... for simpler implementation of strength indicator in future.
Also simplified configuration by removing password_check_strength and
adding password_minimum_score.
Allow password drivers more control over the entire password changeing
processes not just the save action. Allow them to perform old/new
password comparisons and also password strength checking.
*) allow password drivers override default password comparisons (eg
new is not same as current) #6473
*) allow password drivers override default strength checks (eg allow
for 'not the same as last x passwords')
*) allow separate password saving and strength drivers for use of
strength checking services eg HaveIBeenPwned.com #5040
*) allow drivers to define password strength rules displayed to the
user
*) rename password_require_nonalpha config option to
password_check_strength to reflect new strength checking
possibilities (added backwards compatibility)
If the password policy on the ldap server is violated when changing
password, report error as "constraint violation" instead of the
misleading "connection error".
Only tested with OpenLDAP (v2.4).
The old version assumed `json_decode` would return an associative array.
While it can do so if an extra option is specified, the default
behaviour is to return an object. Therefore, a successful password
change resulted in an error while parsing the response.
The new code is accessing the response as object instead. The method
is now covered by a unit test.
This driver does not use an admin account. It uses the user's account to
authenticate at the Webmail API. It uses the recommended UAPI and does
not rely on third-party classes.
Aleksander Machniak