FOSUserBundle password validation

Question

I'm attempting to override the current validation for passwords in FOSUserBundle. I've tried a few options, but I still can't find the solution.

To increase the password's MinLength, I created a validation.yml with:

# src/Acme/UserBundle/Resources/config/validation.yml
Acme\UserBundle\Entity\User:
    properties:
        username:
            - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
            - MaxLength: { limit: 255, message: "The username is too long" }
            - NotBlank: { message: "Please enter a username"}       

        plainPassword:
            - NotBlank: { message: "Please enter a password"}
            - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [Registration,Profile]}
                - MaxLength: { limit: 255, message: "The password is too long" }

Acme\UserBundle\Form\Model\ChangePassword:
  properties:  
      new:
          - NotBlank: { message: "Please enter a new password", groups [ChangePassword]}
          - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups [ChangePassword]}
          - MaxLength: { limit: 255, message: "The password is too long", groups [ChangePassword]}  

Acme\UserBundle\Form\Model\ResetPassword:
        new:
            - NotBlank: { message: "Please enter a new password", groups [ResetPassword]}
            - MinLength: { limit: 8, message: "Your new password must have at least {{ limit }} characters.", groups [ResetPassword]}
            - MaxLength: { limit: 255, message: "The new password is too long", groups [ResetPassword]}

This is working for me fine on /register, but on /change-password the default min length validation from FOSUserBundle is taking ownership.

To state my question more clearly, what is the correct way to set the MinLength for the password in FOSUserBundle to ensure it's validated everywhere?

In addition, what's the correct approach with FOSUserBundle to verify within ChangePassword that oldpassword != newpassword?

Answer 1

validation.yml should be in the same bundle that overwrites the FOS user entity

Instead of Acme you should use FOS and you should only need one validation set.

# src/Acme/UserBundle/Resources/config/validation.yml
FOS\UserBundle\Model\User:
   properties:
      username:
        - MinLength: { limit: 3, message: "Your username must have at least {{ limit }} characters." }
        - MaxLength: { limit: 255, message: "The username is too long" }
        - NotBlank: { message: "Please enter a username"}       

      plainPassword:
        - NotBlank: { message: "Please enter a password", groups:[Registration, ResetPassword, ChangePassword] }
        - MinLength: { limit: 8, message: "Your password must have at least {{ limit }} characters.", groups:[Registration, ResetPassword, ChangePassword] }
        - MaxLength: { limit: 255, message: "The password is too long", groups:[Registration, ResetPassword, ChangePassword] }

When in trouble, go to the source: https://github.com/FriendsOfSymfony/FOSUserBundle/issues/987

Answer 2

You can use the Validation Groups

http://symfony.com/doc/2.0/book/validation.html#validation-groups