Generate password to satisfy field settings

[Robin S]

Is there some API method to generate a random password that satisfies the settings of a given FieldtypePassword field? Something like:

// Pseudocode
$f = $fields->get('pass');
$random_pass = $f->generatePass();

I feel like I've seen something like this somewhere but maybe that's just wishful thinking.

At the moment I'm doing this for random passwords (picked up somewhere in the forums here)...

// Generate a random, temporary password
$pass = '';
$chars = 'abcdefghjkmnopqrstuvwxyz23456789!@#$%&*';
$length = mt_rand(9,12); // password between 9 and 12 characters
for($n = 0; $n < $length; $n++) $pass .= $chars[mt_rand(0, strlen($chars)-1)];

...but is there a better way that takes into account the settings of a password field?

[fbg13]

This?

 

[Robin S]

@fbg13, thanks, that might have been what I was remembering.

I found a better method in the same class: randomPass(). It gives you a lot more control over the generated password and avoids similar characters like I/1 and O/0.

I still think it would be handy to have something that can pull settings from a given FieldtypePassword field though. And a "Generate password" button in the inputfield would be cool too.

[adrian]

On 10/1/2017 at 9:40 PM, Robin S said:

I still think it would be handy to have something that can pull settings from a given FieldtypePassword field though

Yeah, it seems like an omission in randomPass() to not be able to generate a password that matches the settings for the system "pass" field. Your discussion here made me take another look at the generate password settings in my EmailNewUser module. I was about to remove those options and make the generate password method use randPass() with the appropriate options as they are stored in the "pass" field settings, but the problem is that randPass() doesn't support the "Complexify Factor" setting and it also uses minLenth settings for each character type, rather than an overall min password length (which is what the password field settings need. It also doesn't support the "Word Ban" mode option.

Seems like a feature request for the core?

[Robin S]

5 hours ago, adrian said:

randPass() doesn't support the "Complexify Factor" setting

This might be because the "complexify factor" is something internal to the JS library used in InputfieldPassword - perhaps difficult or too time-consuming to port to PHP. I'm putting together a little module that adds a "Generate password" button to InputfieldPassword and from my testing it seems you can probably ignore the complexify setting in your EmailNewUser module because when set to the advised range of 0.5 - 1.0 then any randomly generated password seems to satisfy the complexify setting.

Incidentally, I'm not a fan of vague settings like "complexify" because it's totally meaningless to the user who is setting the password. Imagine getting feedback like "Sorry, your password is 0.1 units not complexified enough." The inputfield currently says "too common" when failing the complexify setting but that's not really accurate because a random string can fail a high complexify setting. Settings like this can make for infuriating UX.

 

5 hours ago, adrian said:

it also uses minLenth settings for each character type, rather than an overall min password length (which is what the password field settings need

I noticed that and found it very strange. It must be deliberate because the method comment says:

Quote

`maxLength` (int): Maximum lenth of returned value, will be exceeded if needed to meet other options

But surely if you are setting a max length you want a max length for the whole password? Can't think why Ryan would have designed it that way.

I have put in a feature request on GitHub.