[ Index ]

PHP Cross Reference of WordPress

title

Body

[close]

/wp-admin/js/ -> password-strength-meter.js (source)

   1  /**
   2   * @output wp-admin/js/password-strength-meter.js
   3   */
   4  
   5  /* global zxcvbn */
   6  window.wp = window.wp || {};
   7  
   8  (function($){
   9  
  10      /**
  11       * Contains functions to determine the password strength.
  12       *
  13       * @since 3.7.0
  14       *
  15       * @namespace
  16       */
  17      wp.passwordStrength = {
  18          /**
  19           * Determines the strength of a given password.
  20           *
  21           * Compares first password to the password confirmation.
  22           *
  23           * @since 3.7.0
  24           *
  25           * @param {string} password1 The subject password.
  26           * @param {Array}  blacklist An array of words that will lower the entropy of
  27           *                           the password.
  28           * @param {string} password2 The password confirmation.
  29           *
  30           * @return {number} The password strength score.
  31           */
  32          meter : function( password1, blacklist, password2 ) {
  33              if ( ! $.isArray( blacklist ) )
  34                  blacklist = [ blacklist.toString() ];
  35  
  36              if (password1 != password2 && password2 && password2.length > 0)
  37                  return 5;
  38  
  39              if ( 'undefined' === typeof window.zxcvbn ) {
  40                  // Password strength unknown.
  41                  return -1;
  42              }
  43  
  44              var result = zxcvbn( password1, blacklist );
  45              return result.score;
  46          },
  47  
  48          /**
  49           * Builds an array of words that should be penalized.
  50           *
  51           * Certain words need to be penalized because it would lower the entropy of a
  52           * password if they were used. The blacklist is based on user input fields such
  53           * as username, first name, email etc.
  54           *
  55           * @since 3.7.0
  56           *
  57           * @return {string[]} The array of words to be blacklisted.
  58           */
  59          userInputBlacklist : function() {
  60              var i, userInputFieldsLength, rawValuesLength, currentField,
  61                  rawValues       = [],
  62                  blacklist       = [],
  63                  userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
  64  
  65              // Collect all the strings we want to blacklist.
  66              rawValues.push( document.title );
  67              rawValues.push( document.URL );
  68  
  69              userInputFieldsLength = userInputFields.length;
  70              for ( i = 0; i < userInputFieldsLength; i++ ) {
  71                  currentField = $( '#' + userInputFields[ i ] );
  72  
  73                  if ( 0 === currentField.length ) {
  74                      continue;
  75                  }
  76  
  77                  rawValues.push( currentField[0].defaultValue );
  78                  rawValues.push( currentField.val() );
  79              }
  80  
  81              /*
  82               * Strip out non-alphanumeric characters and convert each word to an
  83               * individual entry.
  84               */
  85              rawValuesLength = rawValues.length;
  86              for ( i = 0; i < rawValuesLength; i++ ) {
  87                  if ( rawValues[ i ] ) {
  88                      blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
  89                  }
  90              }
  91  
  92              /*
  93               * Remove empty values, short words and duplicates. Short words are likely to
  94               * cause many false positives.
  95               */
  96              blacklist = $.grep( blacklist, function( value, key ) {
  97                  if ( '' === value || 4 > value.length ) {
  98                      return false;
  99                  }
 100  
 101                  return $.inArray( value, blacklist ) === key;
 102              });
 103  
 104              return blacklist;
 105          }
 106      };
 107  
 108      // Backward compatibility.
 109  
 110      /**
 111       * Password strength meter function.
 112       *
 113       * @since 2.5.0
 114       * @deprecated 3.7.0 Use wp.passwordStrength.meter instead.
 115       *
 116       * @global
 117       *
 118       * @type {wp.passwordStrength.meter}
 119       */
 120      window.passwordStrength = wp.passwordStrength.meter;
 121  })(jQuery);


Generated: Wed Apr 8 01:00:03 2020 Cross-referenced by PHPXref 0.7.1