2018-06-27 22:30:15 -04:00
|
|
|
/**
|
|
|
|
* @output wp-admin/js/password-strength-meter.js
|
|
|
|
*/
|
|
|
|
|
2013-11-15 00:12:09 -05:00
|
|
|
/* global zxcvbn */
|
2013-09-28 02:47:10 -04:00
|
|
|
window.wp = window.wp || {};
|
|
|
|
|
|
|
|
(function($){
|
2020-06-23 14:54:16 -04:00
|
|
|
var __ = wp.i18n.__,
|
|
|
|
sprintf = wp.i18n.sprintf;
|
2018-01-18 08:39:33 -05:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Contains functions to determine the password strength.
|
|
|
|
*
|
|
|
|
* @since 3.7.0
|
|
|
|
*
|
|
|
|
* @namespace
|
|
|
|
*/
|
2013-09-28 02:47:10 -04:00
|
|
|
wp.passwordStrength = {
|
|
|
|
/**
|
2018-01-18 08:39:33 -05:00
|
|
|
* Determines the strength of a given password.
|
|
|
|
*
|
|
|
|
* Compares first password to the password confirmation.
|
|
|
|
*
|
|
|
|
* @since 3.7.0
|
|
|
|
*
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
* @param {string} password1 The subject password.
|
|
|
|
* @param {Array} disallowedList An array of words that will lower the entropy of
|
|
|
|
* the password.
|
|
|
|
* @param {string} password2 The password confirmation.
|
2013-09-28 02:47:10 -04:00
|
|
|
*
|
2019-11-29 13:01:03 -05:00
|
|
|
* @return {number} The password strength score.
|
2013-09-28 02:47:10 -04:00
|
|
|
*/
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
meter : function( password1, disallowedList, password2 ) {
|
2021-01-22 07:32:03 -05:00
|
|
|
if ( ! Array.isArray( disallowedList ) )
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
disallowedList = [ disallowedList.toString() ];
|
2013-09-28 02:47:10 -04:00
|
|
|
|
2013-10-24 18:55:12 -04:00
|
|
|
if (password1 != password2 && password2 && password2.length > 0)
|
2013-09-28 02:47:10 -04:00
|
|
|
return 5;
|
|
|
|
|
2016-07-01 08:45:29 -04:00
|
|
|
if ( 'undefined' === typeof window.zxcvbn ) {
|
|
|
|
// Password strength unknown.
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
var result = zxcvbn( password1, disallowedList );
|
2013-09-28 02:47:10 -04:00
|
|
|
return result.score;
|
|
|
|
},
|
|
|
|
|
|
|
|
/**
|
2018-01-18 08:39:33 -05:00
|
|
|
* Builds an array of words that should be penalized.
|
2013-09-28 02:47:10 -04:00
|
|
|
*
|
2018-01-18 08:39:33 -05:00
|
|
|
* Certain words need to be penalized because it would lower the entropy of a
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
* password if they were used. The disallowedList is based on user input fields such
|
2018-01-18 08:39:33 -05:00
|
|
|
* as username, first name, email etc.
|
|
|
|
*
|
|
|
|
* @since 3.7.0
|
2020-06-22 15:09:11 -04:00
|
|
|
* @deprecated 5.5.0 Use {@see 'userInputDisallowedList()'} instead.
|
2018-01-18 08:39:33 -05:00
|
|
|
*
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
* @return {string[]} The array of words to be disallowed.
|
2013-09-28 02:47:10 -04:00
|
|
|
*/
|
|
|
|
userInputBlacklist : function() {
|
2020-06-23 14:54:16 -04:00
|
|
|
window.console.log(
|
|
|
|
sprintf(
|
2020-06-25 08:06:07 -04:00
|
|
|
/* translators: 1: Deprecated function name, 2: Version number, 3: Alternative function name. */
|
2020-06-23 14:54:16 -04:00
|
|
|
__( '%1$s is deprecated since version %2$s! Use %3$s instead. Please consider writing more inclusive code.' ),
|
|
|
|
'wp.passwordStrength.userInputBlacklist()',
|
|
|
|
'5.5.0',
|
|
|
|
'wp.passwordStrength.userInputDisallowedList()'
|
|
|
|
)
|
|
|
|
);
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
|
|
|
|
return wp.passwordStrength.userInputDisallowedList();
|
|
|
|
},
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Builds an array of words that should be penalized.
|
|
|
|
*
|
|
|
|
* Certain words need to be penalized because it would lower the entropy of a
|
|
|
|
* password if they were used. The disallowed list is based on user input fields such
|
|
|
|
* as username, first name, email etc.
|
|
|
|
*
|
|
|
|
* @since 5.5.0
|
|
|
|
*
|
|
|
|
* @return {string[]} The array of words to be disallowed.
|
|
|
|
*/
|
|
|
|
userInputDisallowedList : function() {
|
2013-09-28 02:47:10 -04:00
|
|
|
var i, userInputFieldsLength, rawValuesLength, currentField,
|
|
|
|
rawValues = [],
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
disallowedList = [],
|
2013-09-28 02:47:10 -04:00
|
|
|
userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
|
|
|
|
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
// Collect all the strings we want to disallow.
|
2013-09-28 02:47:10 -04:00
|
|
|
rawValues.push( document.title );
|
|
|
|
rawValues.push( document.URL );
|
|
|
|
|
|
|
|
userInputFieldsLength = userInputFields.length;
|
|
|
|
for ( i = 0; i < userInputFieldsLength; i++ ) {
|
|
|
|
currentField = $( '#' + userInputFields[ i ] );
|
|
|
|
|
2013-11-15 00:12:09 -05:00
|
|
|
if ( 0 === currentField.length ) {
|
2013-09-28 02:47:10 -04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
rawValues.push( currentField[0].defaultValue );
|
|
|
|
rawValues.push( currentField.val() );
|
|
|
|
}
|
|
|
|
|
2018-01-18 08:39:33 -05:00
|
|
|
/*
|
|
|
|
* Strip out non-alphanumeric characters and convert each word to an
|
|
|
|
* individual entry.
|
|
|
|
*/
|
2013-09-28 02:47:10 -04:00
|
|
|
rawValuesLength = rawValues.length;
|
|
|
|
for ( i = 0; i < rawValuesLength; i++ ) {
|
|
|
|
if ( rawValues[ i ] ) {
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
|
2013-09-28 02:47:10 -04:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-01-18 08:39:33 -05:00
|
|
|
/*
|
|
|
|
* Remove empty values, short words and duplicates. Short words are likely to
|
|
|
|
* cause many false positives.
|
|
|
|
*/
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
disallowedList = $.grep( disallowedList, function( value, key ) {
|
2013-11-15 00:12:09 -05:00
|
|
|
if ( '' === value || 4 > value.length ) {
|
2013-09-28 02:47:10 -04:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
return $.inArray( value, disallowedList ) === key;
|
2013-09-28 02:47:10 -04:00
|
|
|
});
|
|
|
|
|
General: Remove “whitelist” and “blacklist” in favor of more clear and inclusive language.
“The WordPress open source community cares about diversity. We strive to maintain a welcoming environment where everyone can feel included.”
With this commit, all occurrences of “whitelist” and “blacklist” (with the single exception of the `$new_whitelist_options` global variable) are removed. A new ticket has been opened to explore renaming the `$new_whitelist_options` variable (#50434).
Changing to more specific names or rewording sentences containing these terms not only makes the code more inclusive, but also helps provide clarity. These terms are often ambiguous. What is being blocked or allowed is not always immediately clear. This can make it more difficult for non-native English speakers to read through the codebase.
Words matter. If one contributor feels more welcome because these terms are removed, this was worth the effort.
Props strangerstudios, jorbin, desrosj, joemcgill, timothyblynjacobs, ocean90, ayeshrajans, davidbaumwald, earnjam.
See #48900, #50434.
Fixes #50413.
Built from https://develop.svn.wordpress.org/trunk@48121
git-svn-id: http://core.svn.wordpress.org/trunk@47890 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2020-06-22 13:26:13 -04:00
|
|
|
return disallowedList;
|
2013-09-28 02:47:10 -04:00
|
|
|
}
|
2013-11-15 00:12:09 -05:00
|
|
|
};
|
2013-09-28 02:47:10 -04:00
|
|
|
|
2018-01-18 08:39:33 -05:00
|
|
|
// Backward compatibility.
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Password strength meter function.
|
|
|
|
*
|
|
|
|
* @since 2.5.0
|
|
|
|
* @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
|
|
|
|
*
|
|
|
|
* @global
|
|
|
|
*
|
|
|
|
* @type {wp.passwordStrength.meter}
|
|
|
|
*/
|
2018-08-19 09:33:24 -04:00
|
|
|
window.passwordStrength = wp.passwordStrength.meter;
|
2016-05-13 14:41:31 -04:00
|
|
|
})(jQuery);
|