6 (function($, Drupal, drupalSettings) {
8 * Attach handlers to evaluate the strength of any password fields and to
9 * check that its confirmation is correct.
11 * @type {Drupal~behavior}
13 * @prop {Drupal~behaviorAttach} attach
14 * Attaches password strength indicator and other relevant validation to
17 Drupal.behaviors.password = {
18 attach(context, settings) {
19 const $passwordInput = $(context)
20 .find('input.js-password-field')
23 if ($passwordInput.length) {
24 const translate = settings.password;
26 const $passwordInputParent = $passwordInput.parent();
27 const $passwordInputParentWrapper = $passwordInputParent.parent();
28 let $passwordSuggestions;
30 // Add identifying class to password element parent.
31 $passwordInputParent.addClass('password-parent');
33 // Add the password confirmation layer.
34 $passwordInputParentWrapper
35 .find('input.js-password-confirm')
38 `<div aria-live="polite" aria-atomic="true" class="password-confirm js-password-confirm">${
39 translate.confirmTitle
40 } <span></span></div>`,
42 .addClass('confirm-parent');
44 const $confirmInput = $passwordInputParentWrapper.find(
45 'input.js-password-confirm',
47 const $confirmResult = $passwordInputParentWrapper.find(
48 'div.js-password-confirm',
50 const $confirmChild = $confirmResult.find('span');
52 // If the password strength indicator is enabled, add its markup.
53 if (settings.password.showStrengthIndicator) {
54 const passwordMeter = `<div class="password-strength"><div class="password-strength__meter"><div class="password-strength__indicator js-password-strength__indicator"></div></div><div aria-live="polite" aria-atomic="true" class="password-strength__title">${
55 translate.strengthTitle
56 } <span class="password-strength__text js-password-strength__text"></span></div></div>`;
59 .after('<div class="password-suggestions description"></div>');
60 $passwordInputParent.append(passwordMeter);
61 $passwordSuggestions = $passwordInputParentWrapper
62 .find('div.password-suggestions')
66 // Check that password and confirmation inputs match.
67 const passwordCheckMatch = function(confirmInputVal) {
68 const success = $passwordInput.val() === confirmInputVal;
69 const confirmClass = success ? 'ok' : 'error';
71 // Fill in the success message and set the class accordingly.
73 .html(translate[`confirm${success ? 'Success' : 'Failure'}`])
74 .removeClass('ok error')
75 .addClass(confirmClass);
78 // Check the password strength.
79 const passwordCheck = function() {
80 if (settings.password.showStrengthIndicator) {
81 // Evaluate the password strength.
82 const result = Drupal.evaluatePasswordStrength(
87 // Update the suggestions for how to improve the password.
88 if ($passwordSuggestions.html() !== result.message) {
89 $passwordSuggestions.html(result.message);
92 // Only show the description box if a weakness exists in the
94 $passwordSuggestions.toggle(result.strength !== 100);
96 // Adjust the length of the strength indicator.
98 .find('.js-password-strength__indicator')
99 .css('width', `${result.strength}%`)
100 .removeClass('is-weak is-fair is-good is-strong')
101 .addClass(result.indicatorClass);
103 // Update the strength indication text.
105 .find('.js-password-strength__text')
106 .html(result.indicatorText);
109 // Check the value in the confirm input and show results.
110 if ($confirmInput.val()) {
111 passwordCheckMatch($confirmInput.val());
112 $confirmResult.css({ visibility: 'visible' });
114 $confirmResult.css({ visibility: 'hidden' });
118 // Monitor input events.
119 $passwordInput.on('input', passwordCheck);
120 $confirmInput.on('input', passwordCheck);
126 * Evaluate the strength of a user's password.
128 * Returns the estimated strength and the relevant output message.
130 * @param {string} password
131 * The password to evaluate.
132 * @param {object} translate
133 * An object containing the text to display for each strength level.
136 * An object containing strength, message, indicatorText and indicatorClass.
138 Drupal.evaluatePasswordStrength = function(password, translate) {
139 password = password.trim();
146 const hasLowercase = /[a-z]/.test(password);
147 const hasUppercase = /[A-Z]/.test(password);
148 const hasNumbers = /[0-9]/.test(password);
149 const hasPunctuation = /[^a-zA-Z0-9]/.test(password);
151 // If there is a username edit box on the page, compare password to that,
152 // otherwise use value from the database.
153 const $usernameBox = $('input.username');
155 $usernameBox.length > 0 ? $usernameBox.val() : translate.username;
157 // Lose 5 points for every character less than 12, plus a 30 point penalty.
158 if (password.length < 12) {
159 msg.push(translate.tooShort);
160 strength -= (12 - password.length) * 5 + 30;
165 msg.push(translate.addLowerCase);
169 msg.push(translate.addUpperCase);
173 msg.push(translate.addNumbers);
176 if (!hasPunctuation) {
177 msg.push(translate.addPunctuation);
181 // Apply penalty for each weakness (balanced against length penalty).
182 switch (weaknesses) {
200 // Check if password is the same as the username.
201 if (password !== '' && password.toLowerCase() === username.toLowerCase()) {
202 msg.push(translate.sameAsUsername);
203 // Passwords the same as username are always very weak.
207 // Based on the strength, work out what text should be shown by the
208 // password strength meter.
210 indicatorText = translate.weak;
211 indicatorClass = 'is-weak';
212 } else if (strength < 70) {
213 indicatorText = translate.fair;
214 indicatorClass = 'is-fair';
215 } else if (strength < 80) {
216 indicatorText = translate.good;
217 indicatorClass = 'is-good';
218 } else if (strength <= 100) {
219 indicatorText = translate.strong;
220 indicatorClass = 'is-strong';
223 // Assemble the final message.
224 msg = `${translate.hasWeaknesses}<ul><li>${msg.join(
235 })(jQuery, Drupal, drupalSettings);