-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
explain in your readme why you aren't building on existing plugins rather than building a new one? #5
Comments
good question @djay i don't know why enfolds added a password validator to this package instead of using the already existing products.passwordstrenght for this (passwordstrenght had it's first commit in 2007, loginlockout in dec 2010 and pwexpiry in 2013). we chose this package in favor of PasswordStrenght because we have a customer asking for an active directory password policy
after a quick recherche it looked like collective.pwexpiry is a good fit since it solves A,B and C out of the box (passwordstrenght does not have the expiration feature) to explain the differences i'd add something like this to the readme:
unclear:
@djay: as you are the maintainer of PasswordStrength i'd love to get your feedback on this comparison there are indeed some overlappings between those two packages. ideally every addon should serve it's very specific usecases. so pwexpiry could do just that: expire passwords (C) and passwordstrenght could handle A, B and D |
@djay: i just noticed that pwexpiry also has a feature to lock out the user after n unsuccessful login-tries for a period of m minutes. |
@frisi PasswordStrength is designed to be used TTW which I'm not sure this plugin is. It doesn't use any adapters. It does however use the existing PAS api for setting password validation rules which is built into plone. |
@frisi There is no need for your code to monkey patch registrationtool. Unless you are trying to support very old versions of plone. You can just use a PAS plugin which is cleaner. |
Regular expressions are nice, but IMO unable to solve the following Problem with regex only.
|
Think we can close this issue @frapell |
personally i think that a small paragraph in the readme that explains the differences to the other packages (as discussed above) and explains why the monkey patch is needed makes a lot of sense. |
@pcdummy Yes regex can handle that password rule. You would have 4 regular expressions joined into one, seperated by an OR. Each one missing one of those rules. |
@frisi I possibly didn't answer all your questions. Since the configuration is TTW, you can put whatever translation you want for the error messages but there isn't a facility to have different messages for different languages. It perhaps wouldn't be hard to fix this however. Yes you can provide a different error message for each validator. It will also combine the error messages if you want to break your rules down into seperate rules. Which is more modern? Thats subjective. PasswordStrength works with the core API for validation which was built into Plone. This goes via PAS which is the supported method. This is preferable to monkeypatching as it will be supported going forward. Relying on adapters and filesystem coding to implement rules is perhaps more liable to result in site specific code needing to be upgraded over time. |
"PasswordStrenght does not patch the description in the password form (so people are told to "provide 5 charcters at least" whereas the policy requires more)" is plainly untrue. Not sure where this came from. |
Whats different from these?
The text was updated successfully, but these errors were encountered: