password-strength-meter.js 4.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. /* global passwordStrength, wp, jQuery */
  2. jQuery( function() {
  3. QUnit.module( 'password-strength-meter' );
  4. QUnit.test( 'mismatched passwords should return 5', function( assert ) {
  5. assert.equal( passwordStrength( 'password1', 'username', 'password2' ), 5, 'mismatched passwords return 5' );
  6. });
  7. QUnit.test( 'passwords shorter than 4 characters should return 0', function( assert ) {
  8. assert.equal( passwordStrength( 'abc', 'username', 'abc' ), 0, 'short passwords return 0' );
  9. });
  10. QUnit.test( 'long complicated passwords should return 4', function( assert ) {
  11. var password = function( length ) {
  12. var i, n, retVal = '',
  13. possibility = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
  14. for ( i = 0, n = possibility.length; i < length; i++ ) {
  15. retVal += possibility.charAt( Math.floor( Math.random() * n ) );
  16. }
  17. return retVal + 'aB2'; // Add a lower case, uppercase and number just to make sure we always have one of each.
  18. },
  19. twofifty = password( 250 );
  20. assert.equal( passwordStrength( twofifty, 'username', twofifty ), 4, '250 character complicated password returns 4' );
  21. });
  22. QUnit.test( 'short uncomplicated passwords should return 0', function( assert ) {
  23. var letters = 'aaaa',
  24. numbers = '1111',
  25. password = 'password',
  26. uppercase = 'AAAA';
  27. assert.equal( passwordStrength( letters, 'username', letters ), 0, 'password of `' + letters + '` returns 0' );
  28. assert.equal( passwordStrength( numbers, 'username', numbers ), 0, 'password of `' + numbers + '` returns 0' );
  29. assert.equal( passwordStrength( uppercase, 'username', uppercase ), 0, 'password of `' + uppercase + '` returns 0' );
  30. assert.equal( passwordStrength( password, 'username', password ), 0, 'password of `' + password + '` returns 0' );
  31. });
  32. QUnit.test( 'zxcvbn password tests should return the score we expect', function( assert ) {
  33. var passwords, i;
  34. passwords = [
  35. { pw: 'zxcvbn', score: 0 },
  36. { pw: 'qwER43@!', score: 2 },
  37. { pw: 'Tr0ub4dour&3', score: 2 },
  38. { pw: 'correcthorsebatterystaple', score: 4 },
  39. { pw: 'coRrecth0rseba++ery9.23.2007staple$', score: 4 },
  40. { pw: 'D0g..................', score: 1 },
  41. { pw: 'abcdefghijk987654321', score: 1 },
  42. { pw: 'neverforget13/3/1997', score: 3 },
  43. { pw: '1qaz2wsx3edc', score: 0 },
  44. { pw: 'temppass22', score: 1 },
  45. { pw: 'briansmith', score: 1 },
  46. { pw: 'briansmith4mayor', score: 4 },
  47. { pw: 'password1', score: 0 },
  48. { pw: 'viking', score: 0 },
  49. { pw: 'thx1138', score: 0 },
  50. { pw: 'ScoRpi0ns', score: 1 },
  51. { pw: 'do you know', score: 3 },
  52. { pw: 'ryanhunter2000', score: 3 },
  53. { pw: 'rianhunter2000', score: 3 },
  54. { pw: 'asdfghju7654rewq', score: 3 },
  55. { pw: 'AOEUIDHG&*()LS_', score: 3 },
  56. { pw: '12345678', score: 0 },
  57. { pw: 'defghi6789', score: 1 },
  58. { pw: 'rosebud', score: 0 },
  59. { pw: 'Rosebud', score: 0 },
  60. { pw: 'ROSEBUD', score: 0 },
  61. { pw: 'rosebuD', score: 0 },
  62. { pw: 'ros3bud99', score: 1 },
  63. { pw: 'r0s3bud99', score: 1 },
  64. { pw: 'R0$38uD99', score: 2 },
  65. { pw: 'verlineVANDERMARK', score: 4 },
  66. { pw: 'eheuczkqyq', score: 3 },
  67. { pw: 'rWibMFACxAUGZmxhVncy', score: 4 },
  68. { pw: 'Ba9ZyWABu99[BK#6MBgbH88Tofv)vs$w', score: 4 },
  69. { pw: 'foo foo foo foo', score: 2 }
  70. ];
  71. for ( i = 0; i < passwords.length; i++ ) {
  72. assert.equal( passwordStrength( passwords[i].pw, 'username', passwords[i].pw ), passwords[i].score, 'password of `' + passwords[i].pw + '` returns ' + passwords[i].score );
  73. }
  74. });
  75. QUnit.test( 'disallowed words in password should be penalized', function( assert ) {
  76. var allowedPasswordScore, penalizedPasswordScore,
  77. allowedPassword = 'a[janedoefoe]4',
  78. penalizedPassword = 'a[johndoefoe]4',
  79. disallowedList = [ 'extra', 'johndoefoe', 'superfluous' ];
  80. allowedPasswordScore = passwordStrength( allowedPassword, disallowedList, allowedPassword );
  81. penalizedPasswordScore = passwordStrength( penalizedPassword, disallowedList, penalizedPassword );
  82. assert.ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
  83. });
  84. QUnit.test( 'user input disallowed list array should contain expected words', function( assert ) {
  85. var disallowedList = wp.passwordStrength.userInputDisallowedList();
  86. assert.ok( jQuery.isArray( disallowedList ), 'disallowed list is an array' );
  87. assert.ok( jQuery.inArray( 'WordPress', disallowedList ) > -1, 'disallowed list contains "WordPress" from page title' );
  88. assert.ok( jQuery.inArray( 'tests', disallowedList ) > -1, 'disallowed list contains "tests" from site URL' );
  89. });
  90. });