fix: handle password feedback for common words and suggestions (#35156)

* fix: handle password feedback for common words and suggestions * refactor: enhance password strength failure msg * refactor: keep suggestion html align with title
2025-12-19 14:44:22 +05:30 · 2025-12-19 14:44:22 +05:30 · a333241d95
commit a333241d95
parent 0f278bb795
2 changed files with 25 additions and 1 deletions
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@ -1285,7 +1285,27 @@ def handle_password_test_fail(feedback: dict):
 	suggestions = feedback.get("suggestions", [])
 	warning = feedback.get("warning", "")

-	frappe.throw(msg=" ".join([warning, *suggestions]), title=_("Invalid Password"))
+	# Add fallback suggestion if nothing provided
+	if not (suggestions or warning):
+		suggestions = [_("Better add a few more letters or another word")]
+
+	message_parts = []
+
+	if warning:
+		message_parts.append(f'<div class="alert alert-warning" role="alert">{warning}</div>')
+
+	if suggestions:
+		suggestions_html = (
+			'<ul style="margin: 0; padding-left: 1em;">'
+			+ "".join(f"<li>{suggestion}</li>" for suggestion in suggestions)
+			+ "</ul>"
+		)
+		message_parts.append(suggestions_html)
+
+	frappe.throw(
+		msg="".join(message_parts),
+		title=_("Password requirements not met"),
+	)


 def update_gravatar(name):
--- a/frappe/utils/password_strength.py
+++ b/frappe/utils/password_strength.py
@ -186,4 +186,8 @@ def get_dictionary_match_feedback(match: "_Match", is_sole_match: bool) -> "Pass
 	if match.get("l33t_entropy"):
 		suggestions.append(_("Predictable substitutions like '@' instead of 'a' don't help very much."))

+	if not (warning or suggestions):
+		warning = _("Common words are easy to guess.")
+		suggestions.extend([_("Use a few uncommon words together."), _("Add numbers or special characters.")])
+
 	return {"warning": warning, "suggestions": suggestions}