Meta Box

Login Form Forgotten Password link does not have a password strength

Support MB User Profile Login Form Forgotten Password link does not have a password strength

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • February 25, 2025 at 1:51 AM #47733
    sg123sg123
    Participant

    I am using the login form and during my testing I have clicked on the forgot password link.

    It sends me an email to reset my password which takes me back to the login form but using the url variable ?rwmb-reset-password=true with the change password key and the email address.

    This is all fine except I cannot find anywhere to specify the password strength for this form and on testing it allows me to set the password as a single character which is obviously not acceptable. Can you please advise where I can control the password strength for the reset password using the login form?

    February 25, 2025 at 3:08 AM #47735
    sg123sg123
    Participant

    Just to also let you know I wondered if you guys were using the same method for your own website and you do. I was able to change my password to 123. Obviously I have reset it to something stronger but surely this is an oversight or perhaps a bug after the last update?

    February 25, 2025 at 11:09 PM #47738
    PeterPeter
    Moderator

    Hello,

    Thank you for your feedback.

    You are correct. The password field in the reset password form doesn't have the password strength option.
    https://docs.metabox.io/fields/password/

    If you can use the filter hook, you can check the filter rwmb_profile_reset_password_fields to adjust the password field of the form and add some custom attributes to the field settings like minlength, pattern ...
    https://docs.metabox.io/custom-attributes/

    The code to create the form is located in the file
    /wp-content/plugins/meta-box-aio/vendor/meta-box/mb-user-profile/src/DefaultFields.php

    February 26, 2025 at 1:48 AM #47741
    sg123sg123
    Participant

    Can you let me know how I would go about adding the strength option to the field? It works for the register form so not sure why it can't be used for the reset password form as they use the same input fields with the same names? I need to get this working as soon as possible.

    February 26, 2025 at 9:00 PM #47745
    PeterPeter
    Moderator

    Hello,

    The reset password form has different settings, it doesn't use the same settings as in the register form. I will inform the development team to consider supporting the password strength in the reset password form.

    If you are familiar with coding, you can follow my suggestion above to use the filter hook rwmb_profile_reset_password_fields and set some custom attributes to the field.

    February 26, 2025 at 9:08 PM #47747
    sg123sg123
    Participant

    Thanks for getting back to me.

    I ended up adding my own javascript to control this as the custom attributes didn't give me what I needed. TBH I'm surprised this isn't supported as it makes for an insecure site when the user can change their password to something so weak as '123'.

    March 25, 2025 at 1:32 AM #47909
    Johannes GrossJohannes Gross
    Participant

    I came across the same observation today - the MB reset password form does not enforce any strength. Please fix this. The strange thing is that your LoginForm render_block code even has the provision for it but the password_strength value does not get populated since the field is missing in the Gutenberg block.

    public function render_block( $attributes ): string {
		$form = Factory::make( [
			'redirect'            => $attributes['redirect'],
			'form_id'             => $attributes['form_id'],
			'recaptcha_key'       => $attributes['recaptcha_key'],
			'recaptcha_secret'    => $attributes['recaptcha_secret'],
			'label_title'         => $attributes['label_title'],
			'label_username'      => $attributes['label_username'],
			'label_password'      => $attributes['label_password'],
			'label_remember'      => $attributes['label_remember'],
			'label_lost_password' => $attributes['label_lost_password'],
			'label_submit'        => $attributes['label_submit'],
			'id_username'         => $attributes['id_username'],
			'id_password'         => $attributes['id_password'],
			'id_remember'         => $attributes['id_remember'],
			'id_submit'           => $attributes['id_submit'],
			'confirmation'        => $attributes['confirmation'],
			'value_username'      => $attributes['value_username'],
			'value_remember'      => Helper::convert_boolean( $attributes['value_remember'] ),
			'password_strength'   => $attributes['password_strength'],
		], 'login' );
		if ( empty( $form ) ) {
			return '';
		}

    I appreciate your help with this!

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.