From 94e03ce09fa06c7b9109ce4d57b5b62767ef9789 Mon Sep 17 00:00:00 2001
From: Jon Cave <duck_@git.wordpress.org>
Date: Thu, 29 Aug 2013 22:28:32 +0000
Subject: [PATCH] Test that passwords containing the username are penalised.

Tidy up some spelling, indentation and whitespace whilst we're at it.

Props iandunn. See #25088.


git-svn-id: https://develop.svn.wordpress.org/trunk@25175 602fd350-edb4-49c9-b593-d223f7449a82
---
 .../wp-admin/js/password-strength-meter.js    | 108 ++++++++++--------
 1 file changed, 60 insertions(+), 48 deletions(-)

diff --git a/tests/qunit/wp-admin/js/password-strength-meter.js b/tests/qunit/wp-admin/js/password-strength-meter.js
index 4ab5e2e171..4e7c47710e 100644
--- a/tests/qunit/wp-admin/js/password-strength-meter.js
+++ b/tests/qunit/wp-admin/js/password-strength-meter.js
@@ -1,20 +1,20 @@
 jQuery(function() {
 	module('password-strength-meter');
 
-	test('missmached passwords should return 5', function(){
-		equal( passwordStrength( 'password1',  'username', 'password2' ) , 5, 'miss matched passwords return 5');
+	test('mismatched passwords should return 5', function(){
+		equal( passwordStrength( 'password1',  'username', 'password2' ) , 5, 'mismatched passwords return 5');
 	});
 
-	test('passwords shorter than 4 charachters should return 0', function(){
+	test('passwords shorter than 4 characters should return 0', function(){
 		equal( passwordStrength( 'abc',  'username', 'abc' ) , 0, 'short passwords return 0');
 	});
 
 	test('long complicated passwords should return 4', function(){
 		var password = function( length ){
-			var possability = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
+			var possibility = 'abcdefghijklnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',
 				retVal = "";
-			for( var i = 0, n = possability.length; i < length; ++i) {
-				retVal += possability.charAt( Math.floor( Math.random() * n ) );
+			for (var i = 0, n = possibility.length; i < length; ++i) {
+				retVal += possibility.charAt( Math.floor( Math.random() * n ) );
 			}
 			return retVal + 'aB2'; // add a lower case, uppercase and number just to make sure we always have one of each
 		},
@@ -26,7 +26,7 @@ jQuery(function() {
 	test('short uncomplicated passwords should return 0', function(){
 		var letters = 'aaaa',
 			numbers = '1111',
-            password = 'password',
+			password = 'password',
 			uppercase = 'AAAA';
 		equal( passwordStrength( letters, 'username', letters ), 0, 'password of `' + letters + '` returns 0' );
 		equal( passwordStrength( numbers, 'username', numbers ), 0, 'password of `' + numbers + '` returns 0' );
@@ -34,46 +34,58 @@ jQuery(function() {
 		equal( passwordStrength( password, 'username', password ), 0, 'password of `' + password + '` returns 0' );
 	});	
 
-    test('zxcvbn passward tests should return the score we expect', function(){
-        var passwords = [
-            { pw: 'zxcvbn', score: 0},
-            { pw: 'qwER43@!', score: 1},
-            { pw: 'Tr0ub4dour&3', score: 2},
-            { pw: 'correcthorsebatterystaple', score: 4},
-            { pw: 'coRrecth0rseba++ery9.23.2007staple$', score: 4},
-            { pw: 'D0g..................', score: 0},
-            { pw: 'abcdefghijk987654321', score: 0},
-            { pw: 'neverforget13/3/1997', score: 2},
-            { pw: '1qaz2wsx3edc', score: 0},
-            { pw: 'temppass22', score: 1},
-            { pw: 'briansmith', score: 0},
-            { pw: 'briansmith4mayor', score: 0},
-            { pw: 'password1', score: 0},
-            { pw: 'viking', score: 0},
-            { pw: 'thx1138', score: 0},
-            { pw: 'ScoRpi0ns', score: 0},
-            { pw: 'do you know', score: 0},
-            { pw: 'ryanhunter2000', score: 0},
-            { pw: 'rianhunter2000', score: 1},
-            { pw: 'asdfghju7654rewq', score: 2},
-            { pw: 'AOEUIDHG&*()LS_', score: 2},
-            { pw: '12345678', score: 0},
-            { pw: 'defghi6789', score: 0},
-            { pw: 'rosebud', score: 0},
-            { pw: 'Rosebud', score: 0},
-            { pw: 'ROSEBUD', score: 0},
-            { pw: 'rosebuD', score: 0},
-            { pw: 'ros3bud99', score: 0},
-            { pw: 'r0s3bud99', score: 0},
-            { pw: 'R0$38uD99', score: 1},
-            { pw: 'verlineVANDERMARK', score: 1},
-            { pw: 'eheuczkqyq', score: 4},
-            { pw: 'rWibMFACxAUGZmxhVncy', score: 4},
-            { pw: 'Ba9ZyWABu99[BK#6MBgbH88Tofv)vs$w', score: 4}
-        ];
+	test('zxcvbn password tests should return the score we expect', function(){
+		var passwords = [
+			{ pw: 'zxcvbn', score: 0},
+			{ pw: 'qwER43@!', score: 1},
+			{ pw: 'Tr0ub4dour&3', score: 2},
+			{ pw: 'correcthorsebatterystaple', score: 4},
+			{ pw: 'coRrecth0rseba++ery9.23.2007staple$', score: 4},
+			{ pw: 'D0g..................', score: 0},
+			{ pw: 'abcdefghijk987654321', score: 0},
+			{ pw: 'neverforget13/3/1997', score: 2},
+			{ pw: '1qaz2wsx3edc', score: 0},
+			{ pw: 'temppass22', score: 1},
+			{ pw: 'briansmith', score: 0},
+			{ pw: 'briansmith4mayor', score: 0},
+			{ pw: 'password1', score: 0},
+			{ pw: 'viking', score: 0},
+			{ pw: 'thx1138', score: 0},
+			{ pw: 'ScoRpi0ns', score: 0},
+			{ pw: 'do you know', score: 0},
+			{ pw: 'ryanhunter2000', score: 0},
+			{ pw: 'rianhunter2000', score: 1},
+			{ pw: 'asdfghju7654rewq', score: 2},
+			{ pw: 'AOEUIDHG&*()LS_', score: 2},
+			{ pw: '12345678', score: 0},
+			{ pw: 'defghi6789', score: 0},
+			{ pw: 'rosebud', score: 0},
+			{ pw: 'Rosebud', score: 0},
+			{ pw: 'ROSEBUD', score: 0},
+			{ pw: 'rosebuD', score: 0},
+			{ pw: 'ros3bud99', score: 0},
+			{ pw: 'r0s3bud99', score: 0},
+			{ pw: 'R0$38uD99', score: 1},
+			{ pw: 'verlineVANDERMARK', score: 1},
+			{ pw: 'eheuczkqyq', score: 4},
+			{ pw: 'rWibMFACxAUGZmxhVncy', score: 4},
+			{ pw: 'Ba9ZyWABu99[BK#6MBgbH88Tofv)vs$w', score: 4}
+		];
 
-        for(var i=0; i < passwords.length; i++) {
-		    equal( passwordStrength( passwords[i].pw, 'username', passwords[i].pw ), passwords[i].score, 'password of `' + passwords[i].pw + '` returns '+passwords[i].score  );
-        }
-    });
+		for (var i=0; i < passwords.length; i++) {
+			equal( passwordStrength( passwords[i].pw, 'username', passwords[i].pw ), passwords[i].score, 'password of `' + passwords[i].pw + '` returns '+passwords[i].score );
+		}
+	});
+
+	test( 'username in password should be penalized', function() {
+		var allowedPasswordScore, penalizedPasswordScore,
+			allowedPassword   = 'a[janedoe]4',
+			penalizedPassword = 'a[johndoe]4',
+			username          = 'johndoe';
+
+		allowedPasswordScore = passwordStrength( allowedPassword, username, allowedPassword );
+		penalizedPasswordScore = passwordStrength( penalizedPassword, username, penalizedPassword );
+
+		ok( penalizedPasswordScore < allowedPasswordScore, 'Penalized password scored ' + penalizedPasswordScore + '; allowed password scored: ' + allowedPasswordScore );
+	} );
 });