GB Password Strength

glowingblue

open-graph-image

Low-budget password strength estimation for your forum.

Originally this extension has been created by @Kylo (see discussion). Glowing Blue has taken the original idea and created a new implementation that works with the latest version of Flarum and is more seamlessly integrated into the existing flarum/core code. Old settings should be migrated to the new namespace.

Indicator

Click to view settings screenshot

🦸 Features

Based on zxcvbn (by DropBox).
Password strength is labeled as 'Weak', 'Could be stronger' and 'Strong'.
Customizable display modes.
Compatible with nearata/flarum-ext-signup-confirm-password.

📥 Installation

composer require glowingblue/password-strength:*

♻ Updating

composer update glowingblue/password-strength
php flarum cache:clear

🚫 Conflicts

glowingblue/password-strength doesn't work with therealsujitk/flarum-ext-show-password which can be removed, as glowingblue/password-strength adds a very similar functionality.

📖 Usage

Just enable the extension and customize if you wish.

📝 To-do

I have no idea about how to implement it inside the reset password blade but you're very welcome to guide me or open a pull request on GitHub.

🔗 Links

DursunCan

glowingblue Thanks for your effort 💖

CSS broken with the Sign Up Confirm Password extension.
https://prnt.sc/z4ckhh

iPurpl3x

DursunCan CSS broken with the Sign Up Confirm Password extension.

Thank you for the feedback, I'll take a look today.

Trombert Add that it is important to disable the Show Password extension as they conflict with each other

I will add a note for that or add something that makes them work seamlessly together, thanks for letting me know.

Trombert it turns out that the culprit is the password visibility toggle switch built into the extension itself, there seems to be something wrong there that causes this error.

And thanks for your extensive testing, I will try to fix that in the next update.

Trombert

I am very glad that you have recovered this extension!!! it was a very good idea from @Kylo

Add that it is important to disable the Show Password extension as they conflict with each other as you can see in the images:

tolgaaaltas

I think the next one will be Kylo . 😃 Thank you Glowing Blue team.

Trombert

I have had to disable the extension due to a very critical bug, with the extension enabled it does not allow users to log in, I have not yet been able to test if it allows registration. Here are the console errors when trying to log in:

I will try to get more details in a few hours.

Trombert

Trombert After being a while the truth that I have not managed to achieve if the culprit is another extension (this being complicated with 71 extensions installed 😅) that conflicts, I would say no, if someone has it installed and it works would be a great favor to pass your php flarum info to rule out various extensions.

askvortsov

Trombert My guess would be something with the username change request extension based on the message, not sure why it'd be conflicting though.

Trombert

askvortsov Surprisingly it wasn't the username change request extension either, it turns out that the culprit is the password visibility toggle switch built into the extension itself, there seems to be something wrong there that causes this error.

By deactivating it, it has started to work without any problem, even enabling some extensions I thought suspicious.

iPurpl3x

@DursunCan & @Trombert This update should fix your issues. Thanks again for your feedback.

Release v2.0.1

Thank you for reporting bugs and feedback!

Changelog:

Fixed things so that it is actually possible to log-in or sign-up. In the previous release, the value of the password field was not saved correctly 🙈.
Compatibility with nearata/flarum-ext-signup-confirm-password
Conflict with therealsujitk/flarum-ext-show-password

matteocontrini

Is there a reason why this extension amounts for almost 1 MB of the forum bundle? 🤔 it's like double what core weighs...

IanM

3.0.0

Switch package from zxcvbn to zxcvbn-ts as suggested wonderbeel (Bundle size drastically reduced as well matteocontrini )
Updated for Flarum 1.0 🎆

Note There is no beta 16 support from this extension, 2.0.1 is the latest release for beta 15, 3.0.0 requires Flarum 1.0 or above

❗️ Not compatible with beta 16, but compatible with beta 15 and lower or v1.0 and up.

wonderbeel

Seems to be related to bundling the entire zxcvbn here.
Dropbox has some suggestions to improve the performance hit,I am still looking around to understand how flarum works but I think that it shouldn't be too difficult to load the library asyncronously.

matteocontrini

wonderbeel Flarum doesn't support lazy loading, but it's always possible to load an external file "on demand". For example the Emoji Picker extension by @clarkwinkelmann does that, and I think also @Kyrne's Websocket extension.

wonderbeel

Yup, something similar to this should work in this case.
BTW looking at the issues it seems that zxcvbn isn't mantained anymore and that there is a newer fork that supports i18n and multiple keyboard layouts, maybe it is better to make the switch?

iPurpl3x

wonderbeel Good to know, I will take a look when I have some time.

[deleted]

@anyModerator please add incompatible tag as it is not supported for 16 beta

luceos

[deleted] thanks for letting us know, feel free to use the flag functionality next time 😉

IanM

Cross posting from here

I've been commissioned by @glowingblue to update this extension in the coming days ready for Flarum 1.0

Either myself or @glowingblue / @iPurpl3x will post back here once it's ready