diff --git a/core/modules/user/config/user.settings.yml b/core/modules/user/config/user.settings.yml index b4c8a58..3b53e41 100644 --- a/core/modules/user/config/user.settings.yml +++ b/core/modules/user/config/user.settings.yml @@ -14,3 +14,4 @@ register: visitors signatures: '0' cancel_method: user_cancel_block password_reset_timeout: '86400' +password_strength: '1' diff --git a/core/modules/user/lib/Drupal/user/Tests/UserCreateTest.php b/core/modules/user/lib/Drupal/user/Tests/UserCreateTest.php index f728123..9e45071 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserCreateTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserCreateTest.php @@ -36,6 +36,17 @@ protected function testUserAdd() { $this->assertFieldbyId('edit-status-1', 1, 'The user status option Active exists.', 'User login'); $this->assertFieldByXPath('//input[@type="radio" and @id="edit-status-1" and @checked="checked"]', NULL, 'Default setting for user status is active.'); + // Test that the password strength indicator displays. + $config = config('user.settings'); + + $config->set('password_strength', TRUE)->save(); + $this->drupalGet('admin/people/create'); + $this->assertRaw(t('Password strength:'), 'The password strength widget is displayed.'); + + $config->set('password_strength', FALSE)->save(); + $this->drupalGet('admin/people/create'); + $this->assertNoRaw(t('Password strength:'), 'The password strength widget is not displayed.'); + // We create two users, notifying one and not notifying the other, to // ensure that the tests work in both cases. foreach (array(FALSE, TRUE) as $notify) { @@ -64,4 +75,5 @@ protected function testUserAdd() { $this->assertEqual($user->status == 1, 'User is not blocked'); } } + } diff --git a/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php b/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php index 0cd38e4..f73d78c 100644 --- a/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php +++ b/core/modules/user/lib/Drupal/user/Tests/UserEditTest.php @@ -76,6 +76,18 @@ function testUserEdit() { $user1->pass_raw = $new_pass; $this->drupalLogin($user1); $this->drupalLogout(); + + // Test that the password strength indicator displays. + $config = config('user.settings'); + $this->drupalLogin($user1); + + $config->set('password_strength', TRUE)->save(); + $this->drupalPost("user/$user1->uid/edit", $edit, t('Save')); + $this->assertRaw(t('Password strength:'), 'The password strength widget is displayed.'); + + $config->set('password_strength', FALSE)->save(); + $this->drupalPost("user/$user1->uid/edit", $edit, t('Save')); + $this->assertNoRaw(t('Password strength:'), 'The password strength widget is not displayed.'); } /** diff --git a/core/modules/user/user.admin.inc b/core/modules/user/user.admin.inc index 06ac8d2..cd89363 100644 --- a/core/modules/user/user.admin.inc +++ b/core/modules/user/user.admin.inc @@ -325,6 +325,18 @@ function user_admin_settings($form, &$form_state) { $form['language'] += translation_entity_enable_widget('user', 'user', $form, $form_state); } + $form['pass_strength'] = array( + '#type' => 'fieldset', + '#title' => t('Pass strength check'), + ); + + $form['pass_strength']['user_password_strength'] = array( + '#type' => 'checkbox', + '#title' => t('Enable password strength check'), + '#default_value' => $config->get('password_strength'), + '#description' => t('Enable password strength checking during account creation and modification.') + ); + // User registration settings. $form['registration_cancellation'] = array( '#type' => 'details', @@ -607,6 +619,7 @@ function user_admin_settings_submit($form, &$form_state) { ->set('anonymous', $form_state['values']['anonymous']) ->set('admin_role', $form_state['values']['user_admin_role']) ->set('register', $form_state['values']['user_register']) + ->set('password_strength', $form_state['values']['user_password_strength']) ->set('verify_mail', $form_state['values']['user_email_verification']) ->set('signatures', $form_state['values']['user_signatures']) ->set('cancel_method', $form_state['values']['user_cancel_method']) diff --git a/core/modules/user/user.js b/core/modules/user/user.js index 8e0e135..2ae0897 100644 --- a/core/modules/user/user.js +++ b/core/modules/user/user.js @@ -29,6 +29,30 @@ Drupal.behaviors.password = { innerWrapper.prepend(passwordMeter); var passwordDescription = outerWrapper.find('div.password-suggestions').hide(); + // Check that password and confirmation inputs match. + var passwordCheckMatch = function () { + + if (confirmInput.val()) { + var success = passwordInput.val() === confirmInput.val(); + + // Show the confirm result. + confirmResult.css({ visibility: 'visible' }); + + // Remove the previous styling if any exists. + if (this.confirmClass) { + confirmChild.removeClass(this.confirmClass); + } + + // Fill in the success message and set the class accordingly. + var confirmClass = success ? 'ok' : 'error'; + confirmChild.html(translate['confirm' + (success ? 'Success' : 'Failure')]).addClass(confirmClass); + this.confirmClass = confirmClass; + } + else { + confirmResult.css({ visibility: 'hidden' }); + } + }; + // Check the password strength. var passwordCheck = function () { @@ -59,30 +83,6 @@ Drupal.behaviors.password = { passwordCheckMatch(); }; - // Check that password and confirmation inputs match. - var passwordCheckMatch = function () { - - if (confirmInput.val()) { - var success = passwordInput.val() === confirmInput.val(); - - // Show the confirm result. - confirmResult.css({ visibility: 'visible' }); - - // Remove the previous styling if any exists. - if (this.confirmClass) { - confirmChild.removeClass(this.confirmClass); - } - - // Fill in the success message and set the class accordingly. - var confirmClass = success ? 'ok' : 'error'; - confirmChild.html(translate['confirm' + (success ? 'Success' : 'Failure')]).addClass(confirmClass); - this.confirmClass = confirmClass; - } - else { - confirmResult.css({ visibility: 'hidden' }); - } - }; - // Monitor keyup and blur events. // Blur must be used because a mouse paste does not trigger keyup. passwordInput.keyup(passwordCheck).focus(passwordCheck).blur(passwordCheck); diff --git a/core/modules/user/user.module b/core/modules/user/user.module index 7dabb6d..6220ed4 100644 --- a/core/modules/user/user.module +++ b/core/modules/user/user.module @@ -2752,10 +2752,17 @@ function _user_mail_notify($op, $account, $langcode = NULL) { * @see system_element_info() */ function user_form_process_password_confirm($element) { - global $user; + $password_settings = array( + 'confirmTitle' => t('Passwords match:'), + 'confirmSuccess' => t('yes'), + 'confirmFailure' => t('no'), + ); - $js_settings = array( - 'password' => array( + if (config('user.settings')->get('password_strength')) { + + global $user; + + $password_settings += array( 'strengthTitle' => t('Password strength:'), 'hasWeaknesses' => t('To make your password stronger:'), 'tooShort' => t('Make it at least 6 characters'), @@ -2764,15 +2771,16 @@ function user_form_process_password_confirm($element) { 'addNumbers' => t('Add numbers'), 'addPunctuation' => t('Add punctuation'), 'sameAsUsername' => t('Make it different from your username'), - 'confirmSuccess' => t('yes'), - 'confirmFailure' => t('no'), 'weak' => t('Weak'), 'fair' => t('Fair'), 'good' => t('Good'), 'strong' => t('Strong'), - 'confirmTitle' => t('Passwords match:'), 'username' => (isset($user->name) ? $user->name : ''), - ), + ); + } + + $js_settings = array( + 'password' => $password_settings, ); $element['#attached']['library'][] = array('user', 'drupal.user');