From 9aa9183cc3e90d0bbd9e94e7612b264ed6d00c9a Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Mon, 26 Mar 2018 12:35:51 -0400
Subject: [PATCH] implementing zxcvbn in reset-code tpl, re: #6400

---
 public/src/client/reset_code.js | 5 ++++-
 src/controllers/index.js        | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/public/src/client/reset_code.js b/public/src/client/reset_code.js
index b62a682273..94fceca534 100644
--- a/public/src/client/reset_code.js
+++ b/public/src/client/reset_code.js
@@ -1,7 +1,7 @@
 'use strict';
 
 
-define('forum/reset_code', function () {
+define('forum/reset_code', ['zxcvbn'], function (zxcvbn) {
 	var	ResetCode = {};
 
 	ResetCode.init = function () {
@@ -12,10 +12,13 @@ define('forum/reset_code', function () {
 		var repeat = $('#repeat');
 
 		resetEl.on('click', function () {
+			var strength = zxcvbn(password.val());
 			if (password.val().length < ajaxify.data.minimumPasswordLength) {
 				app.alertError('[[reset_password:password_too_short]]');
 			} else if (password.val() !== repeat.val()) {
 				app.alertError('[[reset_password:passwords_do_not_match]]');
+			} else if (strength.score < ajaxify.data.minimumPasswordStrength) {
+				app.alertError('[[user:weak_password]]');
 			} else {
 				resetEl.prop('disabled', true).html('<i class="fa fa-spin fa-refresh"></i> Changing Password');
 				socket.emit('user.reset.commit', {
diff --git a/src/controllers/index.js b/src/controllers/index.js
index 9dccc94aa3..550130ce92 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -50,6 +50,7 @@ Controllers.reset = function (req, res, next) {
 					displayExpiryNotice: req.session.passwordExpired,
 					code: req.params.code,
 					minimumPasswordLength: parseInt(meta.config.minimumPasswordLength, 10),
+					minimumPasswordStrength: parseInt(meta.config.minimumPasswordStrength, 10),
 					breadcrumbs: helpers.buildBreadcrumbs([
 						{
 							text: '[[reset_password:reset_password]]',