[Summary view] [Print] [Text view]

   1  /**
   2   * @output wp-admin/js/password-strength-meter.js
   3   */
   4  
   5  /* global zxcvbn */
   6  window.wp = window.wp || {};
   7  
   8  (function($){
   9      var __ = wp.i18n.__,
  10          sprintf = wp.i18n.sprintf;
  11  
  12      /**
  13       * Contains functions to determine the password strength.
  14       *
  15       * @since 3.7.0
  16       *
  17       * @namespace
  18       */
  19      wp.passwordStrength = {
  20          /**
  21           * Determines the strength of a given password.
  22           *
  23           * Compares first password to the password confirmation.
  24           *
  25           * @since 3.7.0
  26           *
  27           * @param {string} password1       The subject password.
  28           * @param {Array}  disallowedList An array of words that will lower the entropy of
  29           *                                 the password.
  30           * @param {string} password2       The password confirmation.
  31           *
  32           * @return {number} The password strength score.
  33           */
  34          meter : function( password1, disallowedList, password2 ) {
  35              if ( ! Array.isArray( disallowedList ) )
  36                  disallowedList = [ disallowedList.toString() ];
  37  
  38              if (password1 != password2 && password2 && password2.length > 0)
  39                  return 5;
  40  
  41              if ( 'undefined' === typeof window.zxcvbn ) {
  42                  // Password strength unknown.
  43                  return -1;
  44              }
  45  
  46              var result = zxcvbn( password1, disallowedList );
  47              return result.score;
  48          },
  49  
  50          /**
  51           * Builds an array of words that should be penalized.
  52           *
  53           * Certain words need to be penalized because it would lower the entropy of a
  54           * password if they were used. The disallowedList is based on user input fields such
  55           * as username, first name, email etc.
  56           *
  57           * @since 3.7.0
  58           * @deprecated 5.5.0 Use {@see 'userInputDisallowedList()'} instead.
  59           *
  60           * @return {string[]} The array of words to be disallowed.
  61           */
  62          userInputBlacklist : function() {
  63              window.console.log(
  64                  sprintf(
  65                      /* translators: 1: Deprecated function name, 2: Version number, 3: Alternative function name. */
  66                      __( '%1$s is deprecated since version %2$s! Use %3$s instead. Please consider writing more inclusive code.' ),
  67                      'wp.passwordStrength.userInputBlacklist()',
  68                      '5.5.0',
  69                      'wp.passwordStrength.userInputDisallowedList()'
  70                  )
  71              );
  72  
  73              return wp.passwordStrength.userInputDisallowedList();
  74          },
  75  
  76          /**
  77           * Builds an array of words that should be penalized.
  78           *
  79           * Certain words need to be penalized because it would lower the entropy of a
  80           * password if they were used. The disallowed list is based on user input fields such
  81           * as username, first name, email etc.
  82           *
  83           * @since 5.5.0
  84           *
  85           * @return {string[]} The array of words to be disallowed.
  86           */
  87          userInputDisallowedList : function() {
  88              var i, userInputFieldsLength, rawValuesLength, currentField,
  89                  rawValues       = [],
  90                  disallowedList  = [],
  91                  userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
  92  
  93              // Collect all the strings we want to disallow.
  94              rawValues.push( document.title );
  95              rawValues.push( document.URL );
  96  
  97              userInputFieldsLength = userInputFields.length;
  98              for ( i = 0; i < userInputFieldsLength; i++ ) {
  99                  currentField = $( '#' + userInputFields[ i ] );
 100  
 101                  if ( 0 === currentField.length ) {
 102                      continue;
 103                  }
 104  
 105                  rawValues.push( currentField[0].defaultValue );
 106                  rawValues.push( currentField.val() );
 107              }
 108  
 109              /*
 110               * Strip out non-alphanumeric characters and convert each word to an
 111               * individual entry.
 112               */
 113              rawValuesLength = rawValues.length;
 114              for ( i = 0; i < rawValuesLength; i++ ) {
 115                  if ( rawValues[ i ] ) {
 116                      disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
 117                  }
 118              }
 119  
 120              /*
 121               * Remove empty values, short words and duplicates. Short words are likely to
 122               * cause many false positives.
 123               */
 124              disallowedList = $.grep( disallowedList, function( value, key ) {
 125                  if ( '' === value || 4 > value.length ) {
 126                      return false;
 127                  }
 128  
 129                  return $.inArray( value, disallowedList ) === key;
 130              });
 131  
 132              return disallowedList;
 133          }
 134      };
 135  
 136      // Backward compatibility.
 137  
 138      /**
 139       * Password strength meter function.
 140       *
 141       * @since 2.5.0
 142       * @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
 143       *
 144       * @global
 145       *
 146       * @type {wp.passwordStrength.meter}
 147       */
 148      window.passwordStrength = wp.passwordStrength.meter;
 149  })(jQuery);