Hi i have trouble about the translation plz have look at this
http://screencast.com/t/PtTn54jCI
https://gist.github.com/brewing/f5776890bfc37121e356

I am using password input widget for strong password with meter in customer module for save strong customer password but i got error like : Password cannot contain more than 4 repeating characters!

This plugin validate plain password or hash password ?

Is it possible to disabled this warning message ?

I think it will be very usefull.

It seems that with the allowed strength validation rules, that spaces are allowed. Is it possible to prevent users from using spaces?

temp solution:
$this->registerJsFile('@web/js/strength-meter-es.js', ['depends' => [kartik\password\PasswordInputAsset::className()]]);

If I have reset password form with only one field in it ( password ), I can not use normal+ presets, because for some reason it is mandatory to have username (and email) fields/attributes and validate against them too ?

It seems like these widgets are not flexible enough to not bother you with other fields and their rules if you do not need/have them.

So if you have just password to validate, sintax like this should be enough:

[['password'], StrengthValidator::className(), 'preset'=>'normal']

or if your field is not named password, you should be able to do this:

[['password'], StrengthValidator::className(), 'preset'=>'normal', 'passwordField' => 'pwd']

If you have username and password, this should be enough:

[['password'], StrengthValidator::className(), 'preset'=>'normal', 'usernameField' => 'username', 'passwordField' => 'pwd']

Also, in last example, it would be nice if you can decide whether or not you should validate password by checking if username is in it.

and so on...

Is this possible now somehow but I am missing something ?

It would nice to be able to overwrite some of the preset values. For example: I like everything in the StrengthValidator::NORMAL preset, but would like to change 'min' to 7 characters instead of 8.

For example:
['password', StrengthValidator::className(), 'preset' => StrengthValidator::NORMAL, 'min'=>7],

First set the preset, then everything after it overwrites the preset values

On the live demo, password "ABCDEFGHIJ" gets a low strength score. But password "АБВГДЕЁЖЗИ" which is the equivalent if you are in Russia, gets 100% strong.

The problem appears to be the [a-z] and [A-Z] regexes. You might want to use the Unicode character properties Lowercase_Letter and Uppercase_Letter instead, which PCRE supports in Unicode mode (u modifier).

Hello kartik, I'm davey` from the yii forums.

I thought it would be good to refresh the strength indicator when the form is reloaded.

Let's suppose you have two fields in the context of a password change: oldPassword, which is a vanilla password field, and newPassword which is PasswordInput with a StrengthValidator. If the oldPassword is wrong but the newPassword is strong enough and passes validation, an error is raised for the oldPassword but the strength validator will show 0%, which may confuse users about what they did wrong.

I cannot seem to trigger the validation with jquery... when I fire an change then the input is not re-evalued ... any thoughts ?
I have a button that generates the password. After the jquery puts the password in the input field it needs to be validated... how do I do that

How do I remove the toggle password checkbox?

In the documentation it says:
echo $form->field($model, 'password')->widget(PasswordInput::classname(), [
'showMeter' => true,
'toggleMask' => false
]);
But that gives me this error: Setting unknown property: kartik\password\PasswordInput::showMeter

Prerequisites

• I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
• The issue still exists against the latest master branch of yii2-password.
• This is not an usage question. I confirm having gone through and read the documentation and demos.
• This is not a general programming / coding question. (Those should be directed to the webtips Q & A forum).
• I have attempted to find the simplest possible steps to reproduce the issue.
• I have included a failing test as a pull request (Optional).

Steps to reproduce the issue

1. Type in the password "aaaaaaaaaaaaa"

Expected behavior and actual behavior

Expected: it says the password is weak
Actual: it says the password is strong

When I follow those steps, I see...

I was expecting...

Environment

Browsers

• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Safari

Operating System

• Windows
• Mac OS X
• Linux
• Mobile

Libraries

• jQuery version:
• yii2-password version:

Isolating the problem

• This bug happens on the demos page
• The bug happens consistently across all tested browsers
• This bug happens when using yii2-password without other plugins.

allowSpaces don't work
StrengthValidator.php
line 410 must be
$chkSpaces = $rule === self::RULE_SPACES && !$this->allowSpaces && strpos($value, ' ') !== false;

Prerequisites

• I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
• The issue still exists against the latest master branch of yii2-password.
• This is not an usage question. I confirm having gone through and read the documentation and demos.
• This is not a general programming / coding question. (Those should be directed to the webtips Q & A forum).
• I have attempted to find the simplest possible steps to reproduce the issue.
• I have included a failing test as a pull request (Optional).

Steps to reproduce the issue

The docs state that using kartik\form\ActiveForm is optional. So I used the default yii\bootstrap4\ActiveForm in combination with the password input widget. However, there's an issue with the red error text.

1. Create view using yii\bootstrap4\ActiveForm and kartik\password\PasswordInput while setting Bootstrap version to 4
2. Open page in browser
3. Type 1 character in password input box (so as to fail the validation)

Expected behavior and actual behavior

Expected: red border and red error text below the input box as per Bootstrap 4.

Actual: only red border, the red error text is not visible.

Cause of problem

The original password input box is replaced with the widget, where the input is deeper in the DOM. The original Bootstrap CSS requires the error text div to be a sibling from the input in order to trigger a display:block. Since they are not siblings, the error text remains display:none and will not show.

Solution

The required CSS to get the error text to display:block is present in the CSS that comes included with Kartik's ActiveForm. The solution is therefore to use kartik\form\ActiveForm instead of yii\bootstrap4\ActiveForm.

Suggested change

Update the docs to reflect that optimal function in Bootstrap 4 is only when the password widget is combined with Kartik's ActiveForm.

With Bootstrap 3 it works fine.

Environment

N/A

New usernameValue property that will be used without model or usernameAttribute. If this is provided the usernameAttribute will be skipped.

I'm using the strength validator with the simple preset.

If I enter a password of 'Testing0' (that's a numeric zero at the end), using the provided password input widget, I get the following validation error message ...
"New Password should contain at least one numeric / digit character (0 found)!"

If I enter a password of 'Testing1' the validation error disappears.

I am using ajax validation, but the error message doesn't seem to be coming via ajax. It seems to be coming from the client side javascript.

Any ideas what's going on?

version 1.5.5

I get a TON of this error message in my error logs, which really makes it hard to find actual problems in the error log, since they drown in the sea of these:

The message file for category 'kvpwdstrength' does not exist: /var/www/{project-name}/vendor/kartik-v/yii2-password/messages/uk/kvpwdstrength.php

You don't have a Ukrainian translation, so the message is understandable, but the fact that it spams so much is not, which is why I'd like to use the Russian translation instead. How could I do this?

It would be nice if there was a password generation button / event possible that obeys the same rules as the validator

Hello,

Summary :

Using PasswordInput Widget with toggleMask to True make a error :
ReferenceError: kvStrengthValidator is not defined (Firefox)
Uncaught ReferenceError: kvStrengthValidator is not defined (Chrome)

How to reproduce:

Go to demo page,

Insert 'test' into password input
Toggle one time
Toggle a second time

Expected behavior:

Password input must be read protected.

Observed behavior:

Password input isn't read protected + Javascript error.

Version

Composer (show -i) :
bower-asset/jquery 2.1.3
bower-asset/jquery-ui 1.11.3
bower-asset/jquery.inputmask 3.1.61
yiisoft/yii2 2.0.3
kartik-v/strength-meter v1.1.1
kartik-v/yii2-helpers dev-master 2334250
kartik-v/yii2-krajee-base v1.7.4
kartik-v/yii2-password dev-master 6b5090f

Translations for both StrengthValidator and PasswordInput extensions.

It's been 3 years since last stable version, but the Ukrainian language that I made and you merged was 4 months ago, and still no version for that.
You should tag a patch version (1.5.x) every time you change a language and a minor version (1.x.0) when you add a language, that's how semantic versioning works.

There is an error in Polsih translation:
{atrribute} should be {attribute} (line 28 in pl/kvpwdstrength.php)

'{attribute} should contain at least {n, plural, one{one numeric / digit character} other{# numeric / digit characters}} ({found} found)!' => '{atrribute} powinno zawierać przynajmniej {n, plural, =1{jedną cyfrę} few{# cyfry} other{# cyfr}} ({found} znaleziono)!',

An enhanced Strength Meter JQuery plugin will replace the existing assets. This will offer more functionality, but will incur some changes to the way you will call the PasswordInput widget. Widget Version will be scaled up to 2.0.

have you considered using https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/ (implementations https://github.com/dropbox/zxcvbn and https://github.com/bjeavons/zxcvbn-php) as replacement for scoring password strength based on actual enthropy? same library is used in WordPress, for example, and it does have nice option for providing user-specific low-score words like username etc.

(for multilingual support it might make sense to restrict the dictionary size and provide some common local password trends instead)

Please also add an Indonesian translation. "id". code

Why the password validator is validating other fields?
My Rules
public function rules()
{
return array_replace_recursive(parent::rules(),
[
[['nome', 'email', 'username', 'password'], 'required'],
[['forgotPasswordRequestTime', 'deleted_at', 'created_at', 'updated_at'], 'safe'],
[['nome'], 'string', 'max' => 500],
[['email'], 'email'],
[['new_password', 'new_password_repeat'], 'required', 'on' => 'changePwd'],
[['new_password'], 'compare', 'on' => 'changePwd'],
[['new_password'], 'validateTime'],
[['new_password', 'password'], StrengthValidator::className(), 'preset'=>StrengthValidator::FAIR],
[['email', 'username', 'authKey', 'accessToken', 'forgotPasswordToken'], 'string', 'max' => 90],
[['password'], 'string', 'max' => 512],
[['deleted_by', 'created_by', 'updated_by'], 'string', 'max' => 45],
[['username'], 'unique'],
[['username'], 'string', 'min' => 6],
[['forgotPasswordToken'], 'unique']
]);
}

The error
array(2) { ["authKey"]=> array(1) { [0]=> string(66) "Auth Key deve conter ao menos um caracter especial (encontrado 0)!" } ["forgotPasswordToken"]=> array(1) { [0]=> string(79) "Forgot Password Token deve conter ao menos um caracter especial (encontrado 0)!" } }

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

Hi I also have problem with the translation file being missing.
First: Thanks for many great extension!

I get a missing file:
...web/assets/f99000a9/js/locales/strength-meter-en-US.js
It works but it still generate a warning that the code is looking for a file that it can not find.

I am trying to override messages file via yii2 config, but it does not work:

    'components' => [
        'i18n' => [
            'translations' => [
                'kvpwdstrength*' => [ //
                    'class' => 'yii\i18n\PhpMessageSource',
                    'basePath' => '@app/messages', // my custom message path.
                    'sourceLanguage' => 'en-US',
                    'fileMap' => [
                        'kvpwdstrength' => 'kvpwdstrength.php', 
                    ],
                ]
            ],
        ],
    ],

This config could work, but it does not, because config is overriden in kartik\base\TranslationTrait.

Is there another way to override messages or it is a bug? Please give a hint.

Prerequisites

Use StrengthValidator and php 7.2>

Steps to reproduce the issue

new StrengthValidator();

Shows the following error:
yii\base\ErrorException: kartik\password\StrengthValidator and kartik\base\TranslationTrait define the same property ($_msgCat) in the composition of kartik\password\StrengthValidator. However, the definition differs and is considered incompatible. Class was composed in **\vendor\kartik-v\yii2-password\StrengthValidator.php:26

Environment

Yii2 2.0.15.1
PHP 7.2.9
kartik-v/yii2-password: 1.5.3

In file messages/ru/kvpwdstrength string 35:
'{attribute} должен содержать минимум {n, plural, one{# цифру} few{# цыфры} many{# цифер} many{# цифр} other{# цифр}} ({found} найдено)!', twice indicated many.
many{# цифер} - is an error.
Need '{attribute} должен содержать минимум {n, plural, one{# цифру} few{# цыфры} many{# цифр} other{# цифр}} ({found} найдено)!',

I found an issue only when I'd deployed to prod.
RU translation:
kvpwdstrength.php:21
Does not work:
{n, plural, =1{хотя бы один символ} one{минимум # символ} few{минимум # символа} many{минимум # символов} other{минимум # символов}}
Works:
{n, plural, one{минимум # символ} few{минимум # символа} many{минимум # символов} other{минимум # символов}}

I think this is because of the equelnace of "=1" and "one".

Prerequisites

• I have searched for similar issues in both open and closed tickets and cannot find a duplicate.
• The issue still exists against the latest master branch of yii2-password.
• This is not an usage question. I confirm having gone through and read the documentation and demos.
• This is not a general programming / coding question. (Those should be directed to the webtips Q & A forum).
• I have attempted to find the simplest possible steps to reproduce the issue.
• I have included a failing test as a pull request (Optional).

Steps to reproduce the issue

1. Installing or updating yii2-password

Expected behavior and actual behavior

Backward compatible behavior to v1.5.4

Instead, since 1.5.5. it'll check HIBP sources seemingly out-of-the-box. Which causes the unit-tests checking our password validation to fail.

Maybe it's wise to disable this part of the validator by default until the next major release? I can see this breaking a lot of environments on a simple $ composer update. And even if that is not the case, there might be some liability issues with just sending off partial password hashes to a third party.

It also seems that I cannot disable it from a custom preset, but I am not too sure where that issue originates. If I find it to be a problem with yii2-password itself I will create another issue on the matter.

Environment

Doesn't seem to apply to this issue.

Browsers

• Google Chrome
• Mozilla Firefox
• Internet Explorer
• Safari

Operating System

• Windows
• Mac OS X
• Linux
• Mobile

Libraries

• jQuery version:
• yii2-password version: v1.5.5

Isolating the problem

• This bug happens on the demos page
• The bug happens consistently across all tested browsers
• This bug happens when using yii2-password without other plugins.

allowSpaces don't work
StrengthValidator.php
line 410 must be
$chkSpaces = $rule === self::RULE_SPACES && !$this->allowSpaces && strpos($value, ' ') !== false;