The script is from: https://github.com/ablanco/jquery.pwstrength.bootstrap

I have tested this item unsuccessfully on 6ee8486

First of all, thanks for that as I asked for such a long time (next step the password generator? - run MAT )

Step 1 (create a new user) works fine with 2 notes:
-see the screenshot for the width of the Strength Meter
-IMHO (but an english speaker would help better than me): the red "Your password is too short" could be better as it makes you think you can not save even if it is "just" a warning.

Step 2 (new install)
For sure I missed something but I can not reproduce with the Strength Meter...

@MAT978 The veeeery long progress bar is just some css work that needs to de done in each template. This PR was made initially to indicate the password strength in the installation process, and in that window the progress bar behaves a lot better. So I wouldn’t try to cover all the templates with this PR. Now about the warning: are you asking to just drop the progress bar and leave only the messages?

@dgt41 My tarzanBrokenFrenglish let me think that "your password is too short" is imperative for having the ability to register (which is not the case and it's fine like this because, IMHO, it should remain a simple "advice"). I would see something more like: "you should use a stronger password" but for sure, I will leave this job to native English... ;)

@MAT978 these are the original strings from https://github.com/ablanco/jquery.pwstrength.bootstrap
But we can change them as there are in the language files of Joomla. So feel free to propose any changes:

JFIELD_PASSWORD_CHARCLASS="Use different character classes"
JFIELD_PASSWORD_LENGTH="Your password is too short"
JFIELD_PASSWORD_NOEMAIL="Do not use your email as your password"
JFIELD_PASSWORD_USERNAME="Your password cannot contain your username"
JFIELD_PASSWORD_WORDREP="Too many repetitions"
JFIELD_PASSWORD_WORDSEQ="Your password contains sequences"

@dgt41 Great stuff. Only thing is the JFIELD_PASSWORD_LENGTH which sounds like it will be confusing with the existing setting for required password length

Would it make sense to use the minimum characters parameter in com_users (https://github.com/joomla/joomla-cms/blob/staging/administrator/components/com_users/config.xml#L132-L141) to inject into the JS script here: https://github.com/joomla/joomla-cms/pull/8513/files#diff-92c5eae4ca8022242227f989903d7394R177 ?

Also as in the form field we aren't linking to a username field does it not make sense to disable this option?

Also as in the form field we aren't linking to a username field does it not make sense to disable this option?

Would be cool if we optionally allow this feature. Like in the XML you can specify the username field and then it checks that. Not sure how the JS works :)

@Bakual @wilsonge ok done!

@dgt41 I think what @wilsonge meant was to retrieve the setting from com_users to determine the minimum length. Which imho makes sense to do.
Obviously, during installation this may not work because the stuff isn't set up yet properly. It should be possible to work around it by using a default value of 4 when in installation application.
Setting it in the XML makes not much sense to me.

@Bakual we can extend the field to incorporate the value from com_users, but I thought that first and foremost this was supposed to be used in the installation process. Anyways I will try to fix that when I'll get back to my pc :)

It's a formfield which is available to any extension developer. Thus the attributes should make sense for them as well.
And once this is in, I sure think we should do it for the profile and registration views as well. But keep it to the installation in this PR for now

When testing I can confirm it works nicely. I like also the checks if you have sequences (eg 123) in the password and using the username triggers an error now as well. So that works nicely.

A small issue I found where I don't have yet found the source is when you enter two different passwords and send the form. The form gets rejected with an error and reloads for obvious reasons. But in that reloaded form the password strength meter doesn't work anymore. If I reload the form using browser reload, it works again.

Make the indicator available also on com_users:

Does this script actually prevent having username in the password?
If it does not then the message is shouldn't not can't
I

This is only an indicator, the rules for the password are in the validator script and I think you can have the same username and password

@dgt41 Have a look what I did here: https://github.com/dgt41/joomla-cms/compare/installationPass...Bakual:PasswordStrength?expand=1
Unfortunately I did it on a newer staging than your PR so it shows some additional commits, but I think you get the idea.

If its only an indicator then the string needs changing

@brianteeman I already did that change

Setting milestone to 3.6.0 since we're already in language freeze mode for installation folder.

This PR has received new commits.

CC: @MAT978

I have tested this item successfully on 0df5416

Test went smoothly. Tested for user name in password as well as password length.

I don't see the layout on new user registration.

I have tested this item successfully on 0df5416

works. We need to clear the cache for the backend. Thanks @wilsonge

RTC

Thank you for creating this. It’s been some time since you created this and there are now some merge conflicts that prevent a direct merge. To save time I have created a new Pull Request from your code and am closing this here.

Check #10307.

@dgt41 Can you please create a new PR and reference to this one. GitHub does not allow me to re-open this PR. I will close my other PR now. Thank you!