# HG changeset patch
# User Matthew Wild <mwild1@gmail.com>
# Date 1640181713 0
# Node ID 56eba4bca28f17402279f331b1147f2344c34e14
# Parent  fe5303da99cbe3f06466ab83d651994686d6d534
mod_password_policy: Allow check_password() to indicate the policy that failed

diff -r fe5303da99cb -r 56eba4bca28f mod_password_policy/mod_password_policy.lua
--- a/mod_password_policy/mod_password_policy.lua	Sun Dec 19 01:33:34 2021 +0100
+++ b/mod_password_policy/mod_password_policy.lua	Wed Dec 22 14:01:53 2021 +0000
@@ -18,7 +18,7 @@
 
 function check_password(password)
 	if #password < options.length then
-		return nil, ("Password is too short (minimum %d characters)"):format(options.length);
+		return nil, ("Password is too short (minimum %d characters)"):format(options.length), "length";
 	end
 	return true;
 end
@@ -47,9 +47,13 @@
 		table.insert(passwords, query:get_child_text("password"));
 
 		for _,password in ipairs(passwords) do
-			if password and not check_password(password) then
-				origin.send(st.error_reply(stanza, "cancel", "not-acceptable", "Please use a longer password."));
-				return true;
+			if password then
+				local pw_ok, pw_err, pw_failed_policy = check_password(password);
+				if not pw_ok then
+					module:log("debug", "Password failed check against '%s' policy", pw_failed_policy);
+					origin.send(st.error_reply(stanza, "cancel", "not-acceptable", pw_err));
+					return true;
+				end
 			end
 		end
 	end