blob: e381ac65bdfb16861698cb5bb5aeb49fa12e8543 [file] [log] [blame]
// Example starter JavaScript for disabling form submissions if there are invalid fields
(function () {
'use strict';
window.addEventListener('load', function () {
// Fetch all the forms we want to apply custom Bootstrap validation styles to
var forms = document.getElementsByClassName('needs-validation');
// Loop over them and prevent submission
var validation = Array.prototype.filter.call(forms, function (form) {
form.addEventListener('submit', function (event) {
if (form.checkValidity() === false) {
event.preventDefault();
event.stopPropagation();
}
form.classList.add('was-validated');
}, false);
});
}, false);
})();
function check_password_match() {
pass = $("#pw1").val();
pass2 = $("#pw2").val();
if (pass2.length > 0) {
$("#pwconfirm")[0].classList.add('was-validated')
if (pass != pass2) {
$("#pw2")[0].setCustomValidity("Passwords do not match");
} else {
$("#pw2")[0].setCustomValidity(""); // is valid
}
} else {
$("#pwconfirm")[0].classList.remove('was-validated')
}
passUpdated();
}
TOO_SHORT = 'Password too short, still %% characters needed';
TOO_LONG = 'Password too long, please remove %% characters';
INVALID_CHARS = 'Password contains invalid characters';
QUAL_NONE = 'Password is very weak'
QUAL_LOW = 'Password is weak';
QUAL_MEDIUM = 'Password is average'
QUAL_GOOD = 'Password is good';
QUAL_STRONG = 'Password is strong';
REP_OK = 'Repetition ok';
REP_NE = 'Passwords not identical';
PWNED = 'Password found in public password list';
String.prototype.strReverse = function () {
var newstring = '';
for (var s = 0; s < this.length; s++)
newstring = this.charAt(s) + newstring;
return newstring;
};
function isPasswordPwned(pass, callback) {
const sha1Hash = CryptoJS.enc.Hex.stringify(CryptoJS.SHA1(pass)).toUpperCase();
const passwordChunk1 = sha1Hash.substring(0, 5);
const passwordChunk2 = sha1Hash.substring(5);
$.get('https://api.pwnedpasswords.com/range/' + passwordChunk1).done(function (data, status) {
var isPwned = false;
if (status == "success") {
if (data && data.length) {
const chunks = data.split('\r\n');
const matches = chunks.filter(s => s.includes(passwordChunk2));
if (matches.length) {
isPwned = true
}
}
callback(isPwned)
}
});
}
//var checkTimer;
function passUpdated() {
var nScore = 0;
var message = '';
var pass = $('#pw1').val();
var pass2 = $('#pw2').val();
//clearTimeout(checkTimer);
try {
if (!pass)
throw '';
if (pass.match(/[^a-zA-Z0-9!@#$%()_+=:;",.?/-]/))
throw INVALID_CHARS;
var nLength = pass.length;
if (nLength < 8)
throw TOO_SHORT.replace('%%', 8 - nLength);
if (nLength > 20)
throw TOO_LONG.replace('%%', nLength - 20);
nScore = 4 * nLength;
// check for upper-/lowercase, numeric and special chars pattern matches
var nAlphaUC = 0, nAlphaLC = 0, nNumber = 0, nSpecial = 0;
var nMidChar = 0, nRepChar = 0, nRepInc = 0;
var nConsecAlphaUC = 0, nConsecAlphaLC = 0, nConsecNumber = 0;
var nTmpAlphaUC = '', nTmpAlphaLC = '', nTmpNumber = '';
for (var i = 0; i < nLength; i++) {
if (pass[i].match(/[A-Z]/g)) { // uppercase characters
if (nTmpAlphaUC !== '' && (nTmpAlphaUC + 1) == i) {
nConsecAlphaUC++;
}
nTmpAlphaUC = i;
nAlphaUC++;
} else if (pass[i].match(/[a-z]/g)) { // lowercase characters
if (nTmpAlphaLC !== '' && (nTmpAlphaLC + 1) == i) {
nConsecAlphaLC++;
}
nTmpAlphaLC = i;
nAlphaLC++;
} else if (pass[i].match(/[0-9]/g)) { // numbers
if (i > 0 && i < (nLength - 1)) {
nMidChar++;
}
if (nTmpNumber !== '' && (nTmpNumber + 1) == i) {
nConsecNumber++;
}
nTmpNumber = i;
nNumber++;
} else { // special characters
if (i > 0 && i < (nLength - 1)) {
nMidChar++;
}
nSpecial++;
}
// check for repeated characters
var bCharExists = false;
for (var j = 0; j < nLength; j++) {
if (pass[i] == pass[j] && i != j) {
bCharExists = true;
nRepInc += Math.abs(nLength / (j - i));
}
}
if (bCharExists) {
nRepChar++;
var nUnqChar = nLength - nRepChar;
nRepInc = (nUnqChar) ? Math.ceil(nRepInc / nUnqChar) : Math.ceil(nRepInc);
}
}
// check for sequential alpha string patterns (forward and reverse)
var sAlphas = "abcdefghijklmnopqrstuvwxyz";
var nSeqAlpha = 0;
for (var i = 0; i < 23; i++) {
var sFwd = sAlphas.substring(i, i + 3);
var sRev = sFwd.strReverse();
if (pass.toLowerCase().indexOf(sFwd) != -1
|| pass.toLowerCase().indexOf(sRev) != -1)
nSeqAlpha++;
}
// check for sequential numeric string patterns (forward and reverse)
var sNumerics = "01234567890";
var nSeqNumber = 0;
for (var i = 0; i < 8; i++) {
var sFwd = sNumerics.substring(i, i + 3);
var sRev = sFwd.strReverse();
if (pass.toLowerCase().indexOf(sFwd) != -1
|| pass.toLowerCase().indexOf(sRev) != -1)
nSeqNumber++;
}
// general point assignment
if (nAlphaUC > 0 && nAlphaUC < nLength) // uppercase characters
nScore += 2 * (nLength - nAlphaUC);
if (nAlphaLC > 0 && nAlphaLC < nLength) // lowercase characters
nScore += 2 * (nLength - nAlphaLC);
if (nNumber > 0 && nNumber < nLength) // numbers
nScore += 2 * nNumber;
if (nSpecial > 0) // special characters
nScore += 4 * nSpecial;
if (nMidChar > 0) // mid numbers/special characters
nScore += 2 * nMidChar;
// point deductions for poor practices
if ((nAlphaLC > 0 || nAlphaUC > 0)
&& nSpecial === 0 && nNumber === 0) // characters only
nScore -= nLength;
if (nAlphaLC === 0 && nAlphaUC === 0
&& nSpecial === 0 && nNumber > 0) // numbers only
nScore -= nLength;
if (nRepChar > 0) // same character exists more than once
nScore -= nRepInc;
if (nConsecAlphaUC > 0) // consecutive uppercase letters exist
nScore -= 2 * nConsecAlphaUC;
if (nConsecAlphaLC > 0) // consecutive lowercase letters exist
nScore -= 2 * nConsecAlphaLC;
if (nConsecNumber > 0) // consecutive numbers exist
nScore -= 2 * nConsecNumber;
if (nSeqAlpha > 0) // sequential alpha strings exist (3 chars or more)
nScore -= 3 * nSeqAlpha;
if (nSeqNumber > 0) // sequential numeric strings exist (3 chars or more)
nScore -= 3 * nSeqNumber;
// determine if mandatory requirements have been met
var arrChars = [nAlphaUC, nAlphaLC, nNumber, nSpecial];
var nReqChar = 0;
for (var i = 0; i < arrChars.length; i++) {
if (arrChars[i]) {
nReqChar++;
}
}
if (nReqChar >= arrChars.length)
nScore += 2 * nReqChar;
else if (nReqChar < arrChars.length - 1)
nScore -= 2 * nReqChar;
// limit points to 3..100
nScore = Math.max(3, Math.min(nScore, 100));
// set message according to points
if (nScore >= 80)
message = QUAL_STRONG;
else if (nScore >= 60)
message = QUAL_GOOD;
else if (nScore >= 40)
message = QUAL_MEDIUM;
else if (nScore >= 10)
message = QUAL_LOW;
else
message = QUAL_NONE;
} catch (error) {
nScore = 3;
message = error;
}
/*
if (pass.length > 0 && pass2.length > 0) {
message+=' / ';
message+=(pass == pass2) ? REP_OK : REP_NE;
}
*/
$('#pwqinfo').val(message);
var progress = $('#pwqbar');
progress.width(nScore + '%');
progress.attr('aria-valuenow', nScore);
if (nScore >= 60)
progress.removeClass('bg-danger bg-warning').addClass('bg-success');
else if (nScore >= 40)
progress.removeClass('bg-danger bg-success').addClass('bg-warning');
else
progress.removeClass('bg-warning bg-success').addClass('bg-danger');
if (nScore >= 40) {
$("#password-div")[0].classList.add('was-validated');
$('#btn_change').prop('disabled', pass !== pass2);
$("#pw1")[0].setCustomValidity("");
isPasswordPwned(pass, function (isPwned) {
if (isPwned) {
$('#pwqinfo').val(PWNED);
progress.removeClass().addClass('low');
progress.val(3);
$("#pw1")[0].setCustomValidity("Password is pwned");
}
});
} else {
$("#password-div")[0].classList.add('was-validated');
$('#btn_change').prop('disabled', 1);
$("#pw1")[0].setCustomValidity("Password is to week");
}
}