On 14 Sep 2012, at 4:22 PM, howesc <how...@umich.edu> wrote: > i would argue in that case that there is a bug if login is prevented because > the password is too short.....once a user creates a password it should remain > valid until they change it. we should only check password length on > creation, otherwise you break existing users when you try and change your > rules.
Absolutely. You want to be setting that validator dynamically, depending on context. I do that in my models, but ISTR there was a patch to that effect in 2.0 Auth. --