Page MenuHomePhabricator

$wgPasswordPolicy checks should be able to communicate details to client-side logic via the validatepassword API
Open, Needs TriagePublic

Description

Password checking callbacks defined in $wgPasswordPolicy should be able to provide data (not just an error message string) which is communicated back to the client-side logic via action=validatepassword. The main application for this is a password strength meter (T32574), but it is probably useful for building more complex password validation UIs in general.

See also T211514: $wgPasswordPolicy should be able to alter the password form field.