Download as
Browse Code »

Commit 14dca266975e9a60508ebace53db49c32120c9e7

Authored by Daniela Feitosa
2 parents 439e134f b28af681
Exists in master and in 29 other branches add_member_task_reject_details, admin_visible_profile, article-list-template, community_notifications, contact_admin_translation, event_fixes, fix_comments_pagination, fix_rails4_organization_ratings, fix_sign_up_form, follow_step_fix, forum_topic_creation, mirror_block_improvements, multi_env_on_remote_user, new_security, noosfero_spb_ci, organization_ratings_improvements, organization_ratings_link_to_profile_stable-spb-1.3, organization_ratings_translations_fix, profile_api_improvements, ratings_minor_fixes, remote_user_fix, send_email_to_admins, stable-spb-1.3, stable-spb-1.3-fixes, stable-spb-1.4, stable-spb-1.5, suggest_rejected_value, web_steps_improvements, xss_terminate_custom_options

Merge branch 'AI3008-password_security_rating' of https://gitlab.com/unb-gama/no… 

…osfero into AI3008-password_security_rating
Showing 3 changed files with 166 additions and 1 deletions   Show diff stats
app/views/account/_signup_form.rhtml
  Diff comments   View file @14dca26
... ... @@ -7,6 +7,8 @@
7 7  
8 8 <% @profile_data = @person %>
9 9  
  10 +<%= javascript_include_tag('sign_up_password_rate') %>
  11 +
10 12 <%= error_messages_for :user, :person, :header_message => _('The account could not be created') %>
11 13  
12 14 <% labelled_form_for :user, @user, :html => { :multipart => true, :id => 'signup-form', :honeypot => true } do |f| %>
... ... @@ -52,7 +54,20 @@
52 54 <div id='signup-password'>
53 55 <%= required f.password_field(:password, :id => 'user_pw') %>
54 56 <%= content_tag(:small,_('Choose a password that you can remember easily. It must have at least 4 characters.'), :id => 'password-balloon') %>
55   - <div id='fake-check'><p>&nbsp;</p></div>
  57 + <div id='password-rate'>
  58 + <p><span class="invalid hidden" id='result-short'>
  59 + <%=_('Short') %>
  60 + </span></p>
  61 + <p><span class="invalid hidden" id='result-bad'>
  62 + <%=_('Bad') %>
  63 + </span></p>
  64 + <p><span class="invalid hidden" id='result-good'>
  65 + <%=_('Good') %>
  66 + </span></p>
  67 + <p><span class="invalid hidden" id='result-strong'>
  68 + <%=_('Strong') %>
  69 + </span></p>
  70 + </div>
56 71 </div>
57 72  
58 73 <div id='signup-password-confirmation'>
... ... @@ -182,4 +197,5 @@ jQuery(function($) {
182 197 else $(this).addClass('validated');
183 198 });
184 199 });
  200 +
185 201 </script>
... ...
public/javascripts/sign_up_password_rate.js 0 → 100644
  Diff comments   View file @14dca26
... ... @@ -0,0 +1,121 @@
  1 +// This jQuery plugin is written by firas kassem [2007.04.05] and was modified to fit noosfero
  2 +// Firas Kassem phiras.wordpress.com || phiras at gmail {dot} com
  3 +// for more information : http://phiras.wordpress.com/2007/04/08/password-strength-meter-a-jquery-plugin/
  4 +
  5 +var blankPass = -1
  6 +var shortPass = 0
  7 +var badPass = 1
  8 +var goodPass = 2
  9 +var strongPass = 3
  10 +
  11 +
  12 +function passwordStrength(password,username)
  13 +{
  14 + score = 0
  15 +
  16 + if(password.length == 0) return blankPass
  17 +
  18 + //password < 4
  19 + if (password.length < 4 ) { return shortPass }
  20 +
  21 + //password == username
  22 + if (password.toLowerCase()==username.toLowerCase()) badPass
  23 +
  24 + //password length
  25 + score += password.length * 4
  26 + score += ( checkRepetition(1,password).length - password.length ) * 1
  27 + score += ( checkRepetition(2,password).length - password.length ) * 1
  28 + score += ( checkRepetition(3,password).length - password.length ) * 1
  29 + score += ( checkRepetition(4,password).length - password.length ) * 1
  30 +
  31 + //password has 3 numbers
  32 + if (password.match(/(.*[0-9].*[0-9].*[0-9])/)) score += 5
  33 +
  34 + //password has 2 sybols
  35 + if (password.match(/(.*[!,@,#,$,%,^,&,*,?,_,~].*[!,@,#,$,%,^,&,*,?,_,~])/)) score += 5
  36 +
  37 + //password has Upper and Lower chars
  38 + if (password.match(/([a-z].*[A-Z])|([A-Z].*[a-z])/)) score += 10
  39 +
  40 + //password has number and chars
  41 + if (password.match(/([a-zA-Z])/) && password.match(/([0-9])/)) score += 15
  42 + //
  43 + //password has number and symbol
  44 + if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([0-9])/)) score += 15
  45 +
  46 + //password has char and symbol
  47 + if (password.match(/([!,@,#,$,%,^,&,*,?,_,~])/) && password.match(/([a-zA-Z])/)) score += 15
  48 +
  49 + //password is just a nubers or chars
  50 + if (password.match(/^\w+$/) || password.match(/^\d+$/) ) score -= 10
  51 +
  52 + //verifing 0 < score < 100
  53 + if ( score < 0 ) score = 0
  54 + if ( score > 100 ) score = 100
  55 +
  56 + if (score < 34 ) return badPass
  57 + if (score < 68 ) return goodPass
  58 + return strongPass
  59 +}
  60 +
  61 +function checkRepetition(pLen,str)
  62 +{
  63 + res = ""
  64 + for ( i=0; i<str.length ; i++ )
  65 + {
  66 + repeated=true
  67 + for (j=0;j < pLen && (j+i+pLen) < str.length;j++)
  68 + repeated=repeated && (str.charAt(j+i)==str.charAt(j+i+pLen))
  69 + if (j<pLen) repeated=false
  70 + if (repeated)
  71 + {
  72 + i+=pLen-1
  73 + repeated=false
  74 + }
  75 + else
  76 + {
  77 + res+=str.charAt(i)
  78 + }
  79 + }
  80 + return res
  81 +}
  82 +
  83 +jQuery(document).ready(function() {
  84 + jQuery('#user_pw').keyup(function()
  85 + {
  86 + var result = passwordStrength(jQuery('#user_pw').val(),jQuery('#user_login').val())
  87 + if(result == blankPass)
  88 + {
  89 + showRateField('#result-blank')
  90 + } else
  91 + if(result == shortPass)
  92 + {
  93 + showRateField('#result-short')
  94 + } else
  95 + if( result == badPass )
  96 + {
  97 + showRateField('#result-bad')
  98 + } else
  99 + if( result == goodPass )
  100 + {
  101 + showRateField('#result-good')
  102 + } else
  103 + if( result == strongPass )
  104 + {
  105 + showRateField('#result-strong')
  106 + }
  107 +
  108 + })
  109 +})
  110 +
  111 +function showRateField(validation)
  112 +{
  113 + jQuery('#result-blank').addClass('hidden')
  114 + jQuery('#result-short').addClass('hidden')
  115 + jQuery('#result-bad').addClass('hidden')
  116 + jQuery('#result-good').addClass('hidden')
  117 + jQuery('#result-strong').addClass('hidden')
  118 +
  119 + jQuery(validation).removeClass('hidden')
  120 +
  121 +}
0 122 \ No newline at end of file
... ...
public/stylesheets/application.css
  Diff comments   View file @14dca26
... ... @@ -6042,6 +6042,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
6042 6042  
6043 6043 #email-check,
6044 6044 #fake-check,
  6045 +#password-rate,
6045 6046 #password-check {
6046 6047 margin: -2px 16px -5px 13px;
6047 6048 text-align: right;
... ... @@ -6050,10 +6051,20 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
6050 6051  
6051 6052 #email-check p,
6052 6053 #fake-check p,
  6054 +#password-rate p,
6053 6055 #password-check p {
6054 6056 margin: 0;
6055 6057 }
6056 6058  
  6059 +#password-rate {
  6060 + font-weight:bold;
  6061 +}
  6062 +
  6063 +.hidden {
  6064 + visibility: hidden;
  6065 + display: none;
  6066 +}
  6067 +
6057 6068 .available {
6058 6069 color: #88BD00;
6059 6070 }
... ... @@ -6067,6 +6078,7 @@ li.profile-activity-item.upload_image .activity-gallery-images-count-1 img {
6067 6078 }
6068 6079  
6069 6080 #email-check p,
  6081 +#password-rate p,
6070 6082 #password-check p,
6071 6083 #url-check p {
6072 6084 margin: 0;
... ... @@ -6576,3 +6588,19 @@ ul.article-versions li {
6576 6588 .controller-features .manage-fields-batch-actions td {
6577 6589 font-style: italic;
6578 6590 }
  6591 +
  6592 +#result-short {
  6593 + color: red !important;
  6594 +}
  6595 +
  6596 +#result-bad {
  6597 + color: #825A2C !important;
  6598 +}
  6599 +
  6600 +#result-good {
  6601 + color: green !important;
  6602 +}
  6603 +
  6604 +#result-strong {
  6605 + color: #32CD32 !important;
  6606 +}
... ...