diff --git a/src/components/views/auth/RegistrationForm.js b/src/components/views/auth/RegistrationForm.js index 654387e196..33df42be15 100644 --- a/src/components/views/auth/RegistrationForm.js +++ b/src/components/views/auth/RegistrationForm.js @@ -76,6 +76,7 @@ module.exports = React.createClass({ password: "", passwordConfirm: "", passwordComplexity: null, + passwordSafe: false, }; }, @@ -274,12 +275,23 @@ module.exports = React.createClass({ } const { scorePassword } = await import('../../../utils/PasswordScorer'); const complexity = scorePassword(value); + const safe = complexity.score >= PASSWORD_MIN_SCORE; + const allowUnsafe = SdkConfig.get()["dangerously_allow_unsafe_and_insecure_passwords"]; this.setState({ passwordComplexity: complexity, + passwordSafe: safe, }); - return complexity.score >= PASSWORD_MIN_SCORE; + return allowUnsafe || safe; + }, + valid: function() { + // Unsafe passwords that are valid are only possible through a + // configuration flag. We'll print some helper text to signal + // to the user that their password is allowed, but unsafe. + if (!this.state.passwordSafe) { + return _t("Password is allowed, but unsafe"); + } + return _t("Nice, strong password!"); }, - valid: () => _t("Nice, strong password!"), invalid: function() { const complexity = this.state.passwordComplexity; if (!complexity) { diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json index 31ac646926..e407d92630 100644 --- a/src/i18n/strings/en_EN.json +++ b/src/i18n/strings/en_EN.json @@ -1331,6 +1331,7 @@ "Enter email address (required on this homeserver)": "Enter email address (required on this homeserver)", "Doesn't look like a valid email address": "Doesn't look like a valid email address", "Enter password": "Enter password", + "Password is allowed, but unsafe": "Password is allowed, but unsafe", "Nice, strong password!": "Nice, strong password!", "Keep going...": "Keep going...", "Passwords don't match": "Passwords don't match",