So, I have recently been building a password quality enforcement plugin for the Kirby Panel that allows us to set custom rules, and it works great when creating a new user from within the admin panel - BUT when I tested the “Forgot your password?” functionality, it appears that path / functionality bypasses the validation check? By this, I mean that it appears that the user.create:before and user.update:before hooks are being bypassed for the password-reset functionality and thusly skips by the new quality validation I’m trying to enforce.
So my question: Is there some other hook that I should be using to include the password-reset functionality in the above? Or is this unintended behavior of the Kirby CMS handling of the password-reset functionality?
Here’s the plugin code where I’m referencing the hooks, if it helps:
Kirby::plugin('twykr/password-quality', [
'hooks' => [
'user.create:before' => function ($user, $input) {
enforcePQ($input['password']);
},
'user.update:before' => function ($newUser, $oldUser, $input) {
if (isset($input['password'])) {
enforcePQ($input['password']);
}
}
]
]);
function enforcePQ($password) { /* whatever validation rules */ }
Any guidance or pointers on how to make this work with this would be appreciated!