Cms: Password Enforcement Rules

This is already possible in Craft 2 with a custom plugin and the onBeforeSetPassword event. https://craftcms.stackexchange.com/a/3061/57

You can enforce any sort of password business logic you want from there.

I am aware of this plugin for Craft 2 (which implies we can port it for Craft 3; and since you're not mentioning any other, I assume there aren't any plugin of the sort for Craft 3)

I wanted to know if Craft 3 will have it.

Also, is onBeforeSetPassword event accessible from backend, i.e. for CMS editor's passwords?

We removed that specific event in Craft 3 since the way passwords get set in Craft 3 is quite a bit different.

Now what you would do is:

use craft\elements\User;
use yii\base\Event;
use yii\base\ModelEvent;

Event::on(User::class, User::EVENT_BEFORE_VALIDATE, function(ModelEvent $event) {
    /** @var User $user */
    $user = $event->sender;

    if ($user->newPassword !== null) {
        $validates = $this->validateNewPassword($user->newPassword);

        if (!$validates) {
            $user->addError('newPassword', Craft::t('plugin-handle', 'Invalid password'));
            $event->isValid = false;
        }
    }
});

Thanks, I'm not sure I understand at this time, but will investigate further from this tip.

The use statements would go at the top of your primary Plugin class, and the Event::on() call would go within your Plugin class’s init() method.

Would love to see strong password enforcement as a native Craft option.