that adds the TDefaultPasswordValidator class. Plus, the ValidatePasswordInternal procedure loops all the validators, to check the password.
I would like to clone the TDefaultPasswordValidator class, modify some of it, and then add a second / third password validator to the default User Manager. Is it already possible ? It's something that you have in your general design, but at the moment it's not possible ?
in detail, for passwords (i paste here what, at the moment, we should do in a custom way):
Verify that passwords of at least 64 characters are permitted, and that passwords of more than 128 characters are denied. (C6)
Verify that password truncation is not performed. However, consecutive multiple spaces may be replaced by a single space. (C6)
Verify that passwords submitted during account registration, login, and password change are checked against a set of breached passwords either locally (such as the top 1,000 or 10,000 most common passwords which match the system's password policy) or using an external API. If using an API a zero knowledge proof or other mechanism should be used to ensure that the plain text password is not sent or used in verifying the breach status of the password. If the password is breached, the application must require the user to set a new non-breached password. (C6)
Yes, i think it's enough.
I have seen in source code the list of password validators, and i've thought "this is the way to do it", but the event in TPasswordOptions is also fine.
From my point of view, the worst thing is that i've tried the way to hack the PasswordOptions class, to introduce the event now and use it (...waiting for the "official" feature), but for now i can't find a "light" hack that i can add, and i don't want to mess up the Sphinx components. I will find a way !