Add zxcvbn to AccountManagementForm

diff --git a/com.woltlab.wcf/templates/accountManagement.tpl b/com.woltlab.wcf/templates/accountManagement.tpl
index 1d9084349773b9991944cc4880bb5142a6284d40..06dd3b3467c2c085d3a6cac797c9ec23c1fa7593 100644 (file)
--- a/com.woltlab.wcf/templates/accountManagement.tpl
+++ b/com.woltlab.wcf/templates/accountManagement.tpl
@@ -100,6 +100,22 @@
                        </dl>
                        
                        {event name='changePasswordFields'}
+                       
+                       <script data-relocate="true">
+                               require(['WoltLabSuite/Core/Ui/User/PasswordStrength'], function (PasswordStrength) {
+                                       var relatedInputs = [];
+                                       if (elById('username')) relatedInputs.push(elById('username'));
+                                       if (elById('email')) relatedInputs.push(elById('email'));
+                                       
+                                       new PasswordStrength(elById('newPassword'), {
+                                               relatedInputs: relatedInputs,
+                                               staticDictionary: [
+                                                       '{$__wcf->user->username|encodeJS}',
+                                                       '{$__wcf->user->email|encodeJS}',
+                                               ]
+                                       });
+                               })
+                       </script>
                </section>
        {/if}
        

diff --git a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php
index 286a59badf35007aa7573af7ce853a813ecca1d7..88a246a47a35ba14de4272b6338a8e37a07e59ac 100644 (file)
--- a/wcfsetup/install/files/lib/form/AccountManagementForm.class.php
+++ b/wcfsetup/install/files/lib/form/AccountManagementForm.class.php
@@ -7,10 +7,12 @@ use wcf\system\email\mime\MimePartFacade;
 use wcf\system\email\mime\RecipientAwareTextMimePart;
 use wcf\system\email\Email;
 use wcf\system\email\UserMailbox;
+use wcf\system\exception\SystemException;
 use wcf\system\exception\UserInputException;
 use wcf\system\menu\user\UserMenu;
 use wcf\system\WCF;
 use wcf\util\HeaderUtil;
+use wcf\util\JSON;
 use wcf\util\PasswordUtil;
 use wcf\util\StringUtil;
 use wcf\util\UserRegistrationUtil;
@@ -54,6 +56,11 @@ class AccountManagementForm extends AbstractForm {
         */
        public $newPassword = '';
        
+       /**
+        * @var mixed[]
+        */
+       public $newPasswordStrengthVerdict = [];
+       
        /**
         * confirmed new password
         * @var string
@@ -151,6 +158,14 @@ class AccountManagementForm extends AbstractForm {
                if (isset($_POST['email'])) $this->email = $_POST['email'];
                if (isset($_POST['confirmEmail'])) $this->confirmEmail = $_POST['confirmEmail'];
                if (isset($_POST['newPassword'])) $this->newPassword = $_POST['newPassword'];
+               if (isset($_POST['newPassword_passwordStrengthVerdict'])) {
+                       try {
+                               $this->newPasswordStrengthVerdict = JSON::decode($_POST['newPassword_passwordStrengthVerdict']);
+                       }
+                       catch (SystemException $e) {
+                               // ignore
+                       }
+               }
                if (isset($_POST['confirmNewPassword'])) $this->confirmNewPassword = $_POST['confirmNewPassword'];
                if (isset($_POST['username'])) $this->username = StringUtil::trim($_POST['username']);
                if (isset($_POST['quit'])) $this->quit = intval($_POST['quit']);
@@ -215,7 +230,7 @@ class AccountManagementForm extends AbstractForm {
                                        throw new UserInputException('confirmNewPassword');
                                }
                                
-                               if (!UserRegistrationUtil::isSecurePassword($this->newPassword)) {
+                               if (($this->newPasswordStrengthVerdict['score'] ?? 4) < PASSWORD_MIN_SCORE) {
                                        throw new UserInputException('newPassword', 'notSecure');
                                }