You are here

Home » API reference » Better Passwords 8 » BetterPasswordsSettingsForm.php » BetterPasswordsSettingsForm

public function BetterPasswordsSettingsForm::buildForm in Better Passwords 8

Same name and namespace in other branches
  1. 2.x src/Form/BetterPasswordsSettingsForm.php \Drupal\better_passwords\Form\BetterPasswordsSettingsForm::buildForm()

Form constructor.

Parameters

array $form: An associative array containing the structure of the form.

\Drupal\Core\Form\FormStateInterface $form_state: The current state of the form.

Return value

array The form structure.

Overrides ConfigFormBase::buildForm

File

src/Form/BetterPasswordsSettingsForm.php, line 32

Class

BetterPasswordsSettingsForm
Implements a form for general settings on better passwords.

Namespace

Drupal\better_passwords\Form

Code

public function buildForm(array $form, FormStateInterface $form_state) {
  $config = $this
    ->config('better_passwords.settings');
  $form['length'] = [
    '#type' => 'number',
    '#title' => $this
      ->t('Minimum password length'),
    '#default_value' => $config
      ->get('length'),
    '#size' => '4',
    '#description' => $this
      ->t('"Verifiers SHALL require subscriber-chosen memorized secrets to be at least 8 characters in length."'),
  ];
  $form['strength'] = [
    '#type' => 'select',
    '#title' => $this
      ->t('Minimum password strength'),
    '#default_value' => $config
      ->get('strength'),
    '#options' => [
      4 => $this
        ->t('4: Strongest'),
      3 => $this
        ->t('3: Strong'),
      2 => $this
        ->t('2: Moderate'),
      1 => $this
        ->t('1: Weak'),
      0 => $this
        ->t('0: Do not check strength'),
    ],
    '#description' => $this
      ->t('This module uses @zxcvbn to check prospective passwords against brute-force attacks, sequential or repeated characters, dates, and English-language dictionaries. This seems to at least partially meet the NIST requirement that: <br/>"When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised."', [
      '@zxcvbn' => Link::fromTextAndUrl('zxcvbn-php', Url::fromUri('https://github.com/bjeavons/zxcvbn-php/'))
        ->toString(),
    ]),
  ];
  $form['auto_generate'] = [
    '#type' => 'select',
    '#title' => $this
      ->t('Auto-generate passwords for new users when added by administrators'),
    '#default_value' => $config
      ->get('auto_generate'),
    '#options' => [
      0 => $this
        ->t('Never'),
      1 => $this
        ->t('Optional'),
      2 => $this
        ->t('Required'),
    ],
    '#description' => $this
      ->t('Forcing administrators to create initial passwords for new users is annoying and possibly insecure, unless those administrators know how to create good passwords. This option employs the Drupal "user_password" function to generate initial passwords.'),
  ];
  return parent::buildForm($form, $form_state);
}