Change Details

[[https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy|`$wgPasswordPolicy`]] should be able to alter the password field on the login form. Use cases: * add HTML validators, such as minimum length. We already do AJAX-based validation (except on mobile we don't, but that should probably be fixed - T211439), but this would be slightly faster, more native to the device and work without JS. * add complex validators with visual elements, such as a password strength meter (T32574) or password generator (T151011), which require a script to be loaded (and probably some CSS class on the target field). * add visual hints or help text about password requirements (e.g. a notice saying "at least 8 characters") (T211440) Implementation-wise, `$wgPasswordPolicy['forms']['check1']` could be an array that's merged into the form definition. Or maybe a callback. And password checking methods should probably be able to return extra data that's communicated to the client via the password validation API module, so something like a password strength meter can use server-side logic (important because password checking logic can involve huge wordlists which cannot be sent to the client).

[[https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy|`$wgPasswordPolicy`]] should be able to alter the password field on the login form. Use cases: * add HTML validators, such as minimum length. We already do AJAX-based validation (except on mobile we don't, but that should probably be fixed - T211439), but this would be slightly faster, more native to the device and work without JS. * add complex validators with visual elements, such as a password strength meter (T32574) or password generator (T151011), which require a script to be loaded (and probably some CSS class on the target field). * add visual hints or help text about password requirements (e.g. a notice saying "at least 8 characters") (T211440) Implementation-wise, `$wgPasswordPolicy['forms']['check1']` could be an array that's merged into the form definition. Or maybe a callback. See also {T211525}.

[[https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy|`$wgPasswordPolicy`]] should be able to alter the password field on the login form. Use cases: * add HTML validators, such as minimum length. We already do AJAX-based validation (except on mobile we don't, but that should probably be fixed - T211439), but this would be slightly faster, more native to the device and work without JS. * add complex validators with visual elements, such as a password strength meter (T32574) or password generator (T151011), which require a script to be loaded (and probably some CSS class on the target field). * add visual hints or help text about password requirements (e.g. a notice saying "at least 8 characters") (T211440) Implementation-wise, `$wgPasswordPolicy['forms']['check1']` could be an array that's merged into the form definition. Or maybe a callback. And password checking methods should probably be able to return extra data that's communicated to the client via the password validation API module, so something like a password strength meter can use server-side logic (important because password checking logic can involve huge wordlists which cannot be sent to the client) See also {T211525}.