6 (function ($, Drupal, drupalSettings) {
8 * Attach handlers to evaluate the strength of any password fields and to
9 * check that its confirmation is correct.
11 * @type {Drupal~behavior}
13 * @prop {Drupal~behaviorAttach} attach
14 * Attaches password strength indicator and other relevant validation to
17 Drupal.behaviors.password = {
18 attach(context, settings) {
19 const $passwordInput = $(context).find('input.js-password-field').once('password');
21 if ($passwordInput.length) {
22 const translate = settings.password;
24 const $passwordInputParent = $passwordInput.parent();
25 const $passwordInputParentWrapper = $passwordInputParent.parent();
26 let $passwordSuggestions;
28 // Add identifying class to password element parent.
29 $passwordInputParent.addClass('password-parent');
31 // Add the password confirmation layer.
32 $passwordInputParentWrapper
33 .find('input.js-password-confirm')
35 .append(`<div aria-live="polite" aria-atomic="true" class="password-confirm js-password-confirm">${translate.confirmTitle} <span></span></div>`)
36 .addClass('confirm-parent');
38 const $confirmInput = $passwordInputParentWrapper.find('input.js-password-confirm');
39 const $confirmResult = $passwordInputParentWrapper.find('div.js-password-confirm');
40 const $confirmChild = $confirmResult.find('span');
42 // If the password strength indicator is enabled, add its markup.
43 if (settings.password.showStrengthIndicator) {
44 const passwordMeter = `<div class="password-strength"><div class="password-strength__meter"><div class="password-strength__indicator js-password-strength__indicator"></div></div><div aria-live="polite" aria-atomic="true" class="password-strength__title">${translate.strengthTitle} <span class="password-strength__text js-password-strength__text"></span></div></div>`;
45 $confirmInput.parent().after('<div class="password-suggestions description"></div>');
46 $passwordInputParent.append(passwordMeter);
47 $passwordSuggestions = $passwordInputParentWrapper.find('div.password-suggestions').hide();
50 // Check that password and confirmation inputs match.
51 const passwordCheckMatch = function (confirmInputVal) {
52 const success = $passwordInput.val() === confirmInputVal;
53 const confirmClass = success ? 'ok' : 'error';
55 // Fill in the success message and set the class accordingly.
56 $confirmChild.html(translate[`confirm${success ? 'Success' : 'Failure'}`])
57 .removeClass('ok error').addClass(confirmClass);
60 // Check the password strength.
61 const passwordCheck = function () {
62 if (settings.password.showStrengthIndicator) {
63 // Evaluate the password strength.
64 const result = Drupal.evaluatePasswordStrength($passwordInput.val(), settings.password);
66 // Update the suggestions for how to improve the password.
67 if ($passwordSuggestions.html() !== result.message) {
68 $passwordSuggestions.html(result.message);
71 // Only show the description box if a weakness exists in the
73 $passwordSuggestions.toggle(result.strength !== 100);
75 // Adjust the length of the strength indicator.
76 $passwordInputParent.find('.js-password-strength__indicator')
77 .css('width', `${result.strength}%`)
78 .removeClass('is-weak is-fair is-good is-strong')
79 .addClass(result.indicatorClass);
81 // Update the strength indication text.
82 $passwordInputParent.find('.js-password-strength__text').html(result.indicatorText);
85 // Check the value in the confirm input and show results.
86 if ($confirmInput.val()) {
87 passwordCheckMatch($confirmInput.val());
88 $confirmResult.css({ visibility: 'visible' });
91 $confirmResult.css({ visibility: 'hidden' });
95 // Monitor input events.
96 $passwordInput.on('input', passwordCheck);
97 $confirmInput.on('input', passwordCheck);
103 * Evaluate the strength of a user's password.
105 * Returns the estimated strength and the relevant output message.
107 * @param {string} password
108 * The password to evaluate.
109 * @param {object} translate
110 * An object containing the text to display for each strength level.
113 * An object containing strength, message, indicatorText and indicatorClass.
115 Drupal.evaluatePasswordStrength = function (password, translate) {
116 password = password.trim();
123 const hasLowercase = /[a-z]/.test(password);
124 const hasUppercase = /[A-Z]/.test(password);
125 const hasNumbers = /[0-9]/.test(password);
126 const hasPunctuation = /[^a-zA-Z0-9]/.test(password);
128 // If there is a username edit box on the page, compare password to that,
129 // otherwise use value from the database.
130 const $usernameBox = $('input.username');
131 const username = ($usernameBox.length > 0) ? $usernameBox.val() : translate.username;
133 // Lose 5 points for every character less than 12, plus a 30 point penalty.
134 if (password.length < 12) {
135 msg.push(translate.tooShort);
136 strength -= ((12 - password.length) * 5) + 30;
141 msg.push(translate.addLowerCase);
145 msg.push(translate.addUpperCase);
149 msg.push(translate.addNumbers);
152 if (!hasPunctuation) {
153 msg.push(translate.addPunctuation);
157 // Apply penalty for each weakness (balanced against length penalty).
158 switch (weaknesses) {
176 // Check if password is the same as the username.
177 if (password !== '' && password.toLowerCase() === username.toLowerCase()) {
178 msg.push(translate.sameAsUsername);
179 // Passwords the same as username are always very weak.
183 // Based on the strength, work out what text should be shown by the
184 // password strength meter.
186 indicatorText = translate.weak;
187 indicatorClass = 'is-weak';
189 else if (strength < 70) {
190 indicatorText = translate.fair;
191 indicatorClass = 'is-fair';
193 else if (strength < 80) {
194 indicatorText = translate.good;
195 indicatorClass = 'is-good';
197 else if (strength <= 100) {
198 indicatorText = translate.strong;
199 indicatorClass = 'is-strong';
202 // Assemble the final message.
203 msg = `${translate.hasWeaknesses}<ul><li>${msg.join('</li><li>')}</li></ul>`;
212 }(jQuery, Drupal, drupalSettings));