From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Thu, 16 Jul 2020 12:41:25 +0000 (+0200)
Subject: Add zxcvbn to RegisterForm
X-Git-Tag: 5.3.0_Alpha_1~76^2~9
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=607fc155760c5c8756f1e4d4cb596a786bf75fe9;p=GitHub%2FWoltLab%2FWCF.git

Add zxcvbn to RegisterForm
---

diff --git a/com.woltlab.wcf/templates/register.tpl b/com.woltlab.wcf/templates/register.tpl
index 7946618a2c..df27a72a68 100644
--- a/com.woltlab.wcf/templates/register.tpl
+++ b/com.woltlab.wcf/templates/register.tpl
@@ -239,6 +239,15 @@
 			minlength: {@REGISTER_USERNAME_MIN_LENGTH},
 			maxlength: {@REGISTER_USERNAME_MAX_LENGTH}
 		});
+		
+		require(['WoltLabSuite/Core/Ui/User/PasswordStrength'], function (PasswordStrength) {
+			new PasswordStrength(elById('{@$randomFieldNames[password]}'), {
+				relatedInputs: [
+					elById('{@$randomFieldNames[username]}'),
+					elById('{@$randomFieldNames[email]}')
+				]
+			});
+		})
 	});
 </script>
 
diff --git a/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php b/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php
index 0a44b0e8a3..f520ed62cd 100644
--- a/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php
+++ b/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php
@@ -89,18 +89,9 @@ class UserRegistrationAction extends UserAction {
 	}
 	
 	/**
-	 * Validates given password.
-	 * 
-	 * @return	array
+	 * @deprecated	5.3 - Always returns isValid = true.
 	 */
 	public function validatePassword() {
-		if (!UserRegistrationUtil::isSecurePassword($this->parameters['password'])) {
-			return [
-				'isValid' => false,
-				'error' => 'notSecure'
-			];
-		}
-		
 		return [
 			'isValid' => true
 		];
diff --git a/wcfsetup/install/files/lib/form/RegisterForm.class.php b/wcfsetup/install/files/lib/form/RegisterForm.class.php
index 26a3f0ab24..8880750bf0 100644
--- a/wcfsetup/install/files/lib/form/RegisterForm.class.php
+++ b/wcfsetup/install/files/lib/form/RegisterForm.class.php
@@ -99,6 +99,11 @@ class RegisterForm extends UserAddForm {
 	 */
 	public static $minRegistrationTime = 10;
 	
+	/**
+	 * @var mixed[]
+	 */
+	public $passwordStrengthVerdict = [];
+	
 	/**
 	 * @inheritDoc
 	 */
@@ -145,6 +150,14 @@ class RegisterForm extends UserAddForm {
 		if (isset($_POST[$this->randomFieldNames['email']])) $this->email = StringUtil::trim($_POST[$this->randomFieldNames['email']]);
 		if (isset($_POST[$this->randomFieldNames['confirmEmail']])) $this->confirmEmail = StringUtil::trim($_POST[$this->randomFieldNames['confirmEmail']]);
 		if (isset($_POST[$this->randomFieldNames['password']])) $this->password = $_POST[$this->randomFieldNames['password']];
+		if (isset($_POST[$this->randomFieldNames['password'].'_passwordStrengthVerdict'])) {
+			try {
+				$this->passwordStrengthVerdict = JSON::decode($_POST[$this->randomFieldNames['password'].'_passwordStrengthVerdict']);
+			}
+			catch (SystemException $e) {
+				// ignore
+			}
+		}
 		if (isset($_POST[$this->randomFieldNames['confirmPassword']])) $this->confirmPassword = $_POST[$this->randomFieldNames['confirmPassword']];
 		
 		$this->groupIDs = [];
@@ -295,7 +308,7 @@ class RegisterForm extends UserAddForm {
 			parent::validatePassword($password, $confirmPassword);
 			
 			// check security of the given password
-			if (!UserRegistrationUtil::isSecurePassword($password)) {
+			if (($this->passwordStrengthVerdict['score'] ?? 4) < PASSWORD_MIN_SCORE) {
 				throw new UserInputException('password', 'notSecure');
 			}
 		}