How does Plone allow addons to implement password policies?

I've seen two different addons monkeypatch Products.CMFPlone.RegistrationTool.RegistrationTool.testPasswordValidity in order to introduce password policies to Plone. Isn't that what Products.PluggableAuthService.interfaces.plugins.IValidationPlugin is for? If so, does Plone/PlonePAS utilize the IValidationPlugin? I don't think it should be necessary to monkeypatch anything to add new password policies.

@jensens ping :slight_smile:

@CorySanin Yes it does, after a certain version. I made a plone core change years ago to make sure it does. You can see it being used here in the plugin I wrote.

I don't know why other plugins continue to monkey patch.

1 Like

Thank you for the response and example!