I am trying to write a Moodle plugin to extend Moodle's default password validation.
By default, Moodle has options to force passwords to contain minimum numbers of upper case/lower case/etc characters, but I want to extend that to also do other checks, for example including things like checking that you haven't used the same password twice, checking that your password isn't a common English word, etc.
I'm struggling with how to do this. I initially thought I could write an auth plugin, and use the user_update_password() method, but this method only gets called for the specific auth plugin that has been used to create the user account, which doesn't work for me; I need to continue using the existing auth types, and have my method get triggered for any of them that involve a password update.
Can anyone give me any insights into how I can achieve what I want to do?