From a147c57165cc4a49cb999a83080e56738a2731fd Mon Sep 17 00:00:00 2001 From: Chad Horohoe Date: Fri, 15 Apr 2011 23:38:34 +0000 Subject: [PATCH] Merge r81445 from 1.17: revert r70520 (js password complexity checker) --- includes/OutputPage.php | 21 ---- includes/specials/SpecialResetpass.php | 20 ++-- includes/specials/SpecialUserlogin.php | 4 - includes/templates/Userlogin.php | 16 +-- languages/messages/MessagesEn.php | 9 -- maintenance/language/messages.inc | 9 -- resources/Resources.php | 7 -- skins/common/password.css | 17 ---- skins/common/password.js | 131 ------------------------- 9 files changed, 14 insertions(+), 220 deletions(-) delete mode 100644 skins/common/password.css delete mode 100644 skins/common/password.js diff --git a/includes/OutputPage.php b/includes/OutputPage.php index 34eac1e71b..2f09342a2f 100644 --- a/includes/OutputPage.php +++ b/includes/OutputPage.php @@ -2190,27 +2190,6 @@ class OutputPage { } } - /** - * Adds JS-based password security checker - * @param $passwordId String ID of input box containing password - * @param $retypeId String ID of input box containing retyped password - * @return none - */ - public function addPasswordSecurity( $passwordId, $retypeId ) { - $data = array( - 'password' => '#' . $passwordId, - 'retype' => '#' . $retypeId, - 'messages' => array(), - ); - foreach ( array( 'password-strength', 'password-strength-bad', 'password-strength-mediocre', - 'password-strength-acceptable', 'password-strength-good', 'password-retype', 'password-retype-mismatch' - ) as $message ) { - $data['messages'][$message] = wfMsg( $message ); - } - $this->addScript( Html::inlineScript( 'var passwordSecurity=' . FormatJson::encode( $data ) ) ); - $this->addModules( 'mediawiki.legacy.password' ); - } - public function showFatalError( $message ) { $this->setPageTitle( wfMsg( 'internalerror' ) ); $this->setRobotPolicy( 'noindex,nofollow' ); diff --git a/includes/specials/SpecialResetpass.php b/includes/specials/SpecialResetpass.php index cda1e9f192..c2a152fba7 100644 --- a/includes/specials/SpecialResetpass.php +++ b/includes/specials/SpecialResetpass.php @@ -112,11 +112,8 @@ class SpecialResetpass extends SpecialPage { } function showForm() { - global $wgOut, $wgUser, $wgRequest, $wgLivePasswordStrengthChecks; + global $wgOut, $wgUser, $wgRequest; - if ( $wgLivePasswordStrengthChecks ) { - $wgOut->addPasswordSecurity( 'wpNewPassword', 'wpRetype' ); - } $self = $this->getTitle(); if ( !$this->mUserName ) { $this->mUserName = $wgUser->getName(); @@ -153,10 +150,10 @@ class SpecialResetpass extends SpecialPage { wfMsgExt( 'resetpass_text', array( 'parse' ) ) . "\n" . Xml::openElement( 'table', array( 'id' => 'mw-resetpass-table' ) ) . "\n" . $this->pretty( array( - array( 'wpName', 'username', 'text', $this->mUserName, '' ), - array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass, '' ), - array( 'wpNewPassword', 'newpassword', 'password', null, '
' ), - array( 'wpRetype', 'retypenew', 'password', null, '
' ), + array( 'wpName', 'username', 'text', $this->mUserName ), + array( 'wpPassword', $oldpassMsg, 'password', $this->mOldpass ), + array( 'wpNewPassword', 'newpassword', 'password', null ), + array( 'wpRetype', 'retypenew', 'password', null ), ) ) . "\n" . $rememberMe . "\n" . @@ -175,7 +172,7 @@ class SpecialResetpass extends SpecialPage { function pretty( $fields ) { $out = ''; foreach ( $fields as $list ) { - list( $name, $label, $type, $value, $extra ) = $list; + list( $name, $label, $type, $value ) = $list; if( $type == 'text' ) { $field = htmlspecialchars( $value ); } else { @@ -196,8 +193,9 @@ class SpecialResetpass extends SpecialPage { else $out .= wfMsgHtml( $label ); $out .= "\n"; - $out .= "\t$field\n"; - $out .= "\t$extra\n"; + $out .= "\t"; + $out .= $field; + $out .= "\n"; $out .= ""; } return $out; diff --git a/includes/specials/SpecialUserlogin.php b/includes/specials/SpecialUserlogin.php index e23e28d61a..95f450d31a 100644 --- a/includes/specials/SpecialUserlogin.php +++ b/includes/specials/SpecialUserlogin.php @@ -1006,10 +1006,6 @@ class LoginForm extends SpecialPage { } if ( $this->mType == 'signup' ) { - global $wgLivePasswordStrengthChecks; - if ( $wgLivePasswordStrengthChecks ) { - $wgOut->addPasswordSecurity( 'wpPassword2', 'wpRetype' ); - } $template = new UsercreateTemplate(); $q = 'action=submitlogin&type=signup'; $linkq = 'type=login'; diff --git a/includes/templates/Userlogin.php b/includes/templates/Userlogin.php index 34a5db7ab2..e87168dae5 100644 --- a/includes/templates/Userlogin.php +++ b/includes/templates/Userlogin.php @@ -198,7 +198,6 @@ class UsercreateTemplate extends QuickTemplate { 'autofocus' ) ); ?> - @@ -211,7 +210,6 @@ class UsercreateTemplate extends QuickTemplate { 'size' => '20' ) + User::passwordChangeInputAttribs() ); ?> -
data['usedomain'] ) { $doms = ""; @@ -227,7 +225,6 @@ class UsercreateTemplate extends QuickTemplate { - @@ -241,7 +238,6 @@ class UsercreateTemplate extends QuickTemplate { 'size' => '20' ) + User::passwordChangeInputAttribs() ); ?> -
data['useemail'] ) { ?> @@ -266,13 +262,12 @@ class UsercreateTemplate extends QuickTemplate { } ?> - data['userealname'] ) { ?> - + @@ -280,13 +275,12 @@ class UsercreateTemplate extends QuickTemplate { msgWiki('prefs-help-realname'); ?> - data['usereason'] ) { ?> - + @@ -296,7 +290,7 @@ class UsercreateTemplate extends QuickTemplate { data['canremember'] ) { ?> - + - + - + diff --git a/languages/messages/MessagesEn.php b/languages/messages/MessagesEn.php index be1373b9bc..3834118228 100644 --- a/languages/messages/MessagesEn.php +++ b/languages/messages/MessagesEn.php @@ -1156,15 +1156,6 @@ Please wait before trying again.', 'php-mail-error' => '$1', # do not translate or duplicate this message to other languages 'php-mail-error-unknown' => "Unknown error in PHP's mail() function", -# JavaScript password checks -'password-strength' => 'Estimated password strength: $1', -'password-strength-bad' => 'BAD', -'password-strength-mediocre' => 'mediocre', -'password-strength-acceptable' => 'acceptable', -'password-strength-good' => 'good', -'password-retype' => 'Retype password here', -'password-retype-mismatch' => 'Passwords do not match', - # Password reset dialog 'resetpass' => 'Change password', 'resetpass_announce' => 'You logged in with a temporary e-mailed code. diff --git a/maintenance/language/messages.inc b/maintenance/language/messages.inc index fa529f9435..83c86ea978 100644 --- a/maintenance/language/messages.inc +++ b/maintenance/language/messages.inc @@ -491,15 +491,6 @@ $wgMessageStructure = array( 'php-mail-error', 'php-mail-error-unknown', ), - 'passwordstrength' => array( - 'password-strength', - 'password-strength-bad', - 'password-strength-mediocre', - 'password-strength-acceptable', - 'password-strength-good', - 'password-retype', - 'password-retype-mismatch', - ), 'resetpass' => array( 'resetpass', 'resetpass_announce', diff --git a/resources/Resources.php b/resources/Resources.php index 37f8fc08fb..e61045b1c1 100644 --- a/resources/Resources.php +++ b/resources/Resources.php @@ -569,13 +569,6 @@ return array( 'dependencies' => array( 'mediawiki.legacy.wikibits', 'jquery.client' ), 'messages' => array( 'search-mwsuggest-enabled', 'search-mwsuggest-disabled' ), ), - 'mediawiki.legacy.password' => array( - 'scripts' => 'common/password.js', - 'remoteBasePath' => $GLOBALS['wgStylePath'], - 'localBasePath' => "{$GLOBALS['IP']}/skins", - 'styles' => 'common/password.css', - 'dependencies' => 'mediawiki.legacy.wikibits', - ), 'mediawiki.legacy.prefs' => array( 'scripts' => 'common/prefs.js', 'remoteBasePath' => $GLOBALS['wgStylePath'], diff --git a/skins/common/password.css b/skins/common/password.css deleted file mode 100644 index 7983e91d90..0000000000 --- a/skins/common/password.css +++ /dev/null @@ -1,17 +0,0 @@ -span.mw-password-bad { - background: red; - color: yellow; - font-weight: bold; -} - -.mw-password-mediocre { - background: yellow; -} - -.mw-password-acceptable { - background: silver; -} - -.mw-password-good { - background: green; -} \ No newline at end of file diff --git a/skins/common/password.js b/skins/common/password.js deleted file mode 100644 index 3455da37ba..0000000000 --- a/skins/common/password.js +++ /dev/null @@ -1,131 +0,0 @@ -/** - * Password strength checker - * @license WTFPL 2.0 - * All scores are ranged approximately 0 (total disaster) - 100 (_looks_ great) - * @todo Check for popular passwords and keyboard sequences (QWERTY, etc) - */ - -// Estimates how hard it would be to pick the password using brute force -window.bruteForceComplexity = function( pwd ) { - var score = pwd.length * 5; - - var regexes = [ - /[a-z]/, - /[A-Z]/, - /[0-9]/, - /[-_;:\.,'"`~!@#$%\^&\*\(\)\[\]\{\} ]/ - ]; - - var charClasses = 0; - for ( var i=0; i< regexes.length; i++ ) { - if ( pwd.match( regexes[i] ) ) { - charClasses++; - } - } - - var matches = pwd.match( /[\x80-\uFFFF]/g ); - if ( matches ) { - charClasses++; - - var s = matches.join( '' ); - // poor man's isUpper() and isLower() - if ( s != s.toLowerCase() && s != s.toUpperCase() ) { - charClasses++; - } - } - score += ( charClasses - 1 ) * 10; - - return score; -}; - -// Calculates a penalty to brute force score due to character repetition -window.repetitionAdjustment = function( pwd ) { - var unique = ''; - for ( var i=0; i< pwd.length; i++ ) { - if ( unique.indexOf( pwd[i] ) < 0 ) { - unique += pwd[i]; - } - } - var ratio = pwd.length / unique.length - 0.4; // allow up to 40% repetition, reward for less, penalize for more - - return ratio * 10; -}; - -// Checks how many simple sequences ("abc", "321") are there in the password -window.sequenceScore = function( pwd ) { - pwd = pwd.concat( '\0' ); - var score = 100, sequence = 1; - for ( var i = 1; i < pwd.length; i++ ) { - if ( pwd.charCodeAt( i ) == pwd.charCodeAt(i - 1) + 1 ) { - sequence++; - } else { - if ( sequence > 2 ) { - score -= sequence * 7; - } - sequence = 1; - } - } - for ( var i = 1; i < pwd.length; i++ ) { - if ( pwd.charCodeAt( i ) == pwd.charCodeAt(i - 1) - 1 ) { - sequence++; - } else { - if ( sequence > 2 ) { - score -= Math.sqrt( sequence ) * 15; - } - sequence = 1; - } - } - return score; -}; - -(function( $ ) { - function passwordChanged() { - retypeChanged(); - var pwd = $( passwordSecurity.password ).val(); - if ( pwd == '' ) { - $( '#password-strength' ).html( '' ); - return; - } - if ( pwd.length > 100 ) pwd = pwd.slice( 0, 100 ); - var scores = [ - bruteForceComplexity( pwd ), - repetitionAdjustment( pwd ), - sequenceScore( pwd ) - ]; - - var score = Math.min( scores[0] - scores[1], scores[2] ); - var result = 'good'; - if ( score < 40 ) { - result = 'bad'; - } else if ( score < 60 ) { - result = 'mediocre'; - } else if ( score < 80 ) { - result = 'acceptable'; - } - var message = '' + passwordSecurity.messages['password-strength-' + result] - + ''; - $( '#password-strength' ).html( - passwordSecurity.messages['password-strength'].replace( '$1', message ) - //+ scores - ); - } - - function retypeChanged() { - var pwd = $( passwordSecurity.password ).val(); - var retype = $( passwordSecurity.retype ).val(); - var message; - if ( pwd == '' || pwd == retype ) { - message = ''; - } else if ( retype == '' ) { - message = passwordSecurity.messages['password-retype']; - } else { - message = passwordSecurity.messages['password-retype-mismatch']; - } - $( '#password-retype' ).html( message ); - } - - $( document ).ready( function() { - $( passwordSecurity.password ).bind( 'keyup change', passwordChanged ); - $( passwordSecurity.retype ).bind( 'keyup change', retypeChanged ); - }) -})(jQuery); -- 2.20.1