Commit 14dca266975e9a60508ebace53db49c32120c9e7
Exists in
master
and in
22 other branches
Merge branch 'AI3008-password_security_rating' of https://gitlab.com/unb-gama/no…
…osfero into AI3008-password_security_rating
Showing
3 changed files
with
166 additions
and
1 deletions
Show diff stats
app/views/account/_signup_form.rhtml
| @@ -7,6 +7,8 @@ | @@ -7,6 +7,8 @@ | ||
| 7 | 7 | ||
| 8 | <% @profile_data = @person %> | 8 | <% @profile_data = @person %> |
| 9 | 9 | ||
| 10 | +<%= javascript_include_tag('sign_up_password_rate') %> | ||
| 11 | + | ||
| 10 | <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %> | 12 | <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %> |
| 11 | 13 | ||
| 12 | <% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %> | 14 | <% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %> |
| @@ -52,7 +54,20 @@ | @@ -52,7 +54,20 @@ | ||
| 52 | <div id='signup-password'> | 54 | <div id='signup-password'> |
| 53 | <%= required f.password_field(:password, :id => 'user_pw') %> | 55 | <%= required f.password_field(:password, :id => 'user_pw') %> |
| 54 | <%= content_tag(:small,_('Choose a password that you can remember easily. It must have at least 4 characters.'), :id => 'password-balloon') %> | 56 | <%= content_tag(:small,_('Choose a password that you can remember easily. It must have at least 4 characters.'), :id => 'password-balloon') %> |
| 55 | - <div id='fake-check'><p> </p></div> | 57 | + <div id='password-rate'> |
| 58 | + <p><span class="invalid hidden" id='result-short'> | ||
| 59 | + <%=_('Short') %> | ||
| 60 | + </span></p> | ||
| 61 | + <p><span class="invalid hidden" id='result-bad'> | ||
| 62 | + <%=_('Bad') %> | ||
| 63 | + </span></p> | ||
| 64 | + <p><span class="invalid hidden" id='result-good'> | ||
| 65 | + <%=_('Good') %> | ||
| 66 | + </span></p> | ||
| 67 | + <p><span class="invalid hidden" id='result-strong'> | ||
| 68 | + <%=_('Strong') %> | ||
| 69 | + </span></p> | ||
| 70 | + </div> | ||
| 56 | </div> | 71 | </div> |
| 57 | 72 | ||
| 58 | <div id='signup-password-confirmation'> | 73 | <div id='signup-password-confirmation'> |
| @@ -182,4 +197,5 @@ jQuery(function($) { | @@ -182,4 +197,5 @@ jQuery(function($) { | ||
| 182 | else $(this).addClass('validated'); | 197 | else $(this).addClass('validated'); |
| 183 | }); | 198 | }); |
| 184 | }); | 199 | }); |
| 200 | + | ||
| 185 | </script> | 201 | </script> |
| @@ -0,0 +1,121 @@ | @@ -0,0 +1,121 @@ | ||
| 1 | +// This jQuery plugin is written by firas kassem [2007.04.05] and was modified to fit noosfero | ||
| 2 | +// Firas Kassem phiras.wordpress.com || phiras at gmail {dot} com | ||
| 3 | +// for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/ | ||
| 4 | + | ||
| 5 | +var blankPass = -1 | ||
| 6 | +var shortPass = 0 | ||
| 7 | +var badPass = 1 | ||
| 8 | +var goodPass = 2 | ||
| 9 | +var strongPass = 3 | ||
| 10 | + | ||
| 11 | + | ||
| 12 | +function passwordStrength(password,username) | ||
| 13 | +{ | ||
| 14 | + score = 0 | ||
| 15 | + | ||
| 16 | + if(password.length == 0) return blankPass | ||
| 17 | + | ||
| 18 | + //password < 4 | ||
| 19 | + if (password.length < 4 ) { return shortPass } | ||
| 20 | + | ||
| 21 | + //password == username | ||
| 22 | + if (password.toLowerCase()==username.toLowerCase()) badPass | ||
| 23 | + | ||
| 24 | + //password length | ||
| 25 | + score += password.length * 4 | ||
| 26 | + score += ( checkRepetition(1,password).length - password.length ) * 1 | ||
| 27 | + score += ( checkRepetition(2,password).length - password.length ) * 1 | ||
| 28 | + score += ( checkRepetition(3,password).length - password.length ) * 1 | ||
| 29 | + score += ( checkRepetition(4,password).length - password.length ) * 1 | ||
| 30 | + | ||
| 31 | + //password has 3 numbers | ||
| 32 | + if (password.match(/(.*[0-9].*[0-9].*[0-9])/)) score += 5 | ||
| 33 | + | ||
| 34 | + //password has 2 sybols | ||
| 35 | + if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5 | ||
| 36 | + | ||
| 37 | + //password has Upper and Lower chars | ||
| 38 | + if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) score += 10 | ||
| 39 | + | ||
| 40 | + //password has number and chars | ||
| 41 | + if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/)) score += 15 | ||
| 42 | + // | ||
| 43 | + //password has number and symbol | ||
| 44 | + if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/)) score += 15 | ||
| 45 | + | ||
| 46 | + //password has char and symbol | ||
| 47 | + if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/)) score += 15 | ||
| 48 | + | ||
| 49 | + //password is just a nubers or chars | ||
| 50 | + if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10 | ||
| 51 | + | ||
| 52 | + //verifing 0 < score < 100 | ||
| 53 | + if ( score < 0 ) score = 0 | ||
| 54 | + if ( score > 100 ) score = 100 | ||
| 55 | + | ||
| 56 | + if (score < 34 ) return badPass | ||
| 57 | + if (score < 68 ) return goodPass | ||
| 58 | + return strongPass | ||
| 59 | +} | ||
| 60 | + | ||
| 61 | +function checkRepetition(pLen,str) | ||
| 62 | +{ | ||
| 63 | + res = "" | ||
| 64 | + for ( i=0; i<str.length ; i++ ) | ||
| 65 | + { | ||
| 66 | + repeated=true | ||
| 67 | + for (j=0;j < pLen && (j+i+pLen) < str.length;j++) | ||
| 68 | + repeated=repeated && (str.charAt(j+i)==str.charAt(j+i+pLen)) | ||
| 69 | + if (j<pLen) repeated=false | ||
| 70 | + if (repeated) | ||
| 71 | + { | ||
| 72 | + i+=pLen-1 | ||
| 73 | + repeated=false | ||
| 74 | + } | ||
| 75 | + else | ||
| 76 | + { | ||
| 77 | + res+=str.charAt(i) | ||
| 78 | + } | ||
| 79 | + } | ||
| 80 | + return res | ||
| 81 | +} | ||
| 82 | + | ||
| 83 | +jQuery(document).ready(function() { | ||
| 84 | + jQuery('#user_pw').keyup(function() | ||
| 85 | + { | ||
| 86 | + var result = passwordStrength(jQuery('#user_pw').val(),jQuery('#user_login').val()) | ||
| 87 | + if(result == blankPass) | ||
| 88 | + { | ||
| 89 | + showRateField('#result-blank') | ||
| 90 | + } else | ||
| 91 | + if(result == shortPass) | ||
| 92 | + { | ||
| 93 | + showRateField('#result-short') | ||
| 94 | + } else | ||
| 95 | + if( result == badPass ) | ||
| 96 | + { | ||
| 97 | + showRateField('#result-bad') | ||
| 98 | + } else | ||
| 99 | + if( result == goodPass ) | ||
| 100 | + { | ||
| 101 | + showRateField('#result-good') | ||
| 102 | + } else | ||
| 103 | + if( result == strongPass ) | ||
| 104 | + { | ||
| 105 | + showRateField('#result-strong') | ||
| 106 | + } | ||
| 107 | + | ||
| 108 | + }) | ||
| 109 | +}) | ||
| 110 | + | ||
| 111 | +function showRateField(validation) | ||
| 112 | +{ | ||
| 113 | + jQuery('#result-blank').addClass('hidden') | ||
| 114 | + jQuery('#result-short').addClass('hidden') | ||
| 115 | + jQuery('#result-bad').addClass('hidden') | ||
| 116 | + jQuery('#result-good').addClass('hidden') | ||
| 117 | + jQuery('#result-strong').addClass('hidden') | ||
| 118 | + | ||
| 119 | + jQuery(validation).removeClass('hidden') | ||
| 120 | + | ||
| 121 | +} | ||
| 0 | \ No newline at end of file | 122 | \ No newline at end of file |
public/stylesheets/application.css
| @@ -6042,6 +6042,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | @@ -6042,6 +6042,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | ||
| 6042 | 6042 | ||
| 6043 | #email-check, | 6043 | #email-check, |
| 6044 | #fake-check, | 6044 | #fake-check, |
| 6045 | +#password-rate, | ||
| 6045 | #password-check { | 6046 | #password-check { |
| 6046 | margin: -2px 16px -5px 13px; | 6047 | margin: -2px 16px -5px 13px; |
| 6047 | text-align: right; | 6048 | text-align: right; |
| @@ -6050,10 +6051,20 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | @@ -6050,10 +6051,20 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | ||
| 6050 | 6051 | ||
| 6051 | #email-check p, | 6052 | #email-check p, |
| 6052 | #fake-check p, | 6053 | #fake-check p, |
| 6054 | +#password-rate p, | ||
| 6053 | #password-check p { | 6055 | #password-check p { |
| 6054 | margin: 0; | 6056 | margin: 0; |
| 6055 | } | 6057 | } |
| 6056 | 6058 | ||
| 6059 | +#password-rate { | ||
| 6060 | + font-weight:bold; | ||
| 6061 | +} | ||
| 6062 | + | ||
| 6063 | +.hidden { | ||
| 6064 | + visibility: hidden; | ||
| 6065 | + display: none; | ||
| 6066 | +} | ||
| 6067 | + | ||
| 6057 | .available { | 6068 | .available { |
| 6058 | color: #88BD00; | 6069 | color: #88BD00; |
| 6059 | } | 6070 | } |
| @@ -6067,6 +6078,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | @@ -6067,6 +6078,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img { | ||
| 6067 | } | 6078 | } |
| 6068 | 6079 | ||
| 6069 | #email-check p, | 6080 | #email-check p, |
| 6081 | +#password-rate p, | ||
| 6070 | #password-check p, | 6082 | #password-check p, |
| 6071 | #url-check p { | 6083 | #url-check p { |
| 6072 | margin: 0; | 6084 | margin: 0; |
| @@ -6576,3 +6588,19 @@ ul.article-versions li { | @@ -6576,3 +6588,19 @@ ul.article-versions li { | ||
| 6576 | .controller-features .manage-fields-batch-actions td { | 6588 | .controller-features .manage-fields-batch-actions td { |
| 6577 | font-style: italic; | 6589 | font-style: italic; |
| 6578 | } | 6590 | } |
| 6591 | + | ||
| 6592 | +#result-short { | ||
| 6593 | + color: red !important; | ||
| 6594 | +} | ||
| 6595 | + | ||
| 6596 | +#result-bad { | ||
| 6597 | + color: #825A2C !important; | ||
| 6598 | +} | ||
| 6599 | + | ||
| 6600 | +#result-good { | ||
| 6601 | + color: green !important; | ||
| 6602 | +} | ||
| 6603 | + | ||
| 6604 | +#result-strong { | ||
| 6605 | + color: #32CD32 !important; | ||
| 6606 | +} |