Summary: | Add support of zxcvbn password strength checker to bugs.webkit.org website. | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Ling Ho <lingcherd_ho> | ||||||||||||
Component: | WebKit Website | Assignee: | lingho <lingho> | ||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||
Severity: | Normal | CC: | ap, commit-queue, ddkilzer, jer.noble, jond, webkit-bug-importer | ||||||||||||
Priority: | P2 | Keywords: | InRadar | ||||||||||||
Version: | Other | ||||||||||||||
Hardware: | Unspecified | ||||||||||||||
OS: | Unspecified | ||||||||||||||
Attachments: |
|
Description
Ling Ho
2019-05-30 15:18:47 PDT
Created attachment 370985 [details]
Added option to select zxcvbn password estimator
Created attachment 370994 [details]
Patch
Comment on attachment 370994 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=370994&action=review r- only to update Bugzilla/Install/Requirements.pm to add the Data::Password::zxcvbn module as required. The rest of the changes are optional. > Websites/bugs.webkit.org/Bugzilla/Config/Auth.pm:115 > + 'letters_numbers_specialchars', 'zxcvbn' ], Nit: I hadn't heard of zxcvbn before, so using something a little more description (like 'zxcvbn_password_checker') would be easier to grok the first time you see it. Not necessary to land the patch. > Websites/bugs.webkit.org/Bugzilla/User.pm:34 > +use Data::Password::zxcvbn 'password_strength'; # WEBKIT_CHANGES I think it's more idiomatic Perl to use qw() here: use Data::Password::zxcvbn qw(password_strength); # WEBKIT_CHANGES -- You also need to update Bugzilla/Install/Requirements.pm to list the Data::Password::zxcvbn module as required. > Websites/bugs.webkit.org/Bugzilla/User.pm:2492 > + } elsif ($complexity_level eq 'zxcvbn') { Update 'zxcvbn' if you changed the name above. Created attachment 371428 [details]
Patch
- Renamed selection "zxcvbn" to "zxcvbn_password_checker". - Add Data::Password::zxcvbn module to Bugzilla/Install/Requirements.pm. - Changed "use Data::Password::zxcvbn 'password_strength';" to "use Data::Password::zxcvbn qw(password_strength);" Comment on attachment 371428 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=371428&action=review r=me, but please fix the [% error filter html %] issue at minimum. After that, this is good to go. > Websites/bugs.webkit.org/Bugzilla/User.pm:2495 > + return 'Password is weak. ' . $est_strength->{feedback}->{warning} . '. ' Nit: Format of this message is not like the others; would like something like `password_too_weak_SCORE' where "SCORE" is replaced with the numeric score, then you could change the template to pull out the score (which may not even be needed--if so, just drop "_SCORE" from the return value) and write the text to display to the user there (which would be easier to translate if we cared about this). You can land the patch without this change, but please consider it. > Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl:1468 > + [% error %] This should be: [% error filter html %] Comment on attachment 371428 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=371428&action=review >> Websites/bugs.webkit.org/template/en/default/global/user-error.html.tmpl:1468 >> + [% error %] > > This should be: > > [% error filter html %] If you make the other change, you can just put the literal text here like this: The password is too weak. Created attachment 371435 [details]
Patch
Created attachment 371436 [details]
Patch
- Added "FILTER html" to [% error %] - Keeping the way message is displayed because it will relay warning message string generated by the zxcvbn module. Removed the trailing period since the string could be empty. Comment on attachment 371436 [details]
Patch
r=me
Comment on attachment 371436 [details] Patch Clearing flags on attachment: 371436 Committed r246140: <https://trac.webkit.org/changeset/246140> All reviewed patches have been landed. Closing bug. |