Magento 2.2.2 password reset strength meter

[zukovasmartynas]

Preconditions

1. Magento 2.2.2 Magento Open Source
2. Nginx
3. Developer mode, html/css/js minify/merge/bunlding disabled.

Steps to reproduce

1. Install Magento 2.2.2 CE
2. Remove footer newsletter block for the customer_account_createpassword handle
   <referenceContainer name="form.subscribe" remove="true"/>
3. Create any customer account.
4. Logout on frontend and go to login page and click "Forgot Your Password?"
5. Fill created customer email and click "Reset password"
6. Follow on the link "Set a New Password" in received email letter
7. Try enter somekind of password to the New Pasword field

Expected result

1. Strength meter starts working, showing a different password strength as I type

Actual result

1. Strength meter doesn't work.
   Error on the console.
   Uncaught TypeError: Cannot read property 'toLowerCase' of undefined
   Went to the vendor/magento/module-customer/view/frontend/web/js/password-strength-indicator.js:77
   if (password.toLowerCase() === this.options.cache.email.val().toLowerCase()) {

Apearently this.options.cache.email is undefined. Checked code above where it is declared - line:34
this.options.cache.email = $(this.options.formSelector).find(this.options.emailSelector);
Checked values above:
this.options.formSelector = 'form'
this.options.emailSelector = 'input[type="email"]'

So in conlusion: email is being searched in any form, Meaning if there are no form with email - strength meter fails. I believe this can be a leftover from older code versions, because othervise this would be a bit of a nonsense.

I haven't created a branch for a fix, but I think this one would be an easy one:

• Make form selecter to select a right form (the one that is used to reset password)
• Add a hidden field in the form with type email with value of a customer that is reseting this password.
  Or just make do something else - its just a suggestion, if that compare is really needed.

I hope this will help someone and it will be fixed :)

[magento-engcom-team]

@zukovasmartynas, thank you for your report.
We've acknowledged the issue and added to our backlog.

[okorshenko]

1d8157e

[aoldoni]

I was able to reproduce this one in 2.2.2.

I have a small fix for the issue described above for the frontend user. I am, however, further checking the above commit posted by @okorshenko and the backend and setup steps, as to see if they are affected as well.

[okorshenko]

#MLAU18

[aoldoni]

• In the admin, for user registration, it doesn't look like a password strength interface indicator exists. In this case, for backend users, the checks for password strength only happen at the server side.
• In the admin, input for customer password modification is not available.
• In the setup, when entering the admin user details, it seems that a different validation occurs for the frontend, based on this code: https://github.com/magento/magento2/blob/2.2-develop/setup/pub/magento/setup/create-admin-account.js#L16 .

I will proceed with submitting the PR now.