Increase minimum password length for admin user

[torhoehn]

Description (*)

PCI 4.0 requires a minimal password length of 12 characters, so it has to be changed from 7 to 12.

Manual testing scenarios (*)

1. Change password of an existing admin account.
2. It should fail to change the password if less than 12 characters are used.

Contribution checklist (*)

• Pull request has a meaningful description of its purpose
• All commits are accompanied by meaningful commit messages
• All new or changed code is covered with unit/integration tests (if applicable)
• README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
• All automated tests passed successfully (all builds are green)

Resolved issues:

1. resolves [Issue] Increase minimum password length for admin user #39327: Increase minimum password length for admin user

[m2-assistant]

Hi @torhoehn. Thank you for your contribution!
Here are some useful tips on how you can test your changes using Magento test environment.
❗ Automated tests can be triggered manually with an appropriate comment:

• @magento run all tests - run or re-run all required tests against the PR changes
• @magento run <test-build(s)> - run or re-run specific test build(s)
  For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names.

Allowed build names are:

1. Database Compare
2. Functional Tests CE
3. Functional Tests EE
4. Functional Tests B2B
5. Integration Tests
6. Magento Health Index
7. Sample Data Tests CE
8. Sample Data Tests EE
9. Sample Data Tests B2B
10. Static Tests
11. Unit Tests
12. WebAPI Tests
13. Semantic Version Checker

You can find more information about the builds here
ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

---

For more details, review the Code Contributions documentation.
Join Magento Community Engineering Slack and ask your questions in #github channel.

[Morgy93]

This line also requires modification: Line 688 in validation.js.

Update: There’s an additional line that needs attention in the same file: Line 694.

[torhoehn]

This one needs to be changed as well: https://github.com/magento/magento2/blob/2.4-develop/lib/web/mage/validation.js#L688

Thanks for pointing out, I changed that file as well.

I will leave this PR as simple as it is, to hopefully get it merged fast. I will create another PR one on top of it, to make the values configurable (magento/community-features#333).

[sprankhub]

@torhoehn, you also need to update the error message mentioned by @Morgy93 earlier.

[ihor-sviziev]

I agree that it needs to be improved for admin users, but should it also be enforced for clients?

[torhoehn]

@torhoehn, you also need to update the error message mentioned by @Morgy93 earlier.

@sprankhub Ah sorry, I will change that as well.

I agree that it needs to be improved for admin users, but should it also be enforced for clients?

@ihor-sviziev I will check that. But to keep it as simple as possible I would like to create another PR for that, because I don't know how many changes will be needed for that.

[engcom-Hotel]

@magento create issue

[torhoehn]

@magento run all tests

[engcom-Hotel]

@magento run Database Compare

[engcom-Hotel]

Hello @torhoehn,

Thanks for the collaboration!

The changes seems good to me but please fix the failed static tests. Other failed tests seems flaky to me.

Thanks

[torhoehn]

@engcom-Hotel

https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/39319/e2665884321236cc68820a770c5457d1/Statics/allure-report-b2b/index.html
I changed the validation.js, but later than the mentioned line here.

https://public-results-storage-prod.magento-testing-service.engineering/reports/magento/magento2/pull/39319/e2665884321236cc68820a770c5457d1/Statics/console-error-logs.html
I didn't touch any Copyright or inheritdoc. What needs to be changed here?

[engcom-Hotel]

Hello @torhoehn,

This is part of the latest Adobe Copyright guidelines and it is now covered by static test analysis. So from now on we need to update the copyright as below in the updated files:

Copyright [year code created] Adobe 
All Rights Reserved.

Please do the needful.

Thanks

[torhoehn]

@magento run all tests

[hostep]

@torhoehn: the year in the copyright header should be the year when the file was first created, so 2024 is wrong, you should check the git history for each file to find the correct year. For example, the file app/code/Magento/User/Model/UserValidationRules.php got created in 2015, lib/web/mage/validation.js in 2014, ...

[torhoehn]

@hostep Thank you, I changed it accordingly.

@magento run all tests

[engcom-Hotel]

@magento run all tests

[engcom-Hotel]

@magento Database Compare, Functional Tests B2B, Functional Tests CE, Functional Tests EE, Integration Tests, Unit Tests, WebAPI Tests

[engcom-Hotel]

@magento run Database Compare, Functional Tests B2B, Functional Tests CE, Functional Tests EE, Integration Tests, Unit Tests, WebAPI Tests

[engcom-Hotel]

Hello @torhoehn,

Some automated tests are still failing. Please fix those.

Thanks

[torhoehn]

@magento run all tests

[torhoehn]

@magento run all tests

[torhoehn]

@engcom-Hotel Could you please check if all tests regarding CE are solved?

[engcom-Hotel]

@magento run all tests

[engcom-Hotel]

Hello @torhoehn,

We can still see some failures on the PR. Please click on Details to see the issues in automated builds.

We also want to inform you that, as this is a feature request, we are currently in discussion with the Product Owner (PO) to determine the next steps for processing this PR. In the meantime, we are moving this PR to the On Hold status.

Thanks