You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Edit profile should check password policy and reject if unacceptable
Right now, non-implicit installs can update their password from their own WordPress profile. This will update if that password follows the password policy set on the DB connection being used. But, if the password fails, the WordPress password is updated but not the Auth0 one and there are no errors.
Probably the fastest way to get this running like it should is a check during edit profile update and rejection if Auth0 does not accept it. Probably here:
Might need to merge the update_change_password() method just below so it passes if Auth0 is changed and does not if not.
Admin edit profile password changes should be allowed
Right now, admins can change user passwords but they are not mapped to Auth0. It looks like it's just a matter of adding hooks to display and process for admins as well.
To display, hook edit_user_profile with the show_change_password method; to validate and save, hook personal_options_update/user_profile_update_errors to the validate_new_password/update_change_password methods.
The text was updated successfully, but these errors were encountered:
Edit profile should check password policy and reject if unacceptable
Right now, non-implicit installs can update their password from their own WordPress profile. This will update if that password follows the password policy set on the DB connection being used. But, if the password fails, the WordPress password is updated but not the Auth0 one and there are no errors.
Probably the fastest way to get this running like it should is a check during edit profile update and rejection if Auth0 does not accept it. Probably here:
https://github.com/auth0/wp-auth0/blob/master/lib/WP_Auth0_EditProfile.php#L36
Might need to merge the
update_change_password()method just below so it passes if Auth0 is changed and does not if not.Admin edit profile password changes should be allowed
Right now, admins can change user passwords but they are not mapped to Auth0. It looks like it's just a matter of adding hooks to display and process for admins as well.
To display, hook
edit_user_profilewith theshow_change_passwordmethod; to validate and save, hookpersonal_options_update/user_profile_update_errorsto thevalidate_new_password/update_change_passwordmethods.The text was updated successfully, but these errors were encountered: