Use js version of zxcvbn (!102) · Merge requests · opencraft / dev / console

Boros Gábor requested to merge zxcvbn into master Jun 03, 2016

Created by: itsjeyd

... to improve quality of user-visible feedback from password validation.

The form now behaves like this w/r/t password validation: When user enters password it is validated on the client, and the form displays feedback (suggestions and warnings) from zxcvbn. If a user goes ahead and submits the form while password strength is still too low, the server rejects the submission based on the password strength computed on the client, and the form displays a generic error message: "Please use a stronger password: avoid common patterns and make it long enough to be difficult to crack.". At this point, the input field for "password" is empty (since django-angular clears contents of password fields by default), so it wouldn't make sense to display feedback that is specific to a given password. Then, when the user enters another password, client side validation kicks in again and displays password-specific feedback from zxcvbn (until the password is strong enough).

Use js version of zxcvbn

Merge request reports