fix: live password policy checklist and translated modal errors (#7301)#7303
Open
woodyardae wants to merge 1 commit into
Open
fix: live password policy checklist and translated modal errors (#7301)#7303woodyardae wants to merge 1 commit into
woodyardae wants to merge 1 commit into
Conversation
woodyardae
force-pushed
the
fix/7301-password-error-message
branch
from
June 22, 2026 06:44
97be301 to
75821e3
Compare
Collaborator
Collaborator
…cow#7301) The forced password-change modal (#ChangePWModal) uses AJAX, so PHP's alertbox_log_parser() never runs and the UI was showing the raw internal key password_complexity. Resolve AJAX errors through lang_danger and add a live password policy checklist (disabled checkboxes that tick as rules are met while typing) for the modal and all data-hibp password fields. - Centralize interactive policy HTML in password_complexity('html') - Wire shared validation in 013-mailcow.js (mirrors password_check()) - Add show/hide password toggles for data-hibp fields - Add admin.password_policy_match to all locale files - Fix invalid trailing commas in ja-jp, ko-kr, zh-cn, zh-tw locale JSON Fixes mailcow#7301 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> Agent: Cursor
woodyardae
force-pushed
the
fix/7301-password-error-message
branch
from
June 23, 2026 01:05
75821e3 to
3db572d
Compare
Author
|
Retargeted to staging as requested. Thanks! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.

Summary
Fixes #7301
When a mailbox user is forced to change their password at first login and submits a password that fails complexity checks, the modal showed the raw internal key
password_complexityinstead of a translated message.This PR:
lang_danger(e.g. Password does not meet the policy).data-hibppassword fields, including#ChangePWModal.password_complexity('html')with proper HTML escaping.013-mailcow.js(HIBP-aware DOM helpers, show/hide toggles, confirm-field match handling).password_policy_matchto 33 locale files (including minimallang.az-az.json).Scope note for maintainers
admin.password_policy_matchstring.013-mailcow.jsis served via mailcow's existing JS minifier/cache pipeline (footer.inc.php→ content hash →/cache/<hash>.js); no separate build step required.Live testing
Deployed commit
75821e33on test-stax (18/18 containers healthy, php-fpm restarted). Full test notes and reconciliation of automated runs are in the fork PR: woodyardae/mailcow-dockerized#1.data-hibpfields/api/v1/edit/admin)aria-liveaccessibilityTest plan
lang_dangermessage (not rawpassword_complexity)data-hibpfields/api/v1/edit/adminpassword_policy_matchin 33 lang files)Fixes #7301