Password policyΒΆ
The SecurityBundle allows to define a password policy by configuring a pattern. The pattern will be used to validate the input of the user in the administration interface and programatically created users in the UserManager.
The following example enables the default pattern of sulu (minimum length of 8 characters).
# file: config/packages/sulu_security.yaml
sulu_security:
password_policy:
enabled: true
The configuration below sets an example pattern that validates the password against following constraints:
The password length must be greater than or equal to 8
The password must contain one or more uppercase characters
The password must contain one or more lowercase characters
The password must contain one or more numeric values
The password must contain one or more special characters
# file: config/packages/sulu_security.yaml
sulu_security:
password_policy:
enabled: true
pattern: '(?=^.{8,}$)(?=.*\d)(?=.*[^a-zA-Z0-9]+)(?![.\n])(?=.*[A-Z])(?=.*[a-z]).*$'
info_translation_key: app.password_information
Dont forget to provide a translation that explains your password policy to the user by setting the info_translation_key
configuration.
{
"app.password_information": "Passwords have a minimum length of 8 characters and must contain one or more uppercase characters, one or more lowercase characters, one or more numeric values, one or more special characters."
}