From: jenkins-bot <jenkins-bot@gerrit.wikimedia.org>
Date: Tue, 17 Sep 2019 20:07:50 +0000 (+0000)
Subject: Merge "Improve documentation for the MinimumPasswordLengthToLogin policy"
X-Git-Tag: 1.34.0-rc.0~176
X-Git-Url: https://git.heureux-cyclage.org/?p=lhc%2Fweb%2Fwiklou.git;a=commitdiff_plain;h=1cb23e06784496057ffe2f7bb8692c8d9786ad78;hp=644ac24dd3b94b9e88430056539c0434ca312928

Merge "Improve documentation for the MinimumPasswordLengthToLogin policy"
---

diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php
index c3a37f33e2..fd1affce3d 100644
--- a/includes/DefaultSettings.php
+++ b/includes/DefaultSettings.php
@@ -4445,7 +4445,8 @@ $wgCentralIdLookupProvider = 'local';
  * The checks supported by core are:
  *	- MinimalPasswordLength - Minimum length a user can set.
  *	- MinimumPasswordLengthToLogin - Passwords shorter than this will
- *		not be allowed to login, regardless if it is correct.
+ *		not be allowed to login, or offered a chance to reset their password
+ *		as part of the login workflow, regardless if it is correct.
  *	- MaximalPasswordLength - maximum length password a user is allowed
  *		to attempt. Prevents DoS attacks with pbkdf2.
  *	- PasswordCannotMatchUsername - Password cannot match the username.
diff --git a/includes/password/PasswordPolicyChecks.php b/includes/password/PasswordPolicyChecks.php
index 8eecbcc2e2..1475c2053c 100644
--- a/includes/password/PasswordPolicyChecks.php
+++ b/includes/password/PasswordPolicyChecks.php
@@ -54,6 +54,8 @@ class PasswordPolicyChecks {
 
 	/**
 	 * Check password is longer than minimum, fatal.
+	 * Intended for locking out users with passwords too short to trust, requiring them
+	 * to recover their account by some other means.
 	 * @param int $policyVal minimal length
 	 * @param User $user
 	 * @param string $password