Migrate check password policy callback to hook #83

dustinhuynh · dustinhuynh · commit f4cc3b7f57a6 · 2025-08-21T09:50:55.000+10:00
diff --git a/classes/form/test_password_form.php b/classes/form/test_password_form.php
@@ -73,7 +73,11 @@ public function validation($data, $files) {
         // check pw against that account. Else, against currenlty logged in account.
         $testervalidation = '';
         if ($testpassword != '') {
-            $testervalidation = tool_passwordvalidator_check_password_policy($testpassword, $otheruser);
+            if (get_config('tool_passwordvalidator', 'enable_plugin')) {
+                // If plugin is enabled, execute validation.
+                require_once(__DIR__.'/locallib.php');
+                $testervalidation = tool_passwordvalidator_password_validate($testpassword, $otheruser);
+            }
         }
 
         if (!empty($testervalidation)) {
diff --git a/classes/hook_callbacks.php b/classes/hook_callbacks.php
@@ -0,0 +1,42 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace tool_passwordvalidator;
+
+use core\hook\check_password_policy;
+/**
+ * Callbacks for hooks.
+ *
+ * @package    tool_passwordvalidator
+ * @copyright  2025 Dustin Huynh <dustinhuynh@catalyst-au.net>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+class hook_callbacks {
+    /**
+     * Listener for the check_password_policy hook.
+     *
+     * @param check_password_policy $hook
+     */
+    public static function check_password_policy(check_password_policy $hook): void {
+        global $CFG;
+        if (get_config('tool_passwordvalidator', 'enable_plugin')) {
+            require_once($CFG->dirroot . '/admin/tool/passwordvalidator/locallib.php');
+            // If plugin is enabled, execute validation.
+            $error = tool_passwordvalidator_password_validate($hook->password, $hook->user);
+            $hook->add_errors($error);
+        }
+    }
+}
diff --git a/db/hooks.php b/db/hooks.php
@@ -0,0 +1,32 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+/**
+ * Hook callbacks for Password Validator
+ *
+ * @package    tool_passwordvalidator
+ * @copyright  2025 Dustin Huynh <dustinhuynh@catalyst-au.net>
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ */
+
+defined('MOODLE_INTERNAL') || die();
+
+$callbacks = [
+    [
+        'hook' => \core\hook\check_password_policy::class,
+        'callback' => [\tool_passwordvalidator\hook_callbacks::class, 'check_password_policy'],
+    ],
+];
diff --git a/lang/en/tool_passwordvalidator.php b/lang/en/tool_passwordvalidator.php
@@ -23,7 +23,7 @@
  */
 
 $string['pluginname'] = 'Password validator';
-
+$string['configpasswordcheckonlogin'] = 'It appears that the "Check password on login" (passwordpolicycheckonlogin) control is disabled. This plugin cannot function correctly without it.';
 $string['configpasswordpolicy'] = 'It appears that the "Password Policy" control is disabled. If this control is disabled, new users will not be able to view information about the password policy when setting their password.';
 $string['configpasswordrotationempty'] = 'It appears that the current password rotation limit is 0. This plugin relies on this configuration being set to atleast 1 for the password reset lockout period.
  It is recommended to set this value to atleast 1, but higher is better. ACSC recommends not reusing passwords within  8 changes.';
@@ -88,7 +88,6 @@
 $string['passwordtesterpass'] = 'Pass: Tester password passed validation settings. ';
 $string['passwordtesterfail'] = 'Fail: Tester password failed validation settings: <br>';
 $string['passwordtesterempty'] = 'No password entered to test.';
-
 $string['responseminimumlength'] = 'Password must have at least {$a} characters.';
 $string['responsenoletters'] = 'Password cannot consist of only numbers and/or special characters, or contain no letters.';
 $string['responsedictionaryfailoneword'] = 'Password cannot be based of a single dictionary word: {$a}, consider adding more words.';
diff --git a/lib.php b/lib.php
@@ -23,26 +23,6 @@
  */
 defined('MOODLE_INTERNAL') || die;
 
-/**
- * Wrapper function for the password validation. Simply calls password validate
- * with test mode disabled.
- *
- * @param string $password The password to be validated.
- * @param stdClass $user A user object to perform validation against if preset. Defaults to null
- * @return string Returns a string of any errors presented by the checks, or an empty string for success.
- *
- */
-
-function tool_passwordvalidator_check_password_policy($password, $user = null) {
-    if (get_config('tool_passwordvalidator', 'enable_plugin')) {
-        // If plugin is enabled, execute validation.
-        require_once(__DIR__.'/locallib.php');
-        return tool_passwordvalidator_password_validate($password, $user);
-    } else {
-        // Empty, passed validation.
-        return '';
-    }
-}
 
 /**
  * Function for the printing of the password policy
diff --git a/locallib.php b/locallib.php
@@ -472,6 +472,12 @@ function tool_passwordvalidator_config_checker() {
         }
     }
 
+    // Check if password check on login is enabled.
+    if ($CFG->passwordpolicycheckonlogin != 1) {
+        $response .= get_string('configpasswordcheckonlogin', 'tool_passwordvalidator').'<br>';
+        $type = 'notifyerror';
+    }
+
     // Minimum length enforcement is a fail.
     if (($CFG->passwordpolicy == 1) && $CFG->minpasswordlength >= 1) {
         $response .= get_string('configpasswordminlength', 'tool_passwordvalidator').'<br>';
diff --git a/version.php b/version.php
@@ -24,8 +24,8 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$plugin->version   = 2024111402;
-$plugin->release   = $plugin->version;
+$plugin->version   = 2025082100;
+$plugin->release   = 2025082100;
 $plugin->requires  = 2016052300;
 $plugin->component = 'tool_passwordvalidator';
 $plugin->maturity  = MATURITY_STABLE;

Original file line number	Diff line number	Diff line change
`@@ -472,6 +472,12 @@ function tool_passwordvalidator_config_checker() {`
`472`	`472`	`}`
`473`	`473`	`}`
`474`	`474`
	`475`	`+ // Check if password check on login is enabled.`
	`476`	`+ if ($CFG->passwordpolicycheckonlogin != 1) {`
	`477`	`+ $response .= get_string('configpasswordcheckonlogin', 'tool_passwordvalidator').'<br>';`
	`478`	`+ $type = 'notifyerror';`
	`479`	`+ }`
	`480`	`+`
`475`	`481`	`// Minimum length enforcement is a fail.`
`476`	`482`	`if (($CFG->passwordpolicy == 1) && $CFG->minpasswordlength >= 1) {`
`477`	`483`	`$response .= get_string('configpasswordminlength', 'tool_passwordvalidator').'<br>';`