$(function() {
- function make_password_strength($password) {
- return function(event) {
- var password = $password.val();
- var missing_features = {"upper": true, "lower": true, "numbers": true, "symbols": true, "length12": true};
- var features = [],
- charset = 0,
- score = 0,
- min_features = 3;
-
- $("#password-meter").show();
- $("#password-meter-label").show();
-
- if (password.match(/[A-Z]/)) {
- delete missing_features.upper;
- features.push("upper");
- charset += 26;
- }
- if (password.match(/[a-z]/)) {
- delete missing_features.lower;
- features.push("lower");
- charset += 26;
- }
- if (password.match(/[0-9]/)) {
- delete missing_features.numbers;
- features.push("numbers");
- charset += 10;
- }
- if (password.match(/[^A-Za-z0-9]/)) {
- delete missing_features.symbols;
- features.push("symbols");
- charset += 30; // there are 30-32 typable characters on a keyboard.
- }
- if (password.length > 12) {
- delete missing_features.length12;
- features.push("length12");
- }
-
- $("#password-features li").removeClass("feature-ok");
- features.forEach(function(name) {
- $("#password-feature-" + name).addClass("feature-ok");
- });
-
- var entropy = Math.floor(Math.log(charset) * (password.length / Math.log(2)));
- if (entropy) {
- score = entropy/128;
- }
-
- $password.get(0).setCustomValidity("");
- if (features.length < min_features) {
- $("#password-msg")
- .text("Password does not meet requirements")
- .attr("class", "password-bad");
- $password.get(0).setCustomValidity($("#password-msg").text());
- }
- else if (password.length < 8) {
- $("#password-msg")
- .text("Password is too short")
- .attr("class", "password-bad");
- $password.get(0).setCustomValidity($("#password-msg").text());
- }
- else {
- $("#password-msg")
- .text("Password meets requirements")
- .attr("class", "password-good");
- $password.get(0).setCustomValidity("");
- }
-
- if (entropy < 60) {
- $("#password-meter")
- .removeClass("meter-good meter-ok")
- .addClass("meter-bad");
- }
- else if (entropy >= 120) {
- $("#password-meter")
- .removeClass("meter-bad meter-ok")
- .addClass("meter-good");
- }
- else if (entropy > 60) {
- $("#password-meter")
- .removeClass("meter-bad meter-good")
- .addClass("meter-ok");
- }
-
- if (score === 0) {
- score = 0.01;
- $("#password-meter")
- .removeClass("meter-good meter-ok")
- .addClass("meter-bad");
- }
-
- $("#password-meter").width(Math.max(0, Math.min($password.width()+10, Math.ceil(($password.width()+10) * score))));
- };
- }
-
function make_password_confirm($password1, $password2) {
return function (event) {
if ($password1.val() != $password2.val()) {
};
}
var password1_sel, password2_sel;
- var complexity = $("#password-features").data("password-complexity");
var page = $("#password-features").data("password-page");
- var check_password_strength, check_password_confirm;
+ var check_password_confirm;
if (page == "account") {
$("#new_password1, #new_password2, #new_login_name").change(function() {
});
}
- if (complexity == "bmo") {
- if (page == "confirm") {
- password1_sel = "#passwd1";
- password2_sel = "#passwd2";
- }
- else {
- password1_sel = "#new_password1";
- password2_sel = "#new_password2";
- }
- $("#password-features").show();
-
- check_password_strength = make_password_strength($(password1_sel));
- check_password_confirm = make_password_confirm($(password1_sel), $(password2_sel));
-
- $(password1_sel).on("input", check_password_strength);
- $(password1_sel).on("focus", check_password_strength);
-
- $(password1_sel).on("blur", check_password_confirm);
- $(password1_sel).on("change", check_password_confirm);
- $(password2_sel).on("input", check_password_confirm);
+ if (page == "confirm") {
+ password1_sel = "#passwd1";
+ password2_sel = "#passwd2";
}
else {
- $("#password-features").hide();
+ password1_sel = "#new_password1";
+ password2_sel = "#new_password2";
}
+ check_password_confirm = make_password_confirm($(password1_sel), $(password2_sel));
+
+ $(password1_sel).on("blur", check_password_confirm);
+ $(password1_sel).on("change", check_password_confirm);
+ $(password2_sel).on("input", check_password_confirm);
+
// account disabling
$('#account-disable-toggle')
--- /dev/null
+/*
+ * Copyright (c) 2000-2002,2010,2013 by Solar Designer. See LICENSE.
+ * Copyright (c) 2014 Parallels, Inc.
+ */
+({define:typeof define!="undefined"?define:function(deps, factory){module.exports = factory(exports, require("./dictionary"));}}).
+define(["exports", "./dictionary"], function(exports, dict){
+ var dictionary = dict.dictionary;
+
+ var FIXED_BITS = 15;
+
+ /*
+ * Calculates the expected number of different characters for a random
+ * password of a given length. The result is rounded down. We use this
+ * with the _requested_ minimum length (so longer passwords don't have
+ * to meet this strict requirement for their length).
+ */
+ function expected_different(charset, length){
+ var x, y, z;
+
+ x = ((charset - 1) << FIXED_BITS) / charset;
+ y = x;
+ while (--length > 0)
+ y = (y * x) >> FIXED_BITS;
+ z = charset * ((1 << FIXED_BITS) - y);
+
+ return (z >> FIXED_BITS)|0;
+ }
+
+ /*
+ * A password is too simple if it is too short for its class, or doesn't
+ * contain enough different characters for its class, or doesn't contain
+ * enough words for a passphrase.
+ *
+ * The biases are added to the length, and they may be positive or negative.
+ * The passphrase length check uses passphrase_bias instead of bias so that
+ * zero may be passed for this parameter when the (other) bias is non-zero
+ * because of a dictionary word, which is perfectly normal for a passphrase.
+ * The biases do not affect the number of different characters, character
+ * classes, and word count.
+ */
+ function is_simple(params, newpass, bias, passphrase_bias){
+ var length, classes, words, chars,
+ digits, lowers, uppers, others, unknowns,
+ c, p;
+
+ length = classes = words = chars = 0;
+ digits = lowers = uppers = others = unknowns = 0;
+ p = ' ';
+ while (c = newpass[length]) {
+ length++;
+
+ if (!isascii(c))
+ unknowns++;
+ else if (isdigit(c))
+ digits++;
+ else if (islower(c))
+ lowers++;
+ else if (isupper(c))
+ uppers++;
+ else
+ others++;
+ /* A word starts when a letter follows a non-letter or when a non-ASCII
+ * character follows a space character. We treat all non-ASCII characters
+ * as non-spaces, which is not entirely correct (there's the non-breaking
+ * space character at 0xa0, 0x9a, or 0xff), but it should not hurt. */
+ if (isascii(p)) {
+ if (isascii(c)) {
+ if (isalpha(c) && !isalpha(p))
+ words++;
+ } else if (isspace(p))
+ words++;
+ }
+ p = c;
+
+ /* Count this character just once: when we're not going to see it anymore */
+ if(newpass.slice(length).indexOf(c) === -1)
+ chars++;
+ }
+
+ length = strlen(newpass);
+
+ if (!length)
+ return 1;
+
+ /* Upper case characters and digits used in common ways don't increase the
+ * strength of a password */
+ c = newpass[0];
+ if (uppers && isascii(c) && isupper(c))
+ uppers--;
+ c = newpass[length - 1];
+ if (digits && isascii(c) && isdigit(c))
+ digits--;
+
+ /* Count the number of different character classes we've seen. We assume
+ * that there are no non-ASCII characters for digits. */
+ classes = 0;
+ if (digits)
+ classes++;
+ if (lowers)
+ classes++;
+ if (uppers)
+ classes++;
+ if (others)
+ classes++;
+ if (unknowns && classes <= 1 && (!classes || digits || words >= 2))
+ classes++;
+
+ for (var min = params.min; classes > 0; classes--)
+ switch (classes) {
+ case 1:
+ if (length + bias >= min[0] &&
+ chars >= expected_different(10, min[0]) - 1)
+ return 0;
+ return 1;
+
+ case 2:
+ if (length + bias >= min[1] &&
+ chars >= expected_different(36, min[1]) - 1)
+ return 0;
+ if (!params.passphrase_words ||
+ words < params.passphrase_words)
+ continue;
+ if (length + passphrase_bias >= min[2] &&
+ chars >= expected_different(27, min[2]) - 1)
+ return 0;
+ continue;
+
+ case 3:
+ if (length + bias >= min[3] &&
+ chars >= expected_different(62, min[3]) - 1)
+ return 0;
+ continue;
+
+ case 4:
+ if (length + bias >= min[4] &&
+ chars >= expected_different(95, min[4]) - 1)
+ return 0;
+ continue;
+ }
+
+ return 1;
+ }
+
+ function unify(dst, src){
+ for (var i = 0; i < src.length; i++){
+ var c = src.charAt(i);
+ if (isascii(c) && isupper(c))
+ c = c.toLowerCase();
+ switch (c) {
+ case 'a': case '@':
+ c = '4'; break;
+ case 'e':
+ c = '3'; break;
+ /* Unfortunately, if we translate both 'i' and 'l' to '1', this would
+ * associate these two letters with each other - e.g., "mile" would
+ * match "MLLE", which is undesired. To solve this, we'd need to test
+ * different translations separately, which is not implemented yet. */
+ case 'i': case '|':
+ c = '!'; break;
+ case 'l':
+ c = '1'; break;
+ case 'o':
+ c = '0'; break;
+ case 's': case '$':
+ c = '5'; break;
+ case 't': case '+':
+ c = '7'; break;
+ }
+ dst += c;
+ }
+
+ return dst;
+ }
+
+ function reverse(src){
+ return src.split("").reverse().join("");
+ }
+
+ /*
+ * Needle is based on haystack if both contain a long enough common
+ * substring and needle would be too simple for a password with the
+ * substring either removed with partial length credit for it added
+ * or partially discounted for the purpose of the length check.
+ */
+ function is_based(params, haystack, needle, original, mode){
+ var scratch, length, i, j, p, worst_bias;
+
+ if (!params.match_length) // disabled
+ return 0;
+
+ if (params.match_length < 0) // misconfigured
+ return 1;
+
+ scratch = null;
+ worst_bias = 0;
+
+ length = needle.length;
+ for (i = 0; i <= length - params.match_length; i++)
+ for (j = params.match_length; i + j <= length; j++) {
+ var bias = 0, j1 = j - 1;
+ var q0 = needle[i], q1 = needle.slice(i+1);
+
+ for (var k=0; k<haystack.length; k++)
+ if (haystack[k] == q0 && haystack.substring(k+1, k+1+j1) == q1.substring(0,j1)) { // or memcmp()
+ if ((mode & 0xff) == 0) { // remove & credit
+ // remove j chars
+ var pos = length - (i + j);
+ if (!(mode & 0x100)) // not reversed
+ pos = i;
+
+ scratch = original.substring(0, pos) + original.substring(pos+j);
+
+ // add credit for match_length - 1 chars
+ bias = params.match_length - 1;
+ if (is_simple(params, scratch, bias, bias))
+ return 1;
+ } else { // discount
+ // Require a 1 character longer match for substrings containing leetspeak
+ // when matching against dictionary words
+ bias = -1;
+ if ((mode & 0xff) == 1) { // words
+ var pos = i, end = i + j;
+ if (mode & 0x100) { // reversed
+ pos = length - end;
+ end = length - i;
+ }
+ for (; pos < end; pos++)
+ if (!isalpha(original[pos])) {
+ if (j == params.match_length){
+ var cnt = true;
+ break;
+ }
+ bias = 0;
+ break;
+ }
+ if(cnt){
+ cnt = false;
+ continue;
+ }
+ }
+
+ // discount j - (match_length + bias) chars
+ bias += params.match_length - j;
+ // bias <= -1
+ if (bias < worst_bias) {
+ if (is_simple(params, original, bias,
+ (mode & 0xff) == 1 ? 0 : bias))
+ return 1;
+ worst_bias = bias;
+ }
+ }
+ }
+
+ // Zero bias implies that there were no matches for this length. If so,
+ // * there's no reason to try the next substring length (it would result in
+ // * no matches as well). We break out of the substring length loop and
+ // * proceed with all substring lengths for the next position in needle.
+ if (!bias)
+ break;
+ }
+
+ return 0;
+ }
+
+ /*
+ * Common sequences of characters.
+ * We don't need to list any of the entire strings in reverse order because the
+ * code checks the new password in both "unified" and "unified and reversed"
+ * form against these strings (unifying them first indeed). We also don't have
+ * to include common repeats of characters (e.g., "777", "!!!", "1000") because
+ * these are often taken care of by the requirement on the number of different
+ * characters.
+ */
+ var seq = [
+ "0123456789",
+ "`1234567890-=",
+ "~!@#$%^&*()_+",
+ "abcdefghijklmnopqrstuvwxyz",
+ "a1b2c3d4e5f6g7h8i9j0",
+ "1a2b3c4d5e6f7g8h9i0j",
+ "abc123",
+ "qwertyuiop[]\\asdfghjkl;'zxcvbnm,./",
+ "qwertyuiop{}|asdfghjkl:\"zxcvbnm<>?",
+ "qwertyuiopasdfghjklzxcvbnm",
+ "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]\\",
+ "!qaz@wsx#edc$rfv%tgb^yhn&ujm*ik<(ol>)p:?_{\"+}|",
+ "qazwsxedcrfvtgbyhnujmikolp",
+ "1q2w3e4r5t6y7u8i9o0p-[=]",
+ "q1w2e3r4t5y6u7i8o9p0[-]=\\",
+ "1qaz1qaz",
+ "1qaz!qaz", /* can't unify '1' and '!' - see comment in unify() */
+ "1qazzaq1",
+ "zaq!1qaz",
+ "zaq!2wsx"
+ ];
+
+ /*
+ * This wordlist check is now the least important given the checks above
+ * and the support for passphrases (which are based on dictionary words,
+ * and checked by other means). It is still useful to trap simple short
+ * passwords (if short passwords are allowed) that are word-based, but
+ * passed the other checks due to uncommon capitalization, digits, and
+ * special characters. We (mis)use the same set of words that are used
+ * to generate random passwords. This list is much smaller than those
+ * used for password crackers, and it doesn't contain common passwords
+ * that aren't short English words. Perhaps support for large wordlists
+ * should still be added, even though this is now of little importance.
+ */
+ function is_word_based(params, needle, original, is_reversed){
+ var word, unified, i, length, mode;
+
+ if (!params.match_length) /* disabled */
+ return null;
+
+ mode = is_reversed | 1;
+ word = "";
+ for (i = 0; i < 0x1000; i++) {
+ word = dictionary[i];
+ length = strlen(word);
+ if (length < params.match_length)
+ continue;
+
+ word = unify("", word);
+ if (is_based(params, word, needle, original, mode))
+ return REASON_WORD;
+ }
+
+ mode = is_reversed | 2;
+ for (i = 0; i < seq.length; i++) {
+ unified = unify("", seq[i]);
+ if (!unified)
+ return REASON_ERROR;
+ if (is_based(params, unified, needle, original, mode))
+ return REASON_SEQ;
+ }
+
+ if (params.match_length <= 4)
+ for (i = 1900; i <= 2039; i++) {
+ if (is_based(params, i.toString(), needle, original, mode))
+ return REASON_SEQ;
+ }
+
+ return null;
+ }
+
+ function passwdqc_check(params, newpass, oldpass, pw){
+ var truncated, u_newpass, u_reversed, u_oldpass,
+ u_name, u_gecos, u_dir, reason, length;
+
+ u_newpass = u_reversed = null;
+ u_oldpass = null;
+ u_name = u_gecos = u_dir = null;
+
+ reason = REASON_ERROR;
+
+ if (oldpass && oldpass == newpass)
+ return REASON_SAME;
+
+ length = strlen(newpass);
+
+ if (length < params.min[4])
+ return REASON_SHORT;
+
+ if (length > params.max) {
+ if (params.max == 8) {
+ truncated = newpass.substr(0, 8);
+ newpass = truncated;
+ if (oldpass && !oldpass.substr(0, 8) !== newpass.substr(0, 8))
+ return REASON_SAME;
+ } else {
+ return REASON_LONG;
+ }
+ }
+
+ if (is_simple(params, newpass, 0, 0)) {
+ reason = REASON_SIMPLE;
+ if (length < params.min[1] && params.min[1] <= params.max)
+ reason = REASON_SIMPLESHORT;
+ return reason;
+ }
+
+ if (!(u_newpass = unify("", newpass)))
+ return reason; /* REASON_ERROR */
+ if (!(u_reversed = reverse(u_newpass)))
+ return reason;
+ if (oldpass && !(u_oldpass = unify("", oldpass)))
+ return reason;
+ if (pw) {
+ if (!(u_name = unify("", pw.pw_name)) ||
+ !(u_gecos = unify("", pw.pw_gecos)) ||
+ !(u_dir = unify("", pw.pw_dir)))
+ return reason;
+ }
+
+ if (oldpass && params.similar_deny &&
+ (is_based(params, u_oldpass, u_newpass, newpass, 0) ||
+ is_based(params, u_oldpass, u_reversed, newpass, 0x100)))
+ return REASON_SIMILAR;
+
+ if (pw &&
+ (is_based(params, u_name, u_newpass, newpass, 0) ||
+ is_based(params, u_name, u_reversed, newpass, 0x100) ||
+ is_based(params, u_gecos, u_newpass, newpass, 0) ||
+ is_based(params, u_gecos, u_reversed, newpass, 0x100) ||
+ is_based(params, u_dir, u_newpass, newpass, 0) ||
+ is_based(params, u_dir, u_reversed, newpass, 0x100)))
+ return REASON_PERSONAL;
+
+ reason = is_word_based(params, u_newpass, newpass, 0);
+ if (!reason)
+ reason = is_word_based(params, u_reversed, newpass, 0x100);
+
+ return reason;
+ }
+
+ function isascii(c){
+ return /^[\x00-\x7F]?$/.test(c);
+ }
+
+ function isdigit(c){
+ return /^\d?$/.test(c);
+ }
+
+ function islower(c){
+ return isalpha(c) && c.toLowerCase() === c;
+ }
+
+ function isupper(c){
+ return isalpha(c) && c.toUpperCase() === c;
+ }
+
+ function isalpha(c){
+ return /^\w?$/.test(c) && c != '_' && /^\D?$/.test(c);
+ }
+
+ function isspace(c){
+ return /^\s?$/.test(c);
+ }
+
+ function strlen(str){
+ var length = str.length, count = 0, ch = 0;
+ for(var i=0; i < length; i++){
+ ch = str.charCodeAt(i);
+ if(ch <= 127){
+ count++;
+ }else if(ch <= 2047){
+ count += 2;
+ }else if(ch <= 65535){
+ count += 3;
+ }else if(ch <= 2097151){
+ count += 4;
+ }else if(ch <= 67108863){
+ count += 5;
+ }else{
+ count += 6;
+ }
+ }
+
+ return count;
+ }
+
+ var REASON_ERROR = "check failed",
+ REASON_SAME = "is the same as the old one",
+ REASON_SIMILAR = "is based on the old one",
+ REASON_SHORT = "too short",
+ REASON_LONG = "too long",
+ REASON_SIMPLESHORT = "not enough different characters or classes for this length",
+ REASON_SIMPLE = "not enough different characters or classes",
+ REASON_PERSONAL = "based on personal login information",
+ REASON_WORD = "based on a dictionary word and not a passphrase",
+ REASON_SEQ = "based on a common sequence of characters and not a passphrase",
+ INT_MAX = 2147483647;
+
+ var params = {
+ min: [INT_MAX, 24, 11, 8, 7],
+ max: 40,
+ passphrase_words: 3,
+ match_length: 4,
+ similar_deny: 1,
+ random_bits: 47,
+ flags: 3,
+ retry: 3
+ }
+
+ function check(newpass, oldpass, login, gecos, pms){
+ return passwdqc_check(pms || params, newpass, oldpass, login ? { pw_name: login, pw_gecos: gecos } : login);
+ }
+
+ exports.check = check;
+
+ return exports;
+});
\ No newline at end of file
projects / thirdparty / bugzilla.git / commitdiff
