Myth Auth strong_password |
Hi,
I;m using MythAuth for my authentication, when changing the password i;m getting a personal information error that seems wrong to me. The error states the password '95*P$3+J`}&2"b[|qGWUqii&J)OiIU' contains personal information, don't know how because this is generated and seems nothing personal to me. Is there something going wrong within this validation? (07-27-2022, 12:06 PM)superior Wrote: Hi, Hi. Can you show your controller code which process change password method? It would be really informative if you also include Myth:Auth and your php version too
Controller has nothing to do with it because it's a rule set to validate; strong_password.
> https://github.com/lonnieezell/myth-auth#services Latest version of MythAuth installed through composer, no modifications on that file. PHP Version 8.0.14 (07-28-2022, 12:09 AM)superior Wrote: Controller has nothing to do with it because it's a rule set to validate; strong_password. Do not agree with you. Change password request goes from user to the controller, but Myth AuthController.php don't have appropriate method to process this request, so i guess you added this code and maybe some extra validation. So there is no harm to have a look at this part of code too to eliminate that there is no problem. And please give the exact error message, used username and email values. (07-28-2022, 01:40 AM)manager Wrote:Don't see how this would help because my Controller has nothing to do with it but ok...(07-28-2022, 12:09 AM)superior Wrote: Controller has nothing to do with it because it's a rule set to validate; strong_password. The error message is translated from MythAuth on key 'errorPasswordPersonal', it's different by language. See: https://github.com/lonnieezell/myth-auth...th.php#L49 PHP Code: public function postPassword() (07-28-2022, 03:13 AM)manager Wrote:(07-28-2022, 01:40 AM)manager Wrote: And please give the exact error message, used username and email values. PHP Code: public $personalFields = [ PHP Code: public $personalFields = [ Really big list. In your case validation goes thru NothingPersonalValidator.php class - isNotPersonal() method. This method looks for personal information in a password. For example first of all it checks is your password equal to your username or email address or the reversed username. If you have also filled $personalFields , then method will also get there values too to look for personal information. Considering 13 variables in your list there is really big chance that validation will fail. For example: in "number" field you have a value "95". In this situation validation will fail. Quick solution in your case is comment from $passwordValidators array nothingPersonalValidator class. (07-28-2022, 04:15 AM)manager Wrote: Did that but alternatively i would like this activated, will remove some of the list that should not be so personal after all. Thanks for thinking with me!
Of course it would be a good idea to exclude some variables from your list. Luck!
|
Welcome Guest, Not a member yet? Register Sign In |