WordPress/wp-admin/js/password-strength-meter.js
atimmer bde558be2f Docs: Add file doc @output annotations.
These annotations make it clear to the reader of a JavaScript source
where the build process outputs to. These annotations can later be
integrated in a webpack configuration. This way there is one source of
truth.

The `build` folder is omitted from the paths, because a single JS file
shouldn't not be responsible of knowing where outputs in general will
end up at. A file only knows its output location relative to the
project.

Props adamsilverstein, herregroen, omarreiss, pento.
Fixes #44361.

Built from https://develop.svn.wordpress.org/trunk@43347


git-svn-id: http://core.svn.wordpress.org/trunk@43175 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2018-06-28 02:30:15 +00:00

123 lines
3.1 KiB
JavaScript

/**
* @output wp-admin/js/password-strength-meter.js
*/
/* global zxcvbn */
window.wp = window.wp || {};
var passwordStrength;
(function($){
/**
* Contains functions to determine the password strength.
*
* @since 3.7.0
*
* @namespace
*/
wp.passwordStrength = {
/**
* Determines the strength of a given password.
*
* Compares first password to the password confirmation.
*
* @since 3.7.0
*
* @param {string} password1 The subject password.
* @param {Array} blacklist An array of words that will lower the entropy of
* the password.
* @param {string} password2 The password confirmation.
*
* @returns {number} The password strength score.
*/
meter : function( password1, blacklist, password2 ) {
if ( ! $.isArray( blacklist ) )
blacklist = [ blacklist.toString() ];
if (password1 != password2 && password2 && password2.length > 0)
return 5;
if ( 'undefined' === typeof window.zxcvbn ) {
// Password strength unknown.
return -1;
}
var result = zxcvbn( password1, blacklist );
return result.score;
},
/**
* Builds an array of words that should be penalized.
*
* Certain words need to be penalized because it would lower the entropy of a
* password if they were used. The blacklist is based on user input fields such
* as username, first name, email etc.
*
* @since 3.7.0
*
* @returns {string[]} The array of words to be blacklisted.
*/
userInputBlacklist : function() {
var i, userInputFieldsLength, rawValuesLength, currentField,
rawValues = [],
blacklist = [],
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
// Collect all the strings we want to blacklist.
rawValues.push( document.title );
rawValues.push( document.URL );
userInputFieldsLength = userInputFields.length;
for ( i = 0; i < userInputFieldsLength; i++ ) {
currentField = $( '#' + userInputFields[ i ] );
if ( 0 === currentField.length ) {
continue;
}
rawValues.push( currentField[0].defaultValue );
rawValues.push( currentField.val() );
}
/*
* Strip out non-alphanumeric characters and convert each word to an
* individual entry.
*/
rawValuesLength = rawValues.length;
for ( i = 0; i < rawValuesLength; i++ ) {
if ( rawValues[ i ] ) {
blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
}
}
/*
* Remove empty values, short words and duplicates. Short words are likely to
* cause many false positives.
*/
blacklist = $.grep( blacklist, function( value, key ) {
if ( '' === value || 4 > value.length ) {
return false;
}
return $.inArray( value, blacklist ) === key;
});
return blacklist;
}
};
// Backward compatibility.
/**
* Password strength meter function.
*
* @since 2.5.0
* @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
*
* @global
*
* @type {wp.passwordStrength.meter}
*/
passwordStrength = wp.passwordStrength.meter;
})(jQuery);