addressing comments #3

ocadotechnology · Jun 27, 2023 · 460e62a · 460e62a
1 parent ab7aad0
commit 460e62a
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 19 deletions.
diff --git a/portal/helpers/password.py b/portal/helpers/password.py
@@ -31,8 +31,8 @@ def is_password_pwned(password):
         # api response is using the format of suffix:count hence
         # we need to get rid of the ending count number
         if sha1_hash[5:].upper() == suffix[:35].upper():
-            return False
-    return True
+            return True
+    return False
 
 
 class PasswordStrength(Enum):
@@ -56,7 +56,7 @@ def password_test(self, password):
                 raise forms.ValidationError(
                     f"Password not strong enough, consider using at least {minimum_password_length} characters and making it hard to guess."
                 )
-            if not is_password_pwned(password):
+            if is_password_pwned(password):
                 raise forms.ValidationError("Password is too common, consider using a different password.")
 
         elif self is PasswordStrength.INDEPENDENT:
@@ -73,7 +73,7 @@ def password_test(self, password):
                     f"Password not strong enough, consider using at least {minimum_password_length} characters, "
                     "upper and lower case letters, and numbers and making it hard to guess."
                 )
-            if not is_password_pwned(password):
+            if is_password_pwned(password):
                 raise forms.ValidationError("Password is too common, consider using a different password.")
         else:
             minimum_password_length = 10
@@ -89,7 +89,7 @@ def password_test(self, password):
                     f"Password not strong enough, consider using at least {minimum_password_length} characters, "
                     "upper and lower case letters, numbers, special characters and making it hard to guess."
                 )
-            if not is_password_pwned(password):
+            if is_password_pwned(password):
                 raise forms.ValidationError("Password is too common, consider using a different password.")
 
         return password

diff --git a/portal/static/portal/js/passwordStrength.js b/portal/static/portal/js/passwordStrength.js
@@ -22,7 +22,7 @@ async function handlePasswordStrength() {
   const isStudentPwdSafe =
     isStudentPwdStrong && (await !isPasswordPwned(studentPwd));
 
-  const teacherPwdStr = [
+  const teacherPwdStrength = [
     isTeacherPwdTyped,
     isTeacherPwdStrong,
     isTeacherPwdSafe
@@ -35,9 +35,9 @@ async function handlePasswordStrength() {
 
   $('#teacher-password-sign').css(
     'background-color',
-    password_strengths[teacherPwdStr].colour
+    password_strengths[teacherPwdStrength].colour
   );
-  $('#teacher-password-text').html(password_strengths[teacherPwdStr].name);
+  $('#teacher-password-text').html(password_strengths[teacherPwdStrength].name);
   $('#student-password-sign').css(
     'background-color',
     password_strengths[studentPwdStrength].colour
@@ -70,7 +70,7 @@ const isPasswordPwned = async (password) => {
     return false;
   } catch (error) {
     console.error(`Request failed with error: ${error.message}`);
-    return true;
+    return false;
   }
 };
 
@@ -116,3 +116,11 @@ async function handlePwnedPasswordApiAvailability() {
     showServiceUnavailable(errorTitle, errorMessage);
   }
 }
+
+$(document).ready(function () {
+  handlePasswordStrength(); // the password strength text is updated dynamically hence this is the initial first call
+  handlePwnedPasswordApiAvailability();
+  $(
+    '#id_teacher_signup-teacher_password, #id_independent_student_signup-password'
+  ).on('input change focus blur', handlePasswordStrength);
+});
diff --git a/portal/templates/portal/register.html b/portal/templates/portal/register.html
@@ -191,14 +191,4 @@ <h4>Independent learner</h4>
             src="{% static 'portal/js/passwordStrength.js' %}"></script>
     <script type="text/javascript"
             src="{% static 'portal/js/independentRegistration.js' %}"></script>
-    <script>
-    var TEACHER_PASSWORD_FIELD_ID = '{{ teacher_signup_form.teacher_password.auto_id }}';
-    var INDEP_STUDENT_PASSWORD_FIELD_ID = '{{ independent_student_signup_form.password.auto_id }}';
-    $(document).ready(function() {
-    handlePasswordStrength(); // the password strength text is updated dynamically hence this is the initial first call
-    handlePwnedPasswordApiAvailability();
-    $('#id_teacher_signup-teacher_password, #id_independent_student_signup-password').on('input change focus blur', handlePasswordStrength);
-
-});
-    </script>
 {% endblock content %}