10

I'm attempting to override the current validation for passwords in FOSUserBundle. I've tried a few options, but I still can't find the solution.

To increase the password's MinLength, I created a validation.yml with:

# src/Acme/UserBundle/Resources/config/validation.yml
Acme\UserBundle\Entity\User:
    properties:
        username:
            - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
            - MaxLength: { limit: 255, message: "The username is too long" }
            - NotBlank: { message: "Please enter a username"}       

        plainPassword:
            - NotBlank: { message: "Please enter a password"}
            - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [Registration,Profile]}
                - MaxLength: { limit: 255, message: "The password is too long" }

Acme\UserBundle\Form\Model\ChangePassword:
  properties:  
      new:
          - NotBlank: { message: "Please enter a new password", groups [ChangePassword]}
          - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [ChangePassword]}
          - MaxLength: { limit: 255, message: "The password is too long", groups [ChangePassword]}  

Acme\UserBundle\Form\Model\ResetPassword:
        new:
            - NotBlank: { message: "Please enter a new password", groups [ResetPassword]}
            - MinLength: { limit: 8, message: "Your new password must have at least {{ limit }} characters.", groups [ResetPassword]}
            - MaxLength: { limit: 255, message: "The new password is too long", groups [ResetPassword]}

This is working for me fine on /register, but on /change-password the default min length validation from FOSUserBundle is taking ownership.

To state my question more clearly, what is the correct way to set the MinLength for the password in FOSUserBundle to ensure it's validated everywhere?

In addition, what's the correct approach with FOSUserBundle to verify within ChangePassword that oldpassword != newpassword?

Cave Johnson
  • 6,499
  • 5
  • 38
  • 57
MadManMonty
  • 816
  • 1
  • 7
  • 25

2 Answers2

4

validation.yml should be in the same bundle that overwrites the FOS user entity

Instead of Acme you should use FOS and you should only need one validation set.

# src/Acme/UserBundle/Resources/config/validation.yml
FOS\UserBundle\Model\User:
   properties:
      username:
        - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
        - MaxLength: { limit: 255, message: "The username is too long" }
        - NotBlank: { message: "Please enter a username"}       

      plainPassword:
        - NotBlank: { message: "Please enter a password", groups:[Registration, ResetPassword, ChangePassword] }
        - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups:[Registration, ResetPassword, ChangePassword] }
        - MaxLength: { limit: 255, message: "The password is too long", groups:[Registration, ResetPassword, ChangePassword] }

When in trouble, go to the source: https://github.com/FriendsOfSymfony/FOSUserBundle/issues/987

Cave Johnson
  • 6,499
  • 5
  • 38
  • 57
pfisher
  • 41
  • 2
  • 1
    this doesnt seems to be the right syntax for length validation based on this http://symfony.com/doc/current/reference/constraints/Length.html – gondo Jan 29 '14 at 20:01
  • This syntax was used in symfony 2, but anyway even with new syntax I cant override validation of min length this way. I can only append new validation rules. – Daniel Jan 16 '19 at 15:13
1

You can use the Validation Groups

http://symfony.com/doc/2.0/book/validation.html#validation-groups

anthofremion
  • 169
  • 1
  • 5
  • This is something I removed in an effort to see if that was the cause of my issues. I've put them back in now to verify, they seem to be making no difference. I'll edit above to include them back in for clarity. – MadManMonty Feb 09 '12 at 13:35