/**

 * @output wp-admin/js/password-strength-meter.js

 */

/* global zxcvbn */

window.wp = window.wp || {};

(function($){

	var __ = wp.i18n.__,

		sprintf = wp.i18n.sprintf;

	/**

	 * Contains functions to determine the password strength.

	 *

	 * @since 3.7.0

	 *

	 * @namespace

	 */

	wp.passwordStrength = {

		/**

		 * Determines the strength of a given password.

		 *

		 * Compares first password to the password confirmation.

		 *

		 * @since 3.7.0

		 *

		 * @param {string} password1       The subject password.

		 * @param {Array}  disallowedList An array of words that will lower the entropy of

		 *                                 the password.

		 * @param {string} password2       The password confirmation.

		 *

		 * @return {number} The password strength score.

		 */

		meter : function( password1, disallowedList, password2 ) {

			if ( ! Array.isArray( disallowedList ) )

				disallowedList = [ disallowedList.toString() ];

			if (password1 != password2 && password2 && password2.length > 0)

				return 5;

			if ( 'undefined' === typeof window.zxcvbn ) {

				// Password strength unknown.

				return -1;

			}

			var result = zxcvbn( password1, disallowedList );

			return result.score;

		},

		/**

		 * Builds an array of words that should be penalized.

		 *

		 * Certain words need to be penalized because it would lower the entropy of a

		 * password if they were used. The disallowedList is based on user input fields such

		 * as username, first name, email etc.

		 *

		 * @since 3.7.0

		 * @deprecated 5.5.0 Use {@see 'userInputDisallowedList()'} instead.

		 *

		 * @return {string[]} The array of words to be disallowed.

		 */

		userInputBlacklist : function() {

			window.console.log(

				sprintf(

					/* translators: 1: Deprecated function name, 2: Version number, 3: Alternative function name. */

					__( '%1$s is deprecated since version %2$s! Use %3$s instead. Please consider writing more inclusive code.' ),

					'wp.passwordStrength.userInputBlacklist()',

					'5.5.0',

					'wp.passwordStrength.userInputDisallowedList()'

				)

			);

			return wp.passwordStrength.userInputDisallowedList();

		},

		/**

		 * Builds an array of words that should be penalized.

		 *

		 * Certain words need to be penalized because it would lower the entropy of a

		 * password if they were used. The disallowed list is based on user input fields such

		 * as username, first name, email etc.

		 *

		 * @since 5.5.0

		 *

		 * @return {string[]} The array of words to be disallowed.

		 */

		userInputDisallowedList : function() {

			var i, userInputFieldsLength, rawValuesLength, currentField,

				rawValues       = [],

				disallowedList  = [],

				userInputFields = [ 'user_login', 'first_name', 'last_name', 'nickname', 'display_name', 'email', 'url', 'description', 'weblog_title', 'admin_email' ];

			// Collect all the strings we want to disallow.

			rawValues.push( document.title );

			rawValues.push( document.URL );

			userInputFieldsLength = userInputFields.length;

			for ( i = 0; i < userInputFieldsLength; i++ ) {

				currentField = $( '#' + userInputFields[ i ] );

				if ( 0 === currentField.length ) {

					continue;

				}

				rawValues.push( currentField[0].defaultValue );

				rawValues.push( currentField.val() );

			}

			/*

			 * Strip out non-alphanumeric characters and convert each word to an

			 * individual entry.

			 */

			rawValuesLength = rawValues.length;

			for ( i = 0; i < rawValuesLength; i++ ) {

				if ( rawValues[ i ] ) {

					disallowedList = disallowedList.concat( rawValues[ i ].replace( /\W/g, ' ' ).split( ' ' ) );

				}

			}

			/*

			 * Remove empty values, short words and duplicates. Short words are likely to

			 * cause many false positives.

			 */

			disallowedList = $.grep( disallowedList, function( value, key ) {

				if ( '' === value || 4 > value.length ) {

					return false;

				}

				return $.inArray( value, disallowedList ) === key;

			});

			return disallowedList;

		}

	};

	// Backward compatibility.

	/**

	 * Password strength meter function.

	 *

	 * @since 2.5.0

	 * @deprecated 3.7.0 Use wp.passwordStrength.meter instead.

	 *

	 * @global

	 *

	 * @type {wp.passwordStrength.meter}

	 */

	window.passwordStrength = wp.passwordStrength.meter;

})(jQuery);