Bug 1177911 - Determine and implement better password requirements for BMO

2 files changed, 33 insertions, 46 deletions

diff --git a/template/en/default/global/password-features.html.tmpl b/template/en/default/global/password-features.html.tmpl
new file mode 100644
index 000000000..5d6c0f8c1
--- /dev/null
+++ b/template/en/default/global/password-features.html.tmpl
@@ -0,0 +1,27 @@
+[%# This Source Code Form is subject to the terms of the Mozilla Public
+  # License, v. 2.0. If a copy of the MPL was not distributed with this
+  # file, You can obtain one at http://mozilla.org/MPL/2.0/.
+  #
+  # This Source Code Form is "Incompatible With Secondary Licenses", as
+  # defined by the Mozilla Public License, v. 2.0.
+  #%]
+
+<div id="password-features"
+     style="display: none"
+     class="[% class FILTER html %]"
+     data-password-page="[% password_page FILTER html %]"
+     data-password-complexity="[% Param("password_complexity") FILTER html %]">
+  Password must be 8 characters or longer,
+  and match at least 3 of the following requirements:
+
+  <ul>
+    <li id="password-feature-upper">uppercase letters</li>
+    <li id="password-feature-lower">lowercase letters</li>
+    <li id="password-feature-numbers">numbers</li>
+    <li id="password-feature-symbols">symbols</li>
+    <li id="password-feature-length12">longer than 12 characters</li>
+  </ul>
+  <div id="password-msg"></div>
+
+  <div id="password-meter-label" style="display: none">Strength: <span id="password-meter" class="meter"></span></div>
+</div>
\ No newline at end of file
diff --git a/template/en/default/global/user-error.html.tmpl b/template/en/default/global/user-error.html.tmpl
index 6996832aa..14399f010 100644
--- a/template/en/default/global/user-error.html.tmpl
+++ b/template/en/default/global/user-error.html.tmpl
@@ -1503,59 +1503,19 @@
 
   [% ELSIF error == "password_not_complex" %]
     [% title = "Password Fails Requirements" %]
-    [% passregex = Param('password_complexity') %]
-    The password must contain at least one:
+    The Password must meet three of the following requirements
     <ul>
-      [% IF passregex == 'letters_numbers_specialchars' %]
-        <li>letter</li>
-        <li>special character</li>
-      [% ELSIF passregex.search('letters') %]
-        <li>UPPERCASE letter</li>
-        <li>lowercase letter</li>
-      [% END %]
-      [% IF passregex.search('numbers') %]
-        <li>digit</li>
-      [% END %]
+      <li>uppercase letters</li>
+      <li>lowercase letters</li>
+      <li>numbers</li>
+      <li>symbols</li>
+      <li>longer than 12 characters</li>
     </ul>
     [% IF locked_user %]
       You must <a href="token.cgi?a=reqpw&amp;loginname=[% locked_user.email FILTER uri %]&amp;token=[% issue_hash_token(['reqpw']) FILTER uri %]">
       request a new password</a> in order to log in again.
     [% END %]
 
-  [% ELSIF error == "password_not_complex" %]
-     [% title = "Password Fails Requirements" %]
-     [% passregex = Param('password_complexity') %]
-     Password must contain at least one:
-     <ul>
-       [% IF passregex.search('letters') %]
-         <li>UPPERCASE letter</li>
-         <li>lowercase letter</li>
-       [% END %]
-       [% IF passregex.search('numbers') %]
-         <li>digit</li>
-       [% END %]
-       [% IF passregex.search('specialchars') %]
-         <li>special character</li>
-       [% END %]
-     </ul>
-
-  [% ELSIF error == "password_not_complex" %]
-     [% title = "Password Fails Requirements" %]
-     [% passregex = Param('password_complexity') %]
-     Password must contain at least one:
-     <ul>
-       [% IF passregex.search('letters') %]
-         <li>UPPERCASE letter</li>
-         <li>lowercase letter</li>
-       [% END %]
-       [% IF passregex.search('numbers') %]
-         <li>digit</li>
-       [% END %]
-       [% IF passregex.search('specialchars') %]
-         <li>special character</li>
-       [% END %]
-     </ul>
-
   [% ELSIF error == "product_access_denied" %]
     [% title = "Product Access Denied" %]
     Either the product