New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow admin to create a password policy #14295
Conversation
Hi @simivar, Thanks for your contribution. In the future it might be a good idea to comment on an issue indicating that you want to work on the issue, so that work is not duplicated. Often I open issues to start a discussion on how something should be solved and not as a finished proposal. In this case I honestly thought about a config file parameter as I think this UI would be only useful for a very small fraction of Matomo users and another UI makes the settings even more complex. So maybe this could be extracted as a plugin. |
@Findus23 sure, I'll remember that in the future. I was thinking about adding options to config file but decided for UI mainly because of two things:
If you strongly think that it should be moved to config I will gladly edit my PR. |
I highly disagree with this statement, see the discussion there: #14176 |
I think neither options nor config is needed and executing these checks for everyone without any setting or config should be fine. Yes you can have save passwords without a number, and having this or that doesn't make it safe... but it's still better maybe to just force different kind of characters (the UI doesn't need to say that makes it a strong password). Anyway, I would just not want any config or UI setting for this ideally. That's just me though. |
If someone really needs this feature it should be easy to create a plugin similar to https://github.com/Findus23/plugin-PasswordVerifier/blob/master/PasswordVerifier.php that implements arbitrary rules. |
@mattab what's your take on that? |
Hi @simivar |
@mattab @Findus23
From what I gather Matomo and PiwikPRO are two separate entities. I can't find "Password policy" plugin on Matomo Marketplace too. What should I do? |
@simivar Every plugin ID has to be unique as that's what Matomo uses to identify plugins. Even if the old plugin is removed from the marketplace (I think it is already or at least hidden on the public pages) having the same ID would maybe cause odd issues. So I'd recommend you to just use another name for the plugin: |
@Findus23 I think that the list of all, even hidden, plugins should be searchable somewhere so that would be clear that such plugin name is taken. |
@simivar so far I think this is only the first time this happened. I think the error message is somewhat helpful in this case but happy to change / improve it. Like we could say "If this is not your repo, please rename the plugin and publish it again". I'm thinking even if we have such a list available somewhere, devs might not look at it first and changing the plugin name later should be in most cases somewhat easy (find/replace). BTW: The reason it isn't showing this plugin is because it is only available up to Piwik 2. So over time (in a few years) this might become more of an issue and might need to actually make such a list available at some point. |
#13666
Settings available in UI: