My need I think is very simple to implement and is only to add the possibility to open the set of the MINIMUM_PASSWORD_STRENGTH_ALLOWED keeping by default the value on the class PasswordStrengthEstimatorModel ( 3 ), but in case the value is set on the .env var ( something like: MINIMUM_PASSWORD_STRENGTH_ALLOWED=2 ), override the hard-coded value by this one.
I came with this because I’m working on a plugin that allows the admin-users to control the quality of the non-admin users passwords including they have the possibility to increase/decrease the strength of it. It will be helpful and more easy If we have the possibility to control this min value by using some env var according the client needs.
Waiting for feedback this side. Cheers!
My suggestion is to do something like this on the class NotWeak:
<?php
declare(strict_types=1);
namespace Mautic\UserBundle\Form\Validator\Constraints;
use Mautic\UserBundle\Model\PasswordStrengthEstimatorModel;
use Symfony\Component\Validator\Constraint;
/**
* @Annotation
*/
final class NotWeak extends Constraint
{
public const TOO_WEAK = 'f61e730a-284e-11eb-adc1-0242ac120002';
protected static $errorNames = [
self::TOO_WEAK => 'PASSWORD_TOO_WEAK_ERROR',
];
public string $message = 'This password is too weak. Consider using a stronger password.';
public int $score;
public function __construct()
{
parent::__construct();
$passStrength = $_SERVER['MINIMUM_PASSWORD_STRENGTH_ALLOWED'];
// Check if the environment variable is set and not empty
$this->score = isset($passStrength) && $passStrength !== ''
? (int) $passStrength
: PasswordStrengthEstimatorModel::MINIMUM_PASSWORD_STRENGTH_ALLOWED;
}
}