From a6725a7650ea39ceaabd79efd77c453bdcae3279 Mon Sep 17 00:00:00 2001
From: Prateeksha Singh <pratu16x7@users.noreply.github.com>
Date: Fri, 2 Jun 2017 13:59:33 +0530
Subject: [PATCH] Password strength fix (#3419)

* [fix] password min-score loophole

* [minor] cleanup message
---
 frappe/core/doctype/user/user.py |  6 +++---
 frappe/www/update-password.html  | 12 ++++--------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index 351b420be3..c2d0b6abb0 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -545,9 +545,9 @@ def test_password_strength(new_password, key=None, old_password=None, user_data=
 		enable_password_policy = cint(frappe.db.get_single_value("System Settings", "enable_password_policy")) and True or False
 		minimum_password_score = cint(frappe.db.get_single_value("System Settings", "minimum_password_score")) or 0
 
-		password_policy_validation_passed = True
-		if enable_password_policy and result['score'] < minimum_password_score:
-			password_policy_validation_passed = False
+		password_policy_validation_passed = False
+		if result['score'] > minimum_password_score:
+			password_policy_validation_passed = True
 
 		result['feedback']['password_policy_validation_passed'] = password_policy_validation_passed
 
diff --git a/frappe/www/update-password.html b/frappe/www/update-password.html
index 632c4e0c9f..fa2fd0c8e4 100644
--- a/frappe/www/update-password.html
+++ b/frappe/www/update-password.html
@@ -148,28 +148,24 @@ frappe.ready(function() {
 		var message = [];
 		feedback.help_msg = "";
 		if(!feedback.password_policy_validation_passed){
-			feedback.help_msg = __("Hint: Include symbols, numbers and capital letters in the password");
+			feedback.help_msg = "<br>" + __("Hint: Include symbols, numbers and capital letters in the password");
 		}
 		if (feedback) {
 			if(!feedback.password_policy_validation_passed){
 				if (feedback.suggestions && feedback.suggestions.length) {
-					feedback.suggestions = feedback.suggestions + ' ' + feedback.help_msg;
 					message = message.concat(feedback.suggestions);
 				} else if (feedback.warning) {
-					feedback.warning = feedback.warning + ' ' + feedback.help_msg;
 					message.push(feedback.warning);
 				}
+				message.push(feedback.help_msg);
 
-				if (!message.length) {
-					message.push(feedback.help_msg);
-				}
-			}else{
+			} else {
 				message.push(__('Success! You are good to go 👍'));
 			}
 		}
 
 		strength_indicator.removeClass().addClass('password-strength-indicator indicator ' + color);
-		strength_message.text(message.join(' ') || '').removeClass('hidden');
+		strength_message.html(message.join(' ') || '').removeClass('hidden');
 		// strength_indicator.attr('title', message.join(' ') || '');
 	}