Merge pull request #2947 from matrix-org/travis/password-score-config

Add configuration flag to disable minimum password requirements
2019-05-13 09:19:23 -06:00 · 2019-05-13 09:19:23 -06:00 · 201fef8b11
parent f5aa32bc96 4ffd826e76
commit 201fef8b11
2 changed files with 15 additions and 2 deletions
--- a/src/components/views/auth/RegistrationForm.js
+++ b/src/components/views/auth/RegistrationForm.js
@ -76,6 +76,7 @@ module.exports = React.createClass({
            password: "",
            passwordConfirm: "",
            passwordComplexity: null,
+            passwordSafe: false,
        };
    },

@ -274,12 +275,23 @@ module.exports = React.createClass({
                    }
                    const { scorePassword } = await import('../../../utils/PasswordScorer');
                    const complexity = scorePassword(value);
+                    const safe = complexity.score >= PASSWORD_MIN_SCORE;
+                    const allowUnsafe = SdkConfig.get()["dangerously_allow_unsafe_and_insecure_passwords"];
                    this.setState({
                        passwordComplexity: complexity,
+                        passwordSafe: safe,
                    });
-                    return complexity.score >= PASSWORD_MIN_SCORE;
+                    return allowUnsafe || safe;
+                },
+                valid: function() {
+                    // Unsafe passwords that are valid are only possible through a
+                    // configuration flag. We'll print some helper text to signal
+                    // to the user that their password is allowed, but unsafe.
+                    if (!this.state.passwordSafe) {
+                        return _t("Password is allowed, but unsafe");
+                    }
+                    return _t("Nice, strong password!");
                },
-                valid: () => _t("Nice, strong password!"),
                invalid: function() {
                    const complexity = this.state.passwordComplexity;
                    if (!complexity) {
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@ -1331,6 +1331,7 @@
    "Enter email address (required on this homeserver)": "Enter email address (required on this homeserver)",
    "Doesn't look like a valid email address": "Doesn't look like a valid email address",
    "Enter password": "Enter password",
+    "Password is allowed, but unsafe": "Password is allowed, but unsafe",
    "Nice, strong password!": "Nice, strong password!",
    "Keep going...": "Keep going...",
    "Passwords don't match": "Passwords don't match",