Expand the zxcvbn password meter blacklist, based on user input.

props iandunn. see #25174. Built from https://develop.svn.wordpress.org/trunk@25637 git-svn-id: http://core.svn.wordpress.org/trunk@25554 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-28 06:47:10 +00:00 · 2013-09-28 06:47:10 +00:00 · 5bb48eba35
parent 21767e446e
commit 5bb48eba35
4 changed files with 77 additions and 9 deletions
--- a/wp-admin/js/password-strength-meter.js
+++ b/wp-admin/js/password-strength-meter.js
@ -1,6 +1,74 @@
-function passwordStrength(password1, username, password2) {
-	if (password1 != password2 && password2.length > 0)
-		return 5;
-	var result = zxcvbn( password1, [ username ] );
-	return result.score;
-}
+window.wp = window.wp || {};
+
+var passwordStrength;
+(function($){
+	wp.passwordStrength = {
+		/**
+		 * Determine the strength of a given password
+		 *
+		 * @param string password1 The password
+		 * @param array blacklist An array of words that will lower the entropy of the password
+		 * @param string password2 The confirmed password
+		 */
+		meter : function( password1, blacklist, password2 ) {
+			if ( ! $.isArray( blacklist ) )
+				blacklist = [ blacklist.toString() ];
+
+			if (password1 != password2 && password2.length > 0)
+				return 5;
+
+			var result = zxcvbn( password1, blacklist );
+			return result.score;
+		},
+
+		/**
+		 * Builds an array of data that should be penalized, because it would lower the entropy of a password if it were used
+		 *
+		 * @return array The array of data to be blacklisted
+		 */
+		userInputBlacklist : function() {
+			var i, userInputFieldsLength, rawValuesLength, currentField,
+				rawValues       = [],
+				blacklist       = [],
+				userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
+
+			// Collect all the strings we want to blacklist
+			rawValues.push( document.title );
+			rawValues.push( document.URL );
+
+			userInputFieldsLength = userInputFields.length;
+			for ( i = 0; i < userInputFieldsLength; i++ ) {
+				currentField = $( '#' + userInputFields[ i ] );
+
+				if ( 0 == currentField.length ) {
+					continue;
+				}
+
+				rawValues.push( currentField[0].defaultValue );
+				rawValues.push( currentField.val() );
+			}
+
+			// Strip out non-alphanumeric characters and convert each word to an individual entry
+			rawValuesLength = rawValues.length;
+			for ( i = 0; i < rawValuesLength; i++ ) {
+				if ( rawValues[ i ] ) {
+					blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
+				}
+			}
+
+			// Remove empty values, short words, and duplicates. Short words are likely to cause many false positives.
+			blacklist = $.grep( blacklist, function( value, key ) {
+				if ( '' == value || 4 > value.length ) {
+					return false;
+				}
+
+				return $.inArray( value, blacklist ) === key;
+			});
+
+			return blacklist;
+		}
+	}
+
+	// Backwards compatibility.
+	passwordStrength = wp.passwordStrength.meter;
+})(jQuery);
--- a/wp-admin/js/password-strength-meter.min.js
+++ b/wp-admin/js/password-strength-meter.min.js
@ -1 +1 @@
-function passwordStrength(a,b,c){if(a!=c&&c.length>0)return 5;var d=zxcvbn(a,[b]);return d.score}
+window.wp=window.wp||{};var passwordStrength;!function(a){wp.passwordStrength={meter:function(b,c,d){if(a.isArray(c)||(c=[c.toString()]),b!=d&&d.length>0)return 5;var e=zxcvbn(b,c);return e.score},userInputBlacklist:function(){var b,c,d,e,f=[],g=[],h=["user_login","first_name","last_name","nickname","display_name","email","url","description","weblog_title","admin_email"];for(f.push(document.title),f.push(document.URL),c=h.length,b=0;c>b;b++)e=a("#"+h[b]),0!=e.length&&(f.push(e[0].defaultValue),f.push(e.val()));for(d=f.length,b=0;d>b;b++)f[b]&&(g=g.concat(f[b].replace(/\W/g," ").split(" ")));return g=a.grep(g,function(b,c){return""==b||4>b.length?!1:a.inArray(b,g)===c})}},passwordStrength=wp.passwordStrength.meter}(jQuery);
--- a/wp-admin/js/user-profile.js
+++ b/wp-admin/js/user-profile.js
@ -9,7 +9,7 @@
 			return;
 		}

-		strength = passwordStrength(pass1, user, pass2);
+		strength = wp.passwordStrength.meter( pass1, wp.passwordStrength.userInputBlacklist(), pass2 );

 		switch ( strength ) {
 			case 2:
--- a/wp-admin/js/user-profile.min.js
+++ b/wp-admin/js/user-profile.min.js
@ -1 +1 @@
-!function(a){function b(){var b,c=a("#pass1").val(),d=a("#user_login").val(),e=a("#pass2").val();if(a("#pass-strength-result").removeClass("short bad good strong"),!c)return a("#pass-strength-result").html(pwsL10n.empty),void 0;switch(b=passwordStrength(c,d,e)){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){var c=a("#display_name");a("#pass1").val("").keyup(b),a("#pass2").val("").keyup(b),a("#pass-strength-result").show(),a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",!0)}),c.length&&a("#first_name, #last_name, #nickname").bind("blur.user_profile",function(){var b=[],d={display_nickname:a("#nickname").val()||"",display_username:a("#user_login").val()||"",display_firstname:a("#first_name").val()||"",display_lastname:a("#last_name").val()||""};d.display_firstname&&d.display_lastname&&(d.display_firstlast=d.display_firstname+" "+d.display_lastname,d.display_lastfirst=d.display_lastname+" "+d.display_firstname),a.each(a("option",c),function(a,c){b.push(c.value)}),a.each(d,function(e,f){if(f){var g=f.replace(/<\/?[a-z][^>]*>/gi,"");d[e].length&&-1==a.inArray(g,b)&&(b.push(g),a("<option />",{text:g}).appendTo(c))}})})})}(jQuery);
+!function(a){function b(){var b,c=a("#pass1").val(),d=(a("#user_login").val(),a("#pass2").val());if(a("#pass-strength-result").removeClass("short bad good strong"),!c)return a("#pass-strength-result").html(pwsL10n.empty),void 0;switch(b=wp.passwordStrength.meter(c,wp.passwordStrength.userInputBlacklist(),d)){case 2:a("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:a("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:a("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:a("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:a("#pass-strength-result").addClass("short").html(pwsL10n["short"])}}a(document).ready(function(){var c=a("#display_name");a("#pass1").val("").keyup(b),a("#pass2").val("").keyup(b),a("#pass-strength-result").show(),a(".color-palette").click(function(){a(this).siblings('input[name="admin_color"]').prop("checked",!0)}),c.length&&a("#first_name, #last_name, #nickname").bind("blur.user_profile",function(){var b=[],d={display_nickname:a("#nickname").val()||"",display_username:a("#user_login").val()||"",display_firstname:a("#first_name").val()||"",display_lastname:a("#last_name").val()||""};d.display_firstname&&d.display_lastname&&(d.display_firstlast=d.display_firstname+" "+d.display_lastname,d.display_lastfirst=d.display_lastname+" "+d.display_firstname),a.each(a("option",c),function(a,c){b.push(c.value)}),a.each(d,function(e,f){if(f){var g=f.replace(/<\/?[a-z][^>]*>/gi,"");d[e].length&&-1==a.inArray(g,b)&&(b.push(g),a("<option />",{text:g}).appendTo(c))}})})})}(jQuery);