From 87f1e318717fdccd09b41d3feb00dff20ad44ce1 Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov.ru@gmail.com>
Date: Tue, 2 Feb 2021 18:13:04 +0000
Subject: [PATCH] Login and Registration: Improve the UX of the Reset Password
 screen.

Previously, it was unclear that the displayed password is only being suggested and should be saved by clicking the Reset Password button.

This adds separate Generate Password and Save Password buttons, for clarity.

Props xkon, estelaris, jaymanpandya, hedgefield, audrasjb, erichmond, magicroundabout, lukecavanagh, knutsp, tinodidriksen, nico_martin, markhowellsmead, kara.mcnair, e_baker, pixelverbieger, souri_wpaustria, megabyterose, poena, whyisjake.
Fixes #39638.
Built from https://develop.svn.wordpress.org/trunk@50153


git-svn-id: http://core.svn.wordpress.org/trunk@49832 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/admin-ajax.php            |  2 ++
 wp-admin/includes/ajax-actions.php | 12 ++++++++++--
 wp-admin/js/user-profile.js        | 13 ++++++++++++-
 wp-admin/js/user-profile.min.js    |  2 +-
 wp-includes/version.php            |  2 +-
 wp-login.php                       |  7 ++++---
 6 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 30e9a414b5..087a11993d 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -164,6 +164,8 @@ if ( ! empty( $_POST['action'] ) && in_array( $_POST['action'], $core_actions_po
 	add_action( 'wp_ajax_' . $_POST['action'], 'wp_ajax_' . str_replace( '-', '_', $_POST['action'] ), 1 );
 }
 
+add_action( 'wp_ajax_nopriv_generate-password', 'wp_ajax_nopriv_generate_password' );
+
 add_action( 'wp_ajax_nopriv_heartbeat', 'wp_ajax_nopriv_heartbeat', 1 );
 
 $action = ( isset( $_REQUEST['action'] ) ) ? $_REQUEST['action'] : '';
diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php
index 06c09f6e92..6f91c3a7ea 100644
--- a/wp-admin/includes/ajax-actions.php
+++ b/wp-admin/includes/ajax-actions.php
@@ -12,8 +12,7 @@
 //
 
 /**
- * Ajax handler for the Heartbeat API in
- * the no-privilege context.
+ * Ajax handler for the Heartbeat API in the no-privilege context.
  *
  * Runs when the user is not logged in.
  *
@@ -3976,6 +3975,15 @@ function wp_ajax_generate_password() {
 	wp_send_json_success( wp_generate_password( 24 ) );
 }
 
+/**
+ * Ajax handler for generating a password in the no-privilege context.
+ *
+ * @since 5.7.0
+ */
+function wp_ajax_nopriv_generate_password() {
+	wp_send_json_success( wp_generate_password( 24 ) );
+}
+
 /**
  * Ajax handler for saving the user's WordPress.org username.
  *
diff --git a/wp-admin/js/user-profile.js b/wp-admin/js/user-profile.js
index c8f8d03261..dfec0fdba2 100644
--- a/wp-admin/js/user-profile.js
+++ b/wp-admin/js/user-profile.js
@@ -157,7 +157,7 @@
 		var $generateButton,
 			$cancelButton;
 
-		$pass1Row = $( '.user-pass1-wrap, .user-pass-wrap' );
+		$pass1Row = $( '.user-pass1-wrap, .user-pass-wrap, .reset-pass-submit' );
 
 		// Hide the confirm password field when JavaScript support is enabled.
 		$('.user-pass2-wrap').hide();
@@ -461,4 +461,15 @@
 		}
 	} );
 
+	/*
+	 * We need to generate a password as soon as the Reset Password page is loaded,
+	 * to avoid double clicking the button to retrieve the first generated password.
+	 * See ticket #39638.
+	 */
+	$( document ).ready( function() {
+		if ( $( '.reset-pass-submit' ).length ) {
+			$( '.reset-pass-submit button.wp-generate-pw' ).trigger( 'click' );
+		}
+	});
+
 })(jQuery);
diff --git a/wp-admin/js/user-profile.min.js b/wp-admin/js/user-profile.min.js
index a43f6ab9e1..521356f36b 100644
--- a/wp-admin/js/user-profile.min.js
+++ b/wp-admin/js/user-profile.min.js
@@ -1,2 +1,2 @@
 /*! This file is auto-generated */
-!function(r){var e,a,n,t,i,o,d,l,p,c,u=!1,h=wp.i18n.__;function f(){"function"==typeof zxcvbn?(!a.val()||c.hasClass("is-open")?(a.val(a.data("pw")),a.trigger("pwupdate")):b(),g(),1!==parseInt(o.data("start-masked"),10)?a.attr("type","text"):o.trigger("click"),r("#pw-weak-text-label").text(h("Confirm use of weak password"))):setTimeout(f,50)}function w(s){o.attr({"aria-label":h(s?"Show password":"Hide password")}).find(".text").text(h(s?"Show":"Hide")).end().find(".dashicons").removeClass(s?"dashicons-hidden":"dashicons-visibility").addClass(s?"dashicons-visibility":"dashicons-hidden")}function m(s,e,a){var n=r("<div />");n.addClass("notice inline"),n.addClass("notice-"+(e?"success":"error")),n.text(r(r.parseHTML(a)).text()).wrapInner("<p />"),s.prop("disabled",e),s.siblings(".notice").remove(),s.before(n)}function v(){var s;e=r(".user-pass1-wrap, .user-pass-wrap"),r(".user-pass2-wrap").hide(),l=r("#submit, #wp-submit").on("click",function(){u=!1}),d=l.add(" #createusersub"),t=r(".pw-weak"),(i=t.find(".pw-checkbox")).on("change",function(){d.prop("disabled",!i.prop("checked"))}),(a=r("#pass1")).length?(p=a.val(),1===parseInt(a.data("reveal"),10)&&f(),a.on("input pwupdate",function(){a.val()!==p&&(p=a.val(),a.removeClass("short bad good strong"),g())})):a=r("#user_pass"),n=r("#pass2").on("input",function(){0<n.val().length&&(a.val(n.val()),n.val(""),p="",a.trigger("pwupdate"))}),a.is(":hidden")&&(a.prop("disabled",!0),n.prop("disabled",!0)),c=e.find(".wp-pwd"),s=e.find("button.wp-generate-pw"),(o=e.find(".wp-hide-pw")).show().on("click",function(){"password"===a.attr("type")?(a.attr("type","text"),w(!1)):(a.attr("type","password"),w(!0))}),s.show(),s.on("click",function(){u=!0,s.attr("aria-expanded","true"),c.show().addClass("is-open"),a.attr("disabled",!1),n.attr("disabled",!1),f(),w(!1),wp.ajax.post("generate-password").done(function(s){a.data("pw",s)})}),e.find("button.wp-cancel-pw").on("click",function(){u=!1,a.prop("disabled",!0),n.prop("disabled",!0),a.val("").trigger("pwupdate"),w(!1),c.hide().removeClass("is-open"),d.prop("disabled",!1)}),e.closest("form").on("submit",function(){u=!1,a.prop("disabled",!1),n.prop("disabled",!1),n.val(a.val())})}function b(){var s=r("#pass1").val();if(r("#pass-strength-result").removeClass("short bad good strong empty"),s&&""!==s.trim())switch(wp.passwordStrength.meter(s,wp.passwordStrength.userInputDisallowedList(),s)){case-1:r("#pass-strength-result").addClass("bad").html(pwsL10n.unknown);break;case 2:r("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:r("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:r("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:r("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:r("#pass-strength-result").addClass("short").html(pwsL10n.short)}else r("#pass-strength-result").addClass("empty").html("&nbsp;")}function g(){var s=r("#pass-strength-result")[0];s.className&&(a.addClass(s.className),r(s).is(".short, .bad")?(i.prop("checked")||d.prop("disabled",!0),t.show()):(r(s).is(".empty")?(d.prop("disabled",!0),i.prop("checked",!1)):d.prop("disabled",!1),t.hide()))}r(document).ready(function(){var s,a,n,t,i=r("#display_name"),e=i.val(),o=r("#wp-admin-bar-my-account").find(".display-name");r("#pass1").val("").on("input pwupdate",b),r("#pass-strength-result").show(),r(".color-palette").on("click",function(){r(this).siblings('input[name="admin_color"]').prop("checked",!0)}),i.length&&(r("#first_name, #last_name, #nickname").on("blur.user_profile",function(){var a=[],n={display_nickname:r("#nickname").val()||"",display_username:r("#user_login").val()||"",display_firstname:r("#first_name").val()||"",display_lastname:r("#last_name").val()||""};n.display_firstname&&n.display_lastname&&(n.display_firstlast=n.display_firstname+" "+n.display_lastname,n.display_lastfirst=n.display_lastname+" "+n.display_firstname),r.each(r("option",i),function(s,e){a.push(e.value)}),r.each(n,function(s,e){e&&(e=e.replace(/<\/?[a-z][^>]*>/gi,""),n[s].length&&-1===r.inArray(e,a)&&(a.push(e),r("<option />",{text:e}).appendTo(i)))})}),i.on("change",function(){var s;n===t&&(s=r.trim(this.value)||e,o.text(s))})),s=r("#color-picker"),a=r("#colors-css"),n=r("input#user_id").val(),t=r('input[name="checkuser_id"]').val(),s.on("click.colorpicker",".color-option",function(){var s,e=r(this);if(!e.hasClass("selected")&&(e.siblings(".selected").removeClass("selected"),e.addClass("selected").find('input[type="radio"]').prop("checked",!0),n===t)){if((a=0===a.length?r('<link rel="stylesheet" />').appendTo("head"):a).attr("href",e.children(".css_url").val()),"undefined"!=typeof wp&&wp.svgPainter){try{s=r.parseJSON(e.children(".icon_colors").val())}catch(s){}s&&(wp.svgPainter.setColors(s),wp.svgPainter.paint())}r.post(ajaxurl,{action:"save-user-color-scheme",color_scheme:e.children('input[name="admin_color"]').val(),nonce:r("#color-nonce").val()}).done(function(s){s.success&&r("body").removeClass(s.data.previousScheme).addClass(s.data.currentScheme)})}}),v(),r("#generate-reset-link").on("click",function(){var e=r(this),s={user_id:userProfileL10n.user_id,nonce:userProfileL10n.nonce};e.parent().find(".notice-error").remove();s=wp.ajax.post("send-password-reset",s);s.done(function(s){m(e,!0,s)}),s.fail(function(s){m(e,!1,s)})})}),r("#destroy-sessions").on("click",function(s){var e=r(this);wp.ajax.post("destroy-sessions",{nonce:r("#_wpnonce").val(),user_id:r("#user_id").val()}).done(function(s){e.prop("disabled",!0),e.siblings(".notice").remove(),e.before('<div class="notice notice-success inline"><p>'+s.message+"</p></div>")}).fail(function(s){e.siblings(".notice").remove(),e.before('<div class="notice notice-error inline"><p>'+s.message+"</p></div>")}),s.preventDefault()}),window.generatePassword=f,r(window).on("beforeunload",function(){if(!0===u)return h("Your new password has not been saved.")})}(jQuery);
\ No newline at end of file
+!function(o){var e,a,t,n,i,r,d,p,l,c,u=!1,h=wp.i18n.__;function f(){"function"==typeof zxcvbn?(!a.val()||c.hasClass("is-open")?(a.val(a.data("pw")),a.trigger("pwupdate")):b(),g(),1!==parseInt(r.data("start-masked"),10)?a.attr("type","text"):r.trigger("click"),o("#pw-weak-text-label").text(h("Confirm use of weak password"))):setTimeout(f,50)}function w(s){r.attr({"aria-label":h(s?"Show password":"Hide password")}).find(".text").text(h(s?"Show":"Hide")).end().find(".dashicons").removeClass(s?"dashicons-hidden":"dashicons-visibility").addClass(s?"dashicons-visibility":"dashicons-hidden")}function m(s,e,a){var t=o("<div />");t.addClass("notice inline"),t.addClass("notice-"+(e?"success":"error")),t.text(o(o.parseHTML(a)).text()).wrapInner("<p />"),s.prop("disabled",e),s.siblings(".notice").remove(),s.before(t)}function v(){var s;e=o(".user-pass1-wrap, .user-pass-wrap, .reset-pass-submit"),o(".user-pass2-wrap").hide(),p=o("#submit, #wp-submit").on("click",function(){u=!1}),d=p.add(" #createusersub"),n=o(".pw-weak"),(i=n.find(".pw-checkbox")).on("change",function(){d.prop("disabled",!i.prop("checked"))}),(a=o("#pass1")).length?(l=a.val(),1===parseInt(a.data("reveal"),10)&&f(),a.on("input pwupdate",function(){a.val()!==l&&(l=a.val(),a.removeClass("short bad good strong"),g())})):a=o("#user_pass"),t=o("#pass2").on("input",function(){0<t.val().length&&(a.val(t.val()),t.val(""),l="",a.trigger("pwupdate"))}),a.is(":hidden")&&(a.prop("disabled",!0),t.prop("disabled",!0)),c=e.find(".wp-pwd"),s=e.find("button.wp-generate-pw"),(r=e.find(".wp-hide-pw")).show().on("click",function(){"password"===a.attr("type")?(a.attr("type","text"),w(!1)):(a.attr("type","password"),w(!0))}),s.show(),s.on("click",function(){u=!0,s.attr("aria-expanded","true"),c.show().addClass("is-open"),a.attr("disabled",!1),t.attr("disabled",!1),f(),w(!1),wp.ajax.post("generate-password").done(function(s){a.data("pw",s)})}),e.find("button.wp-cancel-pw").on("click",function(){u=!1,a.prop("disabled",!0),t.prop("disabled",!0),a.val("").trigger("pwupdate"),w(!1),c.hide().removeClass("is-open"),d.prop("disabled",!1)}),e.closest("form").on("submit",function(){u=!1,a.prop("disabled",!1),t.prop("disabled",!1),t.val(a.val())})}function b(){var s=o("#pass1").val();if(o("#pass-strength-result").removeClass("short bad good strong empty"),s&&""!==s.trim())switch(wp.passwordStrength.meter(s,wp.passwordStrength.userInputDisallowedList(),s)){case-1:o("#pass-strength-result").addClass("bad").html(pwsL10n.unknown);break;case 2:o("#pass-strength-result").addClass("bad").html(pwsL10n.bad);break;case 3:o("#pass-strength-result").addClass("good").html(pwsL10n.good);break;case 4:o("#pass-strength-result").addClass("strong").html(pwsL10n.strong);break;case 5:o("#pass-strength-result").addClass("short").html(pwsL10n.mismatch);break;default:o("#pass-strength-result").addClass("short").html(pwsL10n.short)}else o("#pass-strength-result").addClass("empty").html("&nbsp;")}function g(){var s=o("#pass-strength-result")[0];s.className&&(a.addClass(s.className),o(s).is(".short, .bad")?(i.prop("checked")||d.prop("disabled",!0),n.show()):(o(s).is(".empty")?(d.prop("disabled",!0),i.prop("checked",!1)):d.prop("disabled",!1),n.hide()))}o(document).ready(function(){var s,a,t,n,i=o("#display_name"),e=i.val(),r=o("#wp-admin-bar-my-account").find(".display-name");o("#pass1").val("").on("input pwupdate",b),o("#pass-strength-result").show(),o(".color-palette").on("click",function(){o(this).siblings('input[name="admin_color"]').prop("checked",!0)}),i.length&&(o("#first_name, #last_name, #nickname").on("blur.user_profile",function(){var a=[],t={display_nickname:o("#nickname").val()||"",display_username:o("#user_login").val()||"",display_firstname:o("#first_name").val()||"",display_lastname:o("#last_name").val()||""};t.display_firstname&&t.display_lastname&&(t.display_firstlast=t.display_firstname+" "+t.display_lastname,t.display_lastfirst=t.display_lastname+" "+t.display_firstname),o.each(o("option",i),function(s,e){a.push(e.value)}),o.each(t,function(s,e){e&&(e=e.replace(/<\/?[a-z][^>]*>/gi,""),t[s].length&&-1===o.inArray(e,a)&&(a.push(e),o("<option />",{text:e}).appendTo(i)))})}),i.on("change",function(){var s;t===n&&(s=o.trim(this.value)||e,r.text(s))})),s=o("#color-picker"),a=o("#colors-css"),t=o("input#user_id").val(),n=o('input[name="checkuser_id"]').val(),s.on("click.colorpicker",".color-option",function(){var s,e=o(this);if(!e.hasClass("selected")&&(e.siblings(".selected").removeClass("selected"),e.addClass("selected").find('input[type="radio"]').prop("checked",!0),t===n)){if((a=0===a.length?o('<link rel="stylesheet" />').appendTo("head"):a).attr("href",e.children(".css_url").val()),"undefined"!=typeof wp&&wp.svgPainter){try{s=o.parseJSON(e.children(".icon_colors").val())}catch(s){}s&&(wp.svgPainter.setColors(s),wp.svgPainter.paint())}o.post(ajaxurl,{action:"save-user-color-scheme",color_scheme:e.children('input[name="admin_color"]').val(),nonce:o("#color-nonce").val()}).done(function(s){s.success&&o("body").removeClass(s.data.previousScheme).addClass(s.data.currentScheme)})}}),v(),o("#generate-reset-link").on("click",function(){var e=o(this),s={user_id:userProfileL10n.user_id,nonce:userProfileL10n.nonce};e.parent().find(".notice-error").remove();s=wp.ajax.post("send-password-reset",s);s.done(function(s){m(e,!0,s)}),s.fail(function(s){m(e,!1,s)})})}),o("#destroy-sessions").on("click",function(s){var e=o(this);wp.ajax.post("destroy-sessions",{nonce:o("#_wpnonce").val(),user_id:o("#user_id").val()}).done(function(s){e.prop("disabled",!0),e.siblings(".notice").remove(),e.before('<div class="notice notice-success inline"><p>'+s.message+"</p></div>")}).fail(function(s){e.siblings(".notice").remove(),e.before('<div class="notice notice-error inline"><p>'+s.message+"</p></div>")}),s.preventDefault()}),window.generatePassword=f,o(window).on("beforeunload",function(){if(!0===u)return h("Your new password has not been saved.")}),o(document).ready(function(){o(".reset-pass-submit").length&&o(".reset-pass-submit button.wp-generate-pw").trigger("click")})}(jQuery);
\ No newline at end of file
diff --git a/wp-includes/version.php b/wp-includes/version.php
index 76ccea18fb..9c39501714 100644
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@@ -13,7 +13,7 @@
  *
  * @global string $wp_version
  */
-$wp_version = '5.7-alpha-50152';
+$wp_version = '5.7-alpha-50153';
 
 /**
  * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
diff --git a/wp-login.php b/wp-login.php
index 128e3b254c..301424f687 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -852,7 +852,7 @@ switch ( $action ) {
 		wp_enqueue_script( 'utils' );
 		wp_enqueue_script( 'user-profile' );
 
-		login_header( __( 'Reset Password' ), '<p class="message reset-pass">' . __( 'Enter your new password below.' ) . '</p>', $errors );
+		login_header( __( 'Reset Password' ), '<p class="message reset-pass">' . __( 'Enter your new password below or generate one.' ) . '</p>', $errors );
 
 		?>
 		<form name="resetpassform" id="resetpassform" action="<?php echo esc_url( network_site_url( 'wp-login.php?action=resetpass', 'login_post' ) ); ?>" method="post" autocomplete="off">
@@ -898,8 +898,9 @@ switch ( $action ) {
 
 			?>
 			<input type="hidden" name="rp_key" value="<?php echo esc_attr( $rp_key ); ?>" />
-			<p class="submit">
-				<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Reset Password' ); ?>" />
+			<p class="submit reset-pass-submit">
+				<button type="button" class="button wp-generate-pw hide-if-no-js" aria-expanded="true"><?php _e( 'Generate Password' ); ?></button>
+				<input type="submit" name="wp-submit" id="wp-submit" class="button button-primary button-large" value="<?php esc_attr_e( 'Save Password' ); ?>" />
 			</p>
 		</form>