Opened 6 weeks ago
Last modified 6 weeks ago
#9332 new defect (bug)
Nouveau: 'strong' password enforcement still enables submit button on `medium` strength
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 10.0.0 |
| Component: | Templates | Keywords: | has-patch needs-testing |
| Cc: |
Description
In BuddyPress 10, password enforcement was added (#8589).
If I set password enforcement to strong with:
define( 'BP_MEMBERS_REQUIRED_PASSWORD_STRENGTH', 4 )
or:
add_filter( 'bp_members_user_pass_required_strength', function() { return 4; } );
On the registration page or when on the "Settings > General" page, if a medium strength password is entered, the submit button is enabled when it should only be enabled when the password is strong. See attached GIF.
The problem is due to a conflict with enqueuing /wp-admin/js/user-profile.js: https://github.com/WordPress/WordPress/blob/dde3a47f0bc5ebbe792aa1bb572506953b59db63/wp-admin/js/user-profile.js#L434. user-profile.js re-enables the submit button even on medium strength. To solve this, we can add a small timeout in Nouveau's JS to ensure the submit button is disabled when our required password strength is not met. See attached patch.
Attached patch also re-initializes the passwordWarningContainer variable so it is able to find the injected #password-warning addition to the DOM. This fixes an issue where the password warning would not show up again when a strong password is edited to become a medium one on the first keydown.