diff --git a/src/components/views/auth/RegistrationForm.js b/src/components/views/auth/RegistrationForm.js index 6e55581af0..eb77e125af 100644 --- a/src/components/views/auth/RegistrationForm.js +++ b/src/components/views/auth/RegistrationForm.js @@ -76,6 +76,7 @@ module.exports = React.createClass({ password: "", passwordConfirm: "", passwordComplexity: null, + passwordUnsafe: false, }; }, @@ -270,12 +271,23 @@ module.exports = React.createClass({ } const { scorePassword } = await import('../../../utils/PasswordScorer'); const complexity = scorePassword(value); + const unsafe = complexity.score < PASSWORD_MIN_SCORE; + const allowUnsafe = SdkConfig.get()["dangerously_allow_unsafe_and_insecure_passwords"]; this.setState({ passwordComplexity: complexity, + passwordUnsafe: unsafe, }); - return complexity.score >= PASSWORD_MIN_SCORE; + return allowUnsafe || !unsafe; + }, + valid: function() { + // Unsafe passwords that are valid are only possible through a + // configuration flag. We'll print some helper text to signal + // to the user that their password is allowed, but unsafe. + if (this.state.passwordUnsafe) { + return _t("Password is allowed, but unsafe"); + } + return _t("Nice, strong password!"); }, - valid: () => _t("Nice, strong password!"), invalid: function() { const complexity = this.state.passwordComplexity; if (!complexity) { diff --git a/src/i18n/strings/en_EN.json b/src/i18n/strings/en_EN.json index eaea057b36..273ca8a571 100644 --- a/src/i18n/strings/en_EN.json +++ b/src/i18n/strings/en_EN.json @@ -1327,6 +1327,7 @@ "Enter email address (required on this homeserver)": "Enter email address (required on this homeserver)", "Doesn't look like a valid email address": "Doesn't look like a valid email address", "Enter password": "Enter password", + "Password is allowed, but unsafe": "Password is allowed, but unsafe", "Nice, strong password!": "Nice, strong password!", "Keep going...": "Keep going...", "Passwords don't match": "Passwords don't match",