Gitiles
Code Review Sign In
korap.ids-mannheim.de / ids-kl / ldap-signup / 7612127039ad9f1c41eb6e31e695e29fb7490384 / . / static / main.js
blob: e381ac65bdfb16861698cb5bb5aeb49fa12e8543 [file] [log] [blame]
Marc Kupietz484ec8e2023-02-25 11:23:07 +0100[diff] [blame]1// Example starter JavaScript for disabling form submissions if there are invalid fields
2(function () {
3 'use strict';
4 window.addEventListener('load', function () {
5 // Fetch all the forms we want to apply custom Bootstrap validation styles to
6 var forms = document.getElementsByClassName('needs-validation');
7 // Loop over them and prevent submission
8 var validation = Array.prototype.filter.call(forms, function (form) {
9 form.addEventListener('submit', function (event) {
10 if (form.checkValidity() === false) {
11 event.preventDefault();
12 event.stopPropagation();
13 }
14 form.classList.add('was-validated');
15 }, false);
16 });
17 }, false);
18})();
19
20
21function check_password_match() {
22 pass = $("#pw1").val();
23 pass2 = $("#pw2").val();
24
25 if (pass2.length > 0) {
26 $("#pwconfirm")[0].classList.add('was-validated')
27 if (pass != pass2) {
28 $("#pw2")[0].setCustomValidity("Passwords do not match");
29 } else {
30 $("#pw2")[0].setCustomValidity(""); // is valid
31 }
32 } else {
33 $("#pwconfirm")[0].classList.remove('was-validated')
34 }
35 passUpdated();
36}
37
38TOO_SHORT = 'Password too short, still %% characters needed';
39TOO_LONG = 'Password too long, please remove %% characters';
40INVALID_CHARS = 'Password contains invalid characters';
41QUAL_NONE = 'Password is very weak'
42QUAL_LOW = 'Password is weak';
43QUAL_MEDIUM = 'Password is average'
44QUAL_GOOD = 'Password is good';
45QUAL_STRONG = 'Password is strong';
46REP_OK = 'Repetition ok';
47REP_NE = 'Passwords not identical';
48PWNED = 'Password found in public password list';
49
50String.prototype.strReverse = function () {
51 var newstring = '';
52 for (var s = 0; s < this.length; s++)
53 newstring = this.charAt(s) + newstring;
54 return newstring;
55};
56
57function isPasswordPwned(pass, callback) {
58 const sha1Hash = CryptoJS.enc.Hex.stringify(CryptoJS.SHA1(pass)).toUpperCase();
59 const passwordChunk1 = sha1Hash.substring(0, 5);
60 const passwordChunk2 = sha1Hash.substring(5);
61 $.get('https://api.pwnedpasswords.com/range/' + passwordChunk1).done(function (data, status) {
62 var isPwned = false;
63 if (status == "success") {
64 if (data && data.length) {
65 const chunks = data.split('\r\n');
66 const matches = chunks.filter(s => s.includes(passwordChunk2));
67
68 if (matches.length) {
69 isPwned = true
70 }
71 }
72 callback(isPwned)
73 }
74 });
75}
76
77//var checkTimer;
78
79function passUpdated() {
80 var nScore = 0;
81 var message = '';
82
83 var pass = $('#pw1').val();
84 var pass2 = $('#pw2').val();
85
86 //clearTimeout(checkTimer);
87
88 try {
89 if (!pass)
90 throw '';
91
92 if (pass.match(/[^a-zA-Z0-9!@#$%()_+=:;",.?/-]/))
93 throw INVALID_CHARS;
94
95 var nLength = pass.length;
96 if (nLength < 8)
97 throw TOO_SHORT.replace('%%', 8 - nLength);
98 if (nLength > 20)
99 throw TOO_LONG.replace('%%', nLength - 20);
100
101 nScore = 4 * nLength;
102
103 // check for upper-/lowercase, numeric and special chars pattern matches
104 var nAlphaUC = 0, nAlphaLC = 0, nNumber = 0, nSpecial = 0;
105 var nMidChar = 0, nRepChar = 0, nRepInc = 0;
106 var nConsecAlphaUC = 0, nConsecAlphaLC = 0, nConsecNumber = 0;
107 var nTmpAlphaUC = '', nTmpAlphaLC = '', nTmpNumber = '';
108 for (var i = 0; i < nLength; i++) {
109 if (pass[i].match(/[A-Z]/g)) { // uppercase characters
110 if (nTmpAlphaUC !== '' && (nTmpAlphaUC + 1) == i) {
111 nConsecAlphaUC++;
112 }
113 nTmpAlphaUC = i;
114 nAlphaUC++;
115 } else if (pass[i].match(/[a-z]/g)) { // lowercase characters
116 if (nTmpAlphaLC !== '' && (nTmpAlphaLC + 1) == i) {
117 nConsecAlphaLC++;
118 }
119 nTmpAlphaLC = i;
120 nAlphaLC++;
121 } else if (pass[i].match(/[0-9]/g)) { // numbers
122 if (i > 0 && i < (nLength - 1)) {
123 nMidChar++;
124 }
125 if (nTmpNumber !== '' && (nTmpNumber + 1) == i) {
126 nConsecNumber++;
127 }
128 nTmpNumber = i;
129 nNumber++;
130 } else { // special characters
131 if (i > 0 && i < (nLength - 1)) {
132 nMidChar++;
133 }
134 nSpecial++;
135 }
136
137 // check for repeated characters
138 var bCharExists = false;
139 for (var j = 0; j < nLength; j++) {
140 if (pass[i] == pass[j] && i != j) {
141 bCharExists = true;
142 nRepInc += Math.abs(nLength / (j - i));
143 }
144 }
145 if (bCharExists) {
146 nRepChar++;
147 var nUnqChar = nLength - nRepChar;
148 nRepInc = (nUnqChar) ? Math.ceil(nRepInc / nUnqChar) : Math.ceil(nRepInc);
149 }
150 }
151
152 // check for sequential alpha string patterns (forward and reverse)
153 var sAlphas = "abcdefghijklmnopqrstuvwxyz";
154 var nSeqAlpha = 0;
155 for (var i = 0; i < 23; i++) {
156 var sFwd = sAlphas.substring(i, i + 3);
157 var sRev = sFwd.strReverse();
158 if (pass.toLowerCase().indexOf(sFwd) != -1
159 || pass.toLowerCase().indexOf(sRev) != -1)
160 nSeqAlpha++;
161 }
162
163 // check for sequential numeric string patterns (forward and reverse)
164 var sNumerics = "01234567890";
165 var nSeqNumber = 0;
166 for (var i = 0; i < 8; i++) {
167 var sFwd = sNumerics.substring(i, i + 3);
168 var sRev = sFwd.strReverse();
169 if (pass.toLowerCase().indexOf(sFwd) != -1
170 || pass.toLowerCase().indexOf(sRev) != -1)
171 nSeqNumber++;
172 }
173
174 // general point assignment
175 if (nAlphaUC > 0 && nAlphaUC < nLength) // uppercase characters
176 nScore += 2 * (nLength - nAlphaUC);
177 if (nAlphaLC > 0 && nAlphaLC < nLength) // lowercase characters
178 nScore += 2 * (nLength - nAlphaLC);
179 if (nNumber > 0 && nNumber < nLength) // numbers
180 nScore += 2 * nNumber;
181 if (nSpecial > 0) // special characters
182 nScore += 4 * nSpecial;
183 if (nMidChar > 0) // mid numbers/special characters
184 nScore += 2 * nMidChar;
185
186 // point deductions for poor practices
187 if ((nAlphaLC > 0 || nAlphaUC > 0)
188 && nSpecial === 0 && nNumber === 0) // characters only
189 nScore -= nLength;
190 if (nAlphaLC === 0 && nAlphaUC === 0
191 && nSpecial === 0 && nNumber > 0) // numbers only
192 nScore -= nLength;
193 if (nRepChar > 0) // same character exists more than once
194 nScore -= nRepInc;
195 if (nConsecAlphaUC > 0) // consecutive uppercase letters exist
196 nScore -= 2 * nConsecAlphaUC;
197 if (nConsecAlphaLC > 0) // consecutive lowercase letters exist
198 nScore -= 2 * nConsecAlphaLC;
199 if (nConsecNumber > 0) // consecutive numbers exist
200 nScore -= 2 * nConsecNumber;
201 if (nSeqAlpha > 0) // sequential alpha strings exist (3 chars or more)
202 nScore -= 3 * nSeqAlpha;
203 if (nSeqNumber > 0) // sequential numeric strings exist (3 chars or more)
204 nScore -= 3 * nSeqNumber;
205
206 // determine if mandatory requirements have been met
207 var arrChars = [nAlphaUC, nAlphaLC, nNumber, nSpecial];
208 var nReqChar = 0;
209 for (var i = 0; i < arrChars.length; i++) {
210 if (arrChars[i]) {
211 nReqChar++;
212 }
213 }
214 if (nReqChar >= arrChars.length)
215 nScore += 2 * nReqChar;
216 else if (nReqChar < arrChars.length - 1)
217 nScore -= 2 * nReqChar;
218
219 // limit points to 3..100
220 nScore = Math.max(3, Math.min(nScore, 100));
221
222 // set message according to points
223 if (nScore >= 80)
224 message = QUAL_STRONG;
225 else if (nScore >= 60)
226 message = QUAL_GOOD;
227 else if (nScore >= 40)
228 message = QUAL_MEDIUM;
229 else if (nScore >= 10)
230 message = QUAL_LOW;
231 else
232 message = QUAL_NONE;
233 } catch (error) {
234 nScore = 3;
235 message = error;
236 }
237 /*
238 if (pass.length > 0 && pass2.length > 0) {
239 message+=' / ';
240 message+=(pass == pass2) ? REP_OK : REP_NE;
241 }
242 */
243 $('#pwqinfo').val(message);
244
245 var progress = $('#pwqbar');
246 progress.width(nScore + '%');
247 progress.attr('aria-valuenow', nScore);
248 if (nScore >= 60)
249 progress.removeClass('bg-danger bg-warning').addClass('bg-success');
250 else if (nScore >= 40)
251 progress.removeClass('bg-danger bg-success').addClass('bg-warning');
252 else
253 progress.removeClass('bg-warning bg-success').addClass('bg-danger');
254
255 if (nScore >= 40) {
256 $("#password-div")[0].classList.add('was-validated');
257 $('#btn_change').prop('disabled', pass !== pass2);
258 $("#pw1")[0].setCustomValidity("");
259 isPasswordPwned(pass, function (isPwned) {
260 if (isPwned) {
261 $('#pwqinfo').val(PWNED);
262 progress.removeClass().addClass('low');
263 progress.val(3);
264 $("#pw1")[0].setCustomValidity("Password is pwned");
265 }
266 });
267 } else {
268 $("#password-div")[0].classList.add('was-validated');
269 $('#btn_change').prop('disabled', 1);
270 $("#pw1")[0].setCustomValidity("Password is to week");
271 }
272
273}