wp-admin/js/password-strength-meter.js

   1 /* global zxcvbn */
   2 window.wp = window.wp || {};
   3
   4 var passwordStrength;
   5 (function($){
   6         wp.passwordStrength = {
   7                 /**
   8                  * Determine the strength of a given password
   9                  *
  10                  * @param string password1 The password
  11                  * @param array blacklist An array of words that will lower the entropy of the password
  12                  * @param string password2 The confirmed password
  13                  */
  14                 meter : function( password1, blacklist, password2 ) {
  15                         if ( ! $.isArray( blacklist ) )
  16                                 blacklist = [ blacklist.toString() ];
  17
  18                         if (password1 != password2 && password2 && password2.length > 0)
  19                                 return 5;
  20
  21                         if ( 'undefined' === typeof window.zxcvbn ) {
  22                                 // Password strength unknown.
  23                                 return -1;
  24                         }
  25
  26                         var result = zxcvbn( password1, blacklist );
  27                         return result.score;
  28                 },
  29
  30                 /**
  31                  * Builds an array of data that should be penalized, because it would lower the entropy of a password if it were used
  32                  *
  33                  * @return array The array of data to be blacklisted
  34                  */
  35                 userInputBlacklist : function() {
  36                         var i, userInputFieldsLength, rawValuesLength, currentField,
  37                                 rawValues       = [],
  38                                 blacklist       = [],
  39                                 userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];
  40
  41                         // Collect all the strings we want to blacklist
  42                         rawValues.push( document.title );
  43                         rawValues.push( document.URL );
  44
  45                         userInputFieldsLength = userInputFields.length;
  46                         for ( i = 0; i < userInputFieldsLength; i++ ) {
  47                                 currentField = $( '#' + userInputFields[ i ] );
  48
  49                                 if ( 0 === currentField.length ) {
  50                                         continue;
  51                                 }
  52
  53                                 rawValues.push( currentField[0].defaultValue );
  54                                 rawValues.push( currentField.val() );
  55                         }
  56
  57                         // Strip out non-alphanumeric characters and convert each word to an individual entry
  58                         rawValuesLength = rawValues.length;
  59                         for ( i = 0; i < rawValuesLength; i++ ) {
  60                                 if ( rawValues[ i ] ) {
  61                                         blacklist = blacklist.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );
  62                                 }
  63                         }
  64
  65                         // Remove empty values, short words, and duplicates. Short words are likely to cause many false positives.
  66                         blacklist = $.grep( blacklist, function( value, key ) {
  67                                 if ( '' === value || 4 > value.length ) {
  68                                         return false;
  69                                 }
  70
  71                                 return $.inArray( value, blacklist ) === key;
  72                         });
  73
  74                         return blacklist;
  75                 }
  76         };
  77
  78         // Back-compat.
  79         passwordStrength = wp.passwordStrength.meter;
  80 })(jQuery);