[html-formfu] Constraint for salted hash password

[Christian Lackas]

* Carl Franks <fireartist at gmail.com> [090227 13:25]:

Hi Carl,

> You're adding a 2nd validator, so it doesn't have the message set on the 1st.
> That should really be:
>    $field->get_validator({ type => 'Callback' })->callback( sub {
>        return Crypt::SaltedHash->validate($user->password, shift);
>    });

makes perfectly sense, did not see that when I copy and pasted my code
from your example in the docs.

One last (loosely related) question: Besides the field with the current
password (used to verify the commit), I also have two fields to set a
new password:

    - type: Password
      name: password
      label: Password
      constraint:
        - type: MinLength
          min: 6
        - type: Regex
          regex: '\W'
          message: Must contain one non-letter/digit
      transformers:
        - type: Callback
          callback: MyApp::Utils::hashpassword
    - type: Password
      name: password_confirm
      label: Password (confirm)
      constraint:
        - type: Equal
          others: password

Everything works great (e.g. both have to be the same, length and at
least one \W character), however, if I don't type in anything (for both)
I get a valid empty $form->param('password') (before transformers). Why
is that (since I set MinLength to 6)?
It is actually half-way what I want: If no password is given, the
password should not be changed. However, currently it sets the password
to '' rather than preserving the old value.
As a workaround, I check for empty string in password and then re-add
the value from the database:
    
    $form->add_valid(password => $user->password);

I assume the password get's lost in the process since it is never used
as a default value (due to the 'Password' type), right?

Christian