mirror of
https://github.com/WordPress/WordPress.git
synced 2024-11-13 22:26:06 +01:00
bdbaccce37
Many variables in the JavaScript were defined in the global scope without being explicitly assigned to the window. When built with Webpack, the code gets encapsulated in anonymous functions and those implicit globals get assigned to the wrong scope. This patch prevents that from happening. Fixes #44371. See #43731. Built from https://develop.svn.wordpress.org/trunk@43577 git-svn-id: http://core.svn.wordpress.org/trunk@43406 1a063a9b-81f0-0310-95a4-ce76da25c4cd
122 lines
3.1 KiB
JavaScript
122 lines
3.1 KiB
JavaScript
/**
|
|
* @output wp-admin/js/password-strength-meter.js
|
|
*/
|
|
|
|
/* global zxcvbn */
|
|
window.wp = window.wp || {};
|
|
|
|
(function($){
|
|
|
|
/**
|
|
* Contains functions to determine the password strength.
|
|
*
|
|
* @since 3.7.0
|
|
*
|
|
* @namespace
|
|
*/
|
|
wp.passwordStrength = {
|
|
/**
|
|
* Determines the strength of a given password.
|
|
*
|
|
* Compares first password to the password confirmation.
|
|
*
|
|
* @since 3.7.0
|
|
*
|
|
* @param {string} password1 The subject password.
|
|
* @param {Array} blacklist An array of words that will lower the entropy of
|
|
* the password.
|
|
* @param {string} password2 The password confirmation.
|
|
*
|
|
* @returns {number} The password strength score.
|
|
*/
|
|
meter : function( password1, blacklist, password2 ) {
|
|
if ( ! $.isArray( blacklist ) )
|
|
blacklist = [ blacklist.toString() ];
|
|
|
|
if (password1 != password2 && password2 && password2.length > 0)
|
|
return 5;
|
|
|
|
if ( 'undefined' === typeof window.zxcvbn ) {
|
|
// Password strength unknown.
|
|
return -1;
|
|
}
|
|
|
|
var result = zxcvbn( password1, blacklist );
|
|
return result.score;
|
|
},
|
|
|
|
/**
|
|
* Builds an array of words that should be penalized.
|
|
*
|
|
* Certain words need to be penalized because it would lower the entropy of a
|
|
* password if they were used. The blacklist is based on user input fields such
|
|
* as username, first name, email etc.
|
|
*
|
|
* @since 3.7.0
|
|
*
|
|
* @returns {string[]} The array of words to be blacklisted.
|
|
*/
|
|
userInputBlacklist : function() {
|
|
var i, userInputFieldsLength, rawValuesLength, currentField,
|
|
rawValues = [],
|
|
blacklist = [],
|
|
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
|
|
|
// Collect all the strings we want to blacklist.
|
|
rawValues.push( document.title );
|
|
rawValues.push( document.URL );
|
|
|
|
userInputFieldsLength = userInputFields.length;
|
|
for ( i = 0; i < userInputFieldsLength; i++ ) {
|
|
currentField = $( '#' + userInputFields[ i ] );
|
|
|
|
if ( 0 === currentField.length ) {
|
|
continue;
|
|
}
|
|
|
|
rawValues.push( currentField[0].defaultValue );
|
|
rawValues.push( currentField.val() );
|
|
}
|
|
|
|
/*
|
|
* Strip out non-alphanumeric characters and convert each word to an
|
|
* individual entry.
|
|
*/
|
|
rawValuesLength = rawValues.length;
|
|
for ( i = 0; i < rawValuesLength; i++ ) {
|
|
if ( rawValues[ i ] ) {
|
|
blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
|
}
|
|
}
|
|
|
|
/*
|
|
* Remove empty values, short words and duplicates. Short words are likely to
|
|
* cause many false positives.
|
|
*/
|
|
blacklist = $.grep( blacklist, function( value, key ) {
|
|
if ( '' === value || 4 > value.length ) {
|
|
return false;
|
|
}
|
|
|
|
return $.inArray( value, blacklist ) === key;
|
|
});
|
|
|
|
return blacklist;
|
|
}
|
|
};
|
|
|
|
// Backward compatibility.
|
|
|
|
/**
|
|
* Password strength meter function.
|
|
*
|
|
* @since 2.5.0
|
|
* @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
|
|
*
|
|
* @global
|
|
*
|
|
* @type {wp.passwordStrength.meter}
|
|
*/
|
|
window.passwordStrength = wp.passwordStrength.meter;
|
|
})(jQuery);
|