WordPress.org
Get WordPress

Make WordPress Core

Ticket #25174: 25174.2.diff

File 25174.2.diff, 3.9 KB (added by iandunn, 13 years ago)

  • src/wp-admin/js/password-strength-meter.js

     
    1 function passwordStrength(password1, username, password2) {
     1/**
     2 * Determine the strength of a given password
     3 *
     4 * @param string password1 The password
     5 * @param array blacklist An array of words that will lower the entropy of the password
     6 * @param string password2 The confirmed password
     7 */
     8function passwordStrength( password1, blacklist, password2 ) {
     9        if ( ! jQuery.isArray( blacklist ) ) {
     10                blacklist = [ blacklist.toString() ];   // todo test
     11        }
     12
    213        if (password1 != password2 && password2.length > 0)
    314                return 5;
    4         var result = zxcvbn( password1, [ username ] );
     15
     16        var result = zxcvbn( password1, blacklist );
    517        return result.score;
    618}
     19
     20/**
     21 * Builds an array of data that would lower the entropy of a password if it were used
     22 *
     23 * @return array The array of data to be blacklisted
     24 */
     25function buildUserInputBlacklist() {
     26        var i, userInputFieldsLength, rawValuesLength, currentField,
     27                rawValues       = [],
     28                blacklist       = [],
     29                userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
     30
     31        // Collect all the strings we want to blacklist
     32        rawValues.push( jQuery( 'title' ).text() );
     33        rawValues.push( document.URL );
     34
     35        userInputFieldsLength = userInputFields.length;
     36        for ( i = 0; i < userInputFieldsLength; i++ ) {
     37                currentField = jQuery( '#' + userInputFields[ i ] );
     38
     39                if ( 0 == currentField.length ) {
     40                        continue;
     41                }
     42
     43                // todo rawValues.push( [previous value] );
     44
     45                rawValues.push( currentField.val() );
     46        }
     47
     48        // Strip out non-alphanumeric characters and convert each word to an individual entry
     49        rawValuesLength = rawValues.length;
     50        for ( i = 0; i < rawValuesLength; i++ ) {
     51                blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
     52        }
     53
     54        // Remove empty values, short words, and duplicates. Short words are likely to cause many false positives.
     55        blacklist = jQuery.grep( blacklist, function( value, key ) {
     56                if ( '' == value || 4 > value.length ) {
     57                        return false;
     58                }
     59
     60                return jQuery.inArray( value, blacklist ) === key;
     61        });
     62
     63        console.log( blacklist );       // todo remove when done testing
     64
     65        return blacklist;
     66}
     67 No newline at end of file

  • src/wp-admin/js/user-profile.js

     
    99                        return;
    1010                }
    1111
    12                 strength = passwordStrength(pass1, user, pass2);
     12                strength = passwordStrength( pass1, buildUserInputBlacklist(), pass2 );
    1313
    1414                switch ( strength ) {
    1515                        case 2:

  • tests/qunit/wp-admin/js/password-strength-meter.js

     
    8181                var allowedPasswordScore, penalizedPasswordScore,
    8282                        allowedPassword   = 'a[janedoe]4',
    8383                        penalizedPassword = 'a[johndoe]4',
    84                         username          = 'johndoe';
     84                        blacklist         = [ 'johndoe' ];
    8585
    86                 allowedPasswordScore = passwordStrength( allowedPassword, username, allowedPassword );
    87                 penalizedPasswordScore = passwordStrength( penalizedPassword, username, penalizedPassword );
     86                // todo expand to check a few other values?
    8887
     88                allowedPasswordScore = passwordStrength( allowedPassword, blacklist, allowedPassword );
     89                penalizedPasswordScore = passwordStrength( penalizedPassword, blacklist, penalizedPassword );
     90
    8991                ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
    9092        });
    9193});