Support › MB User Profile › Login Form Forgotten Password link does not have a password strength
- This topic has 6 replies, 3 voices, and was last updated 1 week, 3 days ago by
Johannes Gross.
-
AuthorPosts
-
February 25, 2025 at 1:51 AM #47733
sg123
ParticipantI am using the login form and during my testing I have clicked on the forgot password link.
It sends me an email to reset my password which takes me back to the login form but using the url variable ?rwmb-reset-password=true with the change password key and the email address.
This is all fine except I cannot find anywhere to specify the password strength for this form and on testing it allows me to set the password as a single character which is obviously not acceptable. Can you please advise where I can control the password strength for the reset password using the login form?
February 25, 2025 at 3:08 AM #47735ParticipantJust to also let you know I wondered if you guys were using the same method for your own website and you do. I was able to change my password to 123. Obviously I have reset it to something stronger but surely this is an oversight or perhaps a bug after the last update?
February 25, 2025 at 11:09 PM #47738Peter
ModeratorHello,
Thank you for your feedback.
You are correct. The
passwordfield in the reset password form doesn't have the password strength option.
https://docs.metabox.io/fields/password/If you can use the filter hook, you can check the filter
rwmb_profile_reset_password_fieldsto adjust the password field of the form and add some custom attributes to the field settings likeminlength,pattern...
https://docs.metabox.io/custom-attributes/The code to create the form is located in the file
/wp-content/plugins/meta-box-aio/vendor/meta-box/mb-user-profile/src/DefaultFields.phpFebruary 26, 2025 at 1:48 AM #47741ParticipantCan you let me know how I would go about adding the strength option to the field? It works for the register form so not sure why it can't be used for the reset password form as they use the same input fields with the same names? I need to get this working as soon as possible.
February 26, 2025 at 9:00 PM #47745ModeratorHello,
The reset password form has different settings, it doesn't use the same settings as in the register form. I will inform the development team to consider supporting the password strength in the reset password form.
If you are familiar with coding, you can follow my suggestion above to use the filter hook
rwmb_profile_reset_password_fieldsand set some custom attributes to the field.February 26, 2025 at 9:08 PM #47747ParticipantThanks for getting back to me.
I ended up adding my own javascript to control this as the custom attributes didn't give me what I needed. TBH I'm surprised this isn't supported as it makes for an insecure site when the user can change their password to something so weak as '123'.
March 25, 2025 at 1:32 AM #47909Johannes Gross
ParticipantI came across the same observation today - the MB reset password form does not enforce any strength. Please fix this. The strange thing is that your LoginForm render_block code even has the provision for it but the password_strength value does not get populated since the field is missing in the Gutenberg block.
public function render_block( $attributes ): string { $form = Factory::make( [ 'redirect' => $attributes['redirect'], 'form_id' => $attributes['form_id'], 'recaptcha_key' => $attributes['recaptcha_key'], 'recaptcha_secret' => $attributes['recaptcha_secret'], 'label_title' => $attributes['label_title'], 'label_username' => $attributes['label_username'], 'label_password' => $attributes['label_password'], 'label_remember' => $attributes['label_remember'], 'label_lost_password' => $attributes['label_lost_password'], 'label_submit' => $attributes['label_submit'], 'id_username' => $attributes['id_username'], 'id_password' => $attributes['id_password'], 'id_remember' => $attributes['id_remember'], 'id_submit' => $attributes['id_submit'], 'confirmation' => $attributes['confirmation'], 'value_username' => $attributes['value_username'], 'value_remember' => Helper::convert_boolean( $attributes['value_remember'] ), 'password_strength' => $attributes['password_strength'], ], 'login' ); if ( empty( $form ) ) { return ''; }I appreciate your help with this!
-
AuthorPosts
- You must be logged in to reply to this topic.