pwd_diff_last_min_chars is not evaluated the same way in backend and in frontend

[davidcoutadeur]

At frontend side, pwd_diff_last_min_chars means the number of characters that differs from old password, whatever the position of the character.

At backend side, pwd_diff_last_min_chars uses similar_text, which computes multiple patterns length found in the old password.

As pwd_diff_last_min_chars exists since more longer in self-service-password, it would be preferable to adapt js code. However, the similar_text function is not really standard...

[davidcoutadeur]

Other problem:

at backend side, the password is only accepted when the number of "different characters" is strictly superior to pwd_diff_last_min_chars

This is not aligned with the documentation and also less logical:

You may also want to check for partial password reuses, ensuring the new password includes at least N distinct new characters:

$pwd_diff_last_min_chars = 3;

For example, for this configuration you must have at least N = 3 + 1 distinct new characters.