Home/ Questions/Q 3220418
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T15:45:33+00:00

I would like to enforce a password policy in Zotonic. My first impression would

  • 0

I would like to enforce a password policy in Zotonic. My first impression would be to do this as a validator on the new_password field in the Identity editor.

Here is an example policy:

  • Have be at least 8 characters in length
  • Have at least one upper case letter
  • Have at least one lower case letter
  • Have at least one number
  • Have at least one non-alphanumeric character
  • Not be based on account name

Here is a possible implementation (not tested):

string:length(Password) >= 8 andalso
re:run(Password, "[A-Z]") =/= nomatch andalso
re:run(Password, "[a-z]") =/= nomatch andalso
re:run(Password, "[0-9]") =/= nomatch andalso
re:run(Password, "[^A-Za-z0-9]") =/= nomatch andalso
re:run(Password, AccountName) =:= nomatch

How do you enforce password complexity rules in Zotonic?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What you can do is implement it as a form validation. Along the lines of the other validations.

    I was wondering if there is a javascript available that shows the password strength. (Like a traffic light, green ok, red really not ok.)

    The validation can be attached using the {% validate %} scomp.

    A simple password check could be done by making a single regular expression and attaching it to the password field using the format validator http://zotonic.com/documentation/634/format

    For your proposed function, or a “traffic light” functionality, it might be better to make a custom validator. Or that we add support for the Custom validator of LiveValidation, to which you then pass a Javascript function for the check.

    • 0