WebKit Bugzilla
Attachment 371436 Details for
Bug 198391
: Add support of zxcvbn password strength checker to bugs.webkit.org website.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198391-20190605140630.patch (text/plain), 5.58 KB, created by
lingho@apple.com
on 2019-06-05 14:06:31 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
lingho@apple.com
Created:
2019-06-05 14:06:31 PDT
Size:
5.58 KB
patch
obsolete
>Subversion Revision: 245906 >diff --git a/Websites/bugs.webkit.org/ChangeLog b/Websites/bugs.webkit.org/ChangeLog >index 77d4fe6fa58c44d35f2fc9abbebc74803303c13e..e3e74d6ed39973b2c897c99bac860ff06adbbb90 100644 >--- a/Websites/bugs.webkit.org/ChangeLog >+++ b/Websites/bugs.webkit.org/ChangeLog >@@ -1,3 +1,20 @@ >+2019-06-05 Ling Ho <lingcherd_ho@apple.com> >+ >+ Add support of zxcvbn password strength checker to bugs.webkit.org website. >+ https://bugs.webkit.org/show_bug.cgi?id=198391 >+ rdar://problem/51278166 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * Bugzilla/Config/Auth.pm: >+ (get_param_list): >+ * Bugzilla/Install/Requirements.pm: >+ (REQUIRED_MODULES): >+ * Bugzilla/User.pm: >+ (validate_password_check): >+ * template/en/default/admin/params/auth.html.tmpl: >+ * template/en/default/global/user-error.html.tmpl: >+ > 2019-05-13 Jer Noble <jer.noble@apple.com> > > Bugzilla should convert "r12345" to a trac.webkit.org link >diff --git a/Websites/bugs.webkit.org/Bugzilla/Config/Auth.pm b/Websites/bugs.webkit.org/Bugzilla/Config/Auth.pm >index 78d719b15d35bc7cfafe4ae876bae4f6d22311df..b1c2e372af6543f932ca783a457d1899fe4bc619 100644 >--- a/Websites/bugs.webkit.org/Bugzilla/Config/Auth.pm >+++ b/Websites/bugs.webkit.org/Bugzilla/Config/Auth.pm >@@ -107,11 +107,12 @@ sub get_param_list { > checker => \&check_regexp > }, > >+ # WEBKIT_CHANGES > { > name => 'password_complexity', > type => 's', > choices => [ 'no_constraints', 'mixed_letters', 'letters_numbers', >- 'letters_numbers_specialchars' ], >+ 'letters_numbers_specialchars', 'zxcvbn_password_checker' ], > default => 'no_constraints', > checker => \&check_multi > }, >diff --git a/Websites/bugs.webkit.org/Bugzilla/Install/Requirements.pm b/Websites/bugs.webkit.org/Bugzilla/Install/Requirements.pm >index 61496d843a17496de2016ae4615489cccb2c5d3f..8b1b803da9f1d25c83ef3a81d779f77fa61678ed 100644 >--- a/Websites/bugs.webkit.org/Bugzilla/Install/Requirements.pm >+++ b/Websites/bugs.webkit.org/Bugzilla/Install/Requirements.pm >@@ -161,6 +161,12 @@ sub REQUIRED_MODULES { > # 2.0 is the first version that will work with JSON::RPC. > version => '2.01', > }, >+ # WEBKIT_CHANGES >+ { >+ package => 'Data-Password-zxcvbn', >+ module => 'Data::Password::zxcvbn', >+ version => 0 >+ }, > ); > > if (ON_WINDOWS) { >diff --git a/Websites/bugs.webkit.org/Bugzilla/User.pm b/Websites/bugs.webkit.org/Bugzilla/User.pm >index 077f11d1685bde5fb95ab81ed99aed403a75b26c..f27c50ab5b70222d906d89aa89c7cad3f7054afc 100644 >--- a/Websites/bugs.webkit.org/Bugzilla/User.pm >+++ b/Websites/bugs.webkit.org/Bugzilla/User.pm >@@ -31,6 +31,8 @@ use Storable qw(dclone); > use URI; > use URI::QueryParam; > >+use Data::Password::zxcvbn qw(password_strength); # WEBKIT_CHANGES >+ > use parent qw(Bugzilla::Object Exporter); > @Bugzilla::User::EXPORT = qw(is_available_username > login_to_id validate_password validate_password_check >@@ -2486,6 +2488,12 @@ sub validate_password_check { > } elsif ($complexity_level eq 'mixed_letters') { > return 'password_not_complex' > if ($password !~ /[[:lower:]]/ || $password !~ /[[:upper:]]/); >+ # WEBKIT_CHANGES >+ } elsif ($complexity_level eq 'zxcvbn_password_checker') { >+ my %opts = (score_for_feedback => 3); >+ my $est_strength = password_strength($password, \%opts); >+ return 'Password is weak. ' . $est_strength->{feedback}->{warning} >+ if ($est_strength->{score} < 4); > } > > # Having done these checks makes us consider the password untainted. >diff --git a/Websites/bugs.webkit.org/template/en/default/admin/params/auth.html.tmpl b/Websites/bugs.webkit.org/template/en/default/admin/params/auth.html.tmpl >index 902d2fc826bf33ff8bda10515f6891abfefe8245..e69aadde3d71aadc180f8e5d3c7a4ae513ff0e66 100644 >--- a/Websites/bugs.webkit.org/template/en/default/admin/params/auth.html.tmpl >+++ b/Websites/bugs.webkit.org/template/en/default/admin/params/auth.html.tmpl >@@ -132,7 +132,8 @@ > "<li>letters_numbers - Passwords must contain at least one UPPER and one " _ > "lower case letter and a number.</li>" _ > "<li>letters_numbers_specialchars - Passwords must contain at least one " _ >- "letter, a number and a special character.</li></ul>" >+ "letter, a number and a special character.</li>" _ >+ "<li>zxcvbn_password_checker - Enable zxcvbn strength estimator for password strength checking.</li></ul>" # WEBKIT_CHANGES > > password_check_on_login => > "If set, $terms.Bugzilla will check that the password meets the current " _ >diff --git a/Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl b/Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl >index 7421a1525010851006aa3bf9a38c4b0235cf58af..149519b235200bac2dc4bde10b5e75ebdeec0ec9 100644 >--- a/Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl >+++ b/Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl >@@ -1462,6 +1462,15 @@ > request a new password</a> in order to log in again. > [% END %] > >+ [%# WEBKIT_CHANGES %] >+ [% ELSIF error.search("Password is weak") %] >+ [% title = "Password Is Weak" %] >+ [% error FILTER html %] >+ [% IF locked_user %] >+ You must <a href="token.cgi?a=reqpw&loginname=[% locked_user.email FILTER uri %]&token=[% issue_hash_token(['reqpw']) FILTER uri %]"> >+ request a new password</a> in order to log in again. >+ [% END %] >+ > [% ELSIF error == "password_not_complex" %] > [% title = "Password Fails Requirements" %] > [% passregex = Param('password_complexity') %]
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=371436">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198391
:
370985
|
370994
|
371428
|
371435
| 371436