From 0802ab6ddcf9fc9ac1e27c27ecd9597a5779ad3a Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Fri, 23 Sep 2016 15:44:47 +0100
Subject: [PATCH 1/3] wip

---
 .../Authentication/AuthenticationManager.coffee        |  3 +++
 .../app/views/subscriptions/edit-billing-details.jade  |  2 +-
 services/web/app/views/user/settings.jade              | 10 ++++++----
 services/web/config/settings.defaults.coffee           | 10 +++++-----
 services/web/public/coffee/directives/asyncForm.coffee |  5 +++++
 5 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee b/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
index bfcd55855d..a64890088c 100644
--- a/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
@@ -29,6 +29,9 @@ module.exports = AuthenticationManager =
 				callback null, null
 
 	setUserPassword: (user_id, password, callback = (error) ->) ->
+		if Settings.passwordStrengthOptions?.length?.max? and Settings.passwordStrengthOptions?.length?.max < password.length
+			return error("password is too long")
+
 		bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
 			return callback(error) if error?
 			bcrypt.hash password, salt, (error, hash) ->
diff --git a/services/web/app/views/subscriptions/edit-billing-details.jade b/services/web/app/views/subscriptions/edit-billing-details.jade
index caf204b79d..0e3ffc442f 100644
--- a/services/web/app/views/subscriptions/edit-billing-details.jade
+++ b/services/web/app/views/subscriptions/edit-billing-details.jade
@@ -3,7 +3,7 @@ extends ../layout
 block content
 	- locals.supressDefaultJs = true
 	script(data-main=jsPath+'main.js', src=jsPath+'libs/require.js', baseurl=jsPath)
-	script(src=buildJsPath('libs/recurly.min.js'))
+	script(src=buildJsPath('libs/recurly.min.js', {fingerprint:false}))
 
 	.content.content-alt
 		.container
diff --git a/services/web/app/views/user/settings.jade b/services/web/app/views/user/settings.jade
index a23c3660aa..d97404a68a 100644
--- a/services/web/app/views/user/settings.jade
+++ b/services/web/app/views/user/settings.jade
@@ -79,7 +79,7 @@ block content
 														required,
 														complex-password
 													)
-													span.small.text-primary(ng-show="changePasswordForm.newPassword1.$error.complexPassword && changePasswordForm.currentPassword.$dirty", ng-bind-html="complexPasswordErrorMessage") 
+													span.small.text-primary(ng-show="changePasswordForm.newPassword1.$error.complexPassword && changePasswordForm.newPassword1.$dirty", ng-bind-html="complexPasswordErrorMessage") 
 												.form-group
 													label(for='newPassword2') #{translate("confirm_new_password")}
 													input.form-control(
@@ -88,9 +88,11 @@ block content
 														placeholder='*********',
 														ng-model="newPassword2",
 														equals="passwordField"
-													)
-													span.small.text-primary(ng-show="changePasswordForm.newPassword2.$invalid && changePasswordForm.newPassword2.$dirty")
-														| #{translate("doesnt_match")}
+													) 
+													span.small.text-primary(ng-show="changePasswordForm.newPassword2.$error.areEqual && changePasswordForm.newPassword2.$dirty")
+														| #{translate("doesnt_match")} 
+													span.small.text-primary(ng-show="!changePasswordForm.newPassword2.$error.areEqual && changePasswordForm.newPassword2.$invalid && changePasswordForm.newPassword2.$dirty")
+														| #{translate("Invalid Password")} 
 												.actions
 													button.btn.btn-primary(
 														type='submit',
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index ea5b6ef8a1..cd8421336b 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -190,11 +190,11 @@ module.exports = settings =
 	# -----------
 	# These restrict the passwords users can use when registering
 	# opts are from http://antelle.github.io/passfield
-	# passwordStrengthOptions:
-	# 	pattern: "aA$3"
-	# 	length:
-	# 		min: 8
-	# 		max: 50
+	passwordStrengthOptions:
+		# pattern: "aA$3"
+		length:
+			min: 1
+			max: 10
 
 	# Email support
 	# -------------
diff --git a/services/web/public/coffee/directives/asyncForm.coffee b/services/web/public/coffee/directives/asyncForm.coffee
index ec2e1dc0bb..b24f4952f3 100644
--- a/services/web/public/coffee/directives/asyncForm.coffee
+++ b/services/web/public/coffee/directives/asyncForm.coffee
@@ -112,6 +112,8 @@ define [
 			[asyncFormCtrl, ngModelCtrl] = ctrl
 
 			ngModelCtrl.$parsers.unshift (modelValue) ->
+				
+			
 				isValid = passField.validatePass()
 				email = asyncFormCtrl.getEmail() || window.usersEmail
 				if !isValid
@@ -121,5 +123,8 @@ define [
 					if modelValue.indexOf(email) != -1 or modelValue.indexOf(startOfEmail) != -1
 						isValid = false
 						scope.complexPasswordErrorMessage = "Password can not contain email address"
+				if opts.length.max? and modelValue.length == opts.length.max
+					isValid = false
+					scope.complexPasswordErrorMessage = "Maxium password length #{opts.length.max} reached"
 				ngModelCtrl.$setValidity('complexPassword', isValid)
 				return modelValue

From 7c0e33835228f2ce650b7257d4f537990df75297 Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Fri, 23 Sep 2016 16:18:22 +0100
Subject: [PATCH 2/3] fix bug where users are always shown downgrade option
 when not required

---
 services/web/app/views/subscriptions/group/invite.jade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/services/web/app/views/subscriptions/group/invite.jade b/services/web/app/views/subscriptions/group/invite.jade
index 3ea26aa0a1..3c67a79f81 100644
--- a/services/web/app/views/subscriptions/group/invite.jade
+++ b/services/web/app/views/subscriptions/group/invite.jade
@@ -3,7 +3,7 @@ extends ../../layout
 block scripts
 	script(type='text/javascript').
 		window.group_subscription_id = '#{group_subscription_id}'
-		window.has_personal_subscription = '#{has_personal_subscription}'
+		window.has_personal_subscription = #{has_personal_subscription}
 
 block content
 	.content.content-alt

From 67f8ec756c7ea4c60a6ce93ce81ee7c0bae8cabf Mon Sep 17 00:00:00 2001
From: Henry Oswald <henry.oswald@sharelatex.com>
Date: Fri, 23 Sep 2016 16:19:11 +0100
Subject: [PATCH 3/3] Revert "wip"

This reverts commit a6c0b3e2bf9fd747cfce785a023e5f56614a8ca2.
---
 .../Authentication/AuthenticationManager.coffee        |  3 ---
 .../app/views/subscriptions/edit-billing-details.jade  |  2 +-
 services/web/app/views/user/settings.jade              | 10 ++++------
 services/web/config/settings.defaults.coffee           | 10 +++++-----
 services/web/public/coffee/directives/asyncForm.coffee |  5 -----
 5 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee b/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
index a64890088c..bfcd55855d 100644
--- a/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationManager.coffee
@@ -29,9 +29,6 @@ module.exports = AuthenticationManager =
 				callback null, null
 
 	setUserPassword: (user_id, password, callback = (error) ->) ->
-		if Settings.passwordStrengthOptions?.length?.max? and Settings.passwordStrengthOptions?.length?.max < password.length
-			return error("password is too long")
-
 		bcrypt.genSalt BCRYPT_ROUNDS, (error, salt) ->
 			return callback(error) if error?
 			bcrypt.hash password, salt, (error, hash) ->
diff --git a/services/web/app/views/subscriptions/edit-billing-details.jade b/services/web/app/views/subscriptions/edit-billing-details.jade
index 0e3ffc442f..caf204b79d 100644
--- a/services/web/app/views/subscriptions/edit-billing-details.jade
+++ b/services/web/app/views/subscriptions/edit-billing-details.jade
@@ -3,7 +3,7 @@ extends ../layout
 block content
 	- locals.supressDefaultJs = true
 	script(data-main=jsPath+'main.js', src=jsPath+'libs/require.js', baseurl=jsPath)
-	script(src=buildJsPath('libs/recurly.min.js', {fingerprint:false}))
+	script(src=buildJsPath('libs/recurly.min.js'))
 
 	.content.content-alt
 		.container
diff --git a/services/web/app/views/user/settings.jade b/services/web/app/views/user/settings.jade
index d97404a68a..a23c3660aa 100644
--- a/services/web/app/views/user/settings.jade
+++ b/services/web/app/views/user/settings.jade
@@ -79,7 +79,7 @@ block content
 														required,
 														complex-password
 													)
-													span.small.text-primary(ng-show="changePasswordForm.newPassword1.$error.complexPassword && changePasswordForm.newPassword1.$dirty", ng-bind-html="complexPasswordErrorMessage") 
+													span.small.text-primary(ng-show="changePasswordForm.newPassword1.$error.complexPassword && changePasswordForm.currentPassword.$dirty", ng-bind-html="complexPasswordErrorMessage") 
 												.form-group
 													label(for='newPassword2') #{translate("confirm_new_password")}
 													input.form-control(
@@ -88,11 +88,9 @@ block content
 														placeholder='*********',
 														ng-model="newPassword2",
 														equals="passwordField"
-													) 
-													span.small.text-primary(ng-show="changePasswordForm.newPassword2.$error.areEqual && changePasswordForm.newPassword2.$dirty")
-														| #{translate("doesnt_match")} 
-													span.small.text-primary(ng-show="!changePasswordForm.newPassword2.$error.areEqual && changePasswordForm.newPassword2.$invalid && changePasswordForm.newPassword2.$dirty")
-														| #{translate("Invalid Password")} 
+													)
+													span.small.text-primary(ng-show="changePasswordForm.newPassword2.$invalid && changePasswordForm.newPassword2.$dirty")
+														| #{translate("doesnt_match")}
 												.actions
 													button.btn.btn-primary(
 														type='submit',
diff --git a/services/web/config/settings.defaults.coffee b/services/web/config/settings.defaults.coffee
index cd8421336b..ea5b6ef8a1 100644
--- a/services/web/config/settings.defaults.coffee
+++ b/services/web/config/settings.defaults.coffee
@@ -190,11 +190,11 @@ module.exports = settings =
 	# -----------
 	# These restrict the passwords users can use when registering
 	# opts are from http://antelle.github.io/passfield
-	passwordStrengthOptions:
-		# pattern: "aA$3"
-		length:
-			min: 1
-			max: 10
+	# passwordStrengthOptions:
+	# 	pattern: "aA$3"
+	# 	length:
+	# 		min: 8
+	# 		max: 50
 
 	# Email support
 	# -------------
diff --git a/services/web/public/coffee/directives/asyncForm.coffee b/services/web/public/coffee/directives/asyncForm.coffee
index b24f4952f3..ec2e1dc0bb 100644
--- a/services/web/public/coffee/directives/asyncForm.coffee
+++ b/services/web/public/coffee/directives/asyncForm.coffee
@@ -112,8 +112,6 @@ define [
 			[asyncFormCtrl, ngModelCtrl] = ctrl
 
 			ngModelCtrl.$parsers.unshift (modelValue) ->
-				
-			
 				isValid = passField.validatePass()
 				email = asyncFormCtrl.getEmail() || window.usersEmail
 				if !isValid
@@ -123,8 +121,5 @@ define [
 					if modelValue.indexOf(email) != -1 or modelValue.indexOf(startOfEmail) != -1
 						isValid = false
 						scope.complexPasswordErrorMessage = "Password can not contain email address"
-				if opts.length.max? and modelValue.length == opts.length.max
-					isValid = false
-					scope.complexPasswordErrorMessage = "Maxium password length #{opts.length.max} reached"
 				ngModelCtrl.$setValidity('complexPassword', isValid)
 				return modelValue