From 607fc155760c5c8756f1e4d4cb596a786bf75fe9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Tim=20D=C3=BCsterhus?= Date: Thu, 16 Jul 2020 14:41:25 +0200 Subject: [PATCH] Add zxcvbn to RegisterForm --- com.woltlab.wcf/templates/register.tpl | 9 +++++++++ .../data/user/UserRegistrationAction.class.php | 11 +---------- .../install/files/lib/form/RegisterForm.class.php | 15 ++++++++++++++- 3 files changed, 24 insertions(+), 11 deletions(-) diff --git a/com.woltlab.wcf/templates/register.tpl b/com.woltlab.wcf/templates/register.tpl index 7946618a2c..df27a72a68 100644 --- a/com.woltlab.wcf/templates/register.tpl +++ b/com.woltlab.wcf/templates/register.tpl @@ -239,6 +239,15 @@ minlength: {@REGISTER_USERNAME_MIN_LENGTH}, maxlength: {@REGISTER_USERNAME_MAX_LENGTH} }); + + require(['WoltLabSuite/Core/Ui/User/PasswordStrength'], function (PasswordStrength) { + new PasswordStrength(elById('{@$randomFieldNames[password]}'), { + relatedInputs: [ + elById('{@$randomFieldNames[username]}'), + elById('{@$randomFieldNames[email]}') + ] + }); + }) }); diff --git a/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php b/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php index 0a44b0e8a3..f520ed62cd 100644 --- a/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php +++ b/wcfsetup/install/files/lib/data/user/UserRegistrationAction.class.php @@ -89,18 +89,9 @@ class UserRegistrationAction extends UserAction { } /** - * Validates given password. - * - * @return array + * @deprecated 5.3 - Always returns isValid = true. */ public function validatePassword() { - if (!UserRegistrationUtil::isSecurePassword($this->parameters['password'])) { - return [ - 'isValid' => false, - 'error' => 'notSecure' - ]; - } - return [ 'isValid' => true ]; diff --git a/wcfsetup/install/files/lib/form/RegisterForm.class.php b/wcfsetup/install/files/lib/form/RegisterForm.class.php index 26a3f0ab24..8880750bf0 100644 --- a/wcfsetup/install/files/lib/form/RegisterForm.class.php +++ b/wcfsetup/install/files/lib/form/RegisterForm.class.php @@ -99,6 +99,11 @@ class RegisterForm extends UserAddForm { */ public static $minRegistrationTime = 10; + /** + * @var mixed[] + */ + public $passwordStrengthVerdict = []; + /** * @inheritDoc */ @@ -145,6 +150,14 @@ class RegisterForm extends UserAddForm { if (isset($_POST[$this->randomFieldNames['email']])) $this->email = StringUtil::trim($_POST[$this->randomFieldNames['email']]); if (isset($_POST[$this->randomFieldNames['confirmEmail']])) $this->confirmEmail = StringUtil::trim($_POST[$this->randomFieldNames['confirmEmail']]); if (isset($_POST[$this->randomFieldNames['password']])) $this->password = $_POST[$this->randomFieldNames['password']]; + if (isset($_POST[$this->randomFieldNames['password'].'_passwordStrengthVerdict'])) { + try { + $this->passwordStrengthVerdict = JSON::decode($_POST[$this->randomFieldNames['password'].'_passwordStrengthVerdict']); + } + catch (SystemException $e) { + // ignore + } + } if (isset($_POST[$this->randomFieldNames['confirmPassword']])) $this->confirmPassword = $_POST[$this->randomFieldNames['confirmPassword']]; $this->groupIDs = []; @@ -295,7 +308,7 @@ class RegisterForm extends UserAddForm { parent::validatePassword($password, $confirmPassword); // check security of the given password - if (!UserRegistrationUtil::isSecurePassword($password)) { + if (($this->passwordStrengthVerdict['score'] ?? 4) < PASSWORD_MIN_SCORE) { throw new UserInputException('password', 'notSecure'); } } -- 2.20.1