mailing List
Hi guys,
I'm currently a bit stuck with a what i thought is more or less a default task.
I want to add a password complexity validation via regexp to both the user edit form and security app.

So i went ahead and added a decoration for both the above:
editUserProfile.form.tabs.user.fields.pswd.yaml (within ui-admincentral/dialogs) and 
user.form.tabs.user.fields.pswd.yaml (within security-app.dialogs).

I tried different ways of defining the validator in those files 
1) using built in regexp validator(s).
a) with UI5 validator:
validators:
- name: passwordStrength
class: info.magnolia.ui.form.validator.definition.RegexpValidatorDefinition
errorMessage: my message
pattern: ^[0-9]*$

Result: validation happens but always fails

b) using UI6 validator:
validators:
- name: passwordStrength
class: info.magnolia.ui.field.RegexpValidatorDefinition
errorMessage: message
pattern: ^[0-9]*$
Result: validator isn't executed at all

2) Writing custom validator
Does not much more, more or less a copy of regexp validator with fixed pattern.
Obviously my preferred way would be the #1, simply use what's there.

However whenever i debug #2/1a it looks to me like the value passed to the validation is the hashed password, thus can't succeed.

Anyone can point me towards the right direction?

Thanks a lot,
Christoph




Roman Kovařík

unread,
Jun 2, 2022, 6:58:29 AMJun 2
to Magnolia User Mailing List, christo...@gmail.com
Hi Christoph,

However whenever i debug #2/1a it looks to me like the value passed to the validation is the hashed password, thus can't succeed.

You're right. You would need to workaround it, e.g.

public class CustomPasswordFields extends PasswordFields {

public CustomPasswordFields(Provider<Context> contextProvider, PasswordFieldDefinition definition) {
  super(contextProvider, definition);
}

@Override
protected void validate(String ignoreHashedValue) {
  StreamSupport.stream(getVerticalLayout().spliterator(), false)
    .filter(PasswordField.class::isInstance)
    .skip(1) //skip the current password field
    .map(PasswordField.class::cast)
    .findFirst()
    .map(AbstractField::getValue)
    .ifPresent(super::validate); //use the plain text value
}
}

and use it in a CustomPasswordFieldFactory.

Hope that helps
Roman

Reply all
Reply to author
Forward
0 new messages