From 24c74b3db91e29e301041ab378ad0fc1f87076af Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Wed, 3 Oct 2018 16:03:23 +0200
Subject: [PATCH 1/2] Update strengthify

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 bower.json                                    |  2 +-
 core/vendor/strengthify/.bower.json           | 10 +++++-----
 core/vendor/strengthify/jquery.strengthify.js |  8 ++++++--
 core/vendor/strengthify/strengthify.css       |  2 +-
 4 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/bower.json b/bower.json
index 49b40f390f..6332d8ddb9 100644
--- a/bower.json
+++ b/bower.json
@@ -31,7 +31,7 @@
     "moment": "^2.15.0",
     "select2": "~3.4.8",
     "snapjs": "~2.0.0-rc1",
-    "strengthify": "^0.5.3",
+    "strengthify": "^0.5.5",
     "underscore": "~1.8.0",
     "zxcvbn": "*"
   }
diff --git a/core/vendor/strengthify/.bower.json b/core/vendor/strengthify/.bower.json
index 5441c6d3f0..ead8cd7e5e 100644
--- a/core/vendor/strengthify/.bower.json
+++ b/core/vendor/strengthify/.bower.json
@@ -1,6 +1,6 @@
 {
   "name": "strengthify",
-  "version": "0.5.4",
+  "version": "0.5.5",
   "homepage": "https://github.com/MorrisJobke/strengthify",
   "authors": [
     "Eve Ragins <eve.ragins@eve-corp.com",
@@ -9,13 +9,13 @@
   "description": "Combine jQuery and zxcvbn to create a password strength meter.",
   "main": "jquery.strengthify.js",
   "license": "MIT",
-  "_release": "0.5.4",
+  "_release": "0.5.5",
   "_resolution": {
     "type": "version",
-    "tag": "0.5.4",
-    "commit": "3d9759958558752d0c115774d2b0bc34fac7e31b"
+    "tag": "0.5.5",
+    "commit": "5fa214146e2c7760046fb6c2e01aa9b02759e7d6"
   },
   "_source": "https://github.com/MorrisJobke/strengthify.git",
-  "_target": "^0.5.3",
+  "_target": "^0.5.5",
   "_originalSource": "strengthify"
 }
\ No newline at end of file
diff --git a/core/vendor/strengthify/jquery.strengthify.js b/core/vendor/strengthify/jquery.strengthify.js
index 6a78a7cba5..06bc38e4fd 100644
--- a/core/vendor/strengthify/jquery.strengthify.js
+++ b/core/vendor/strengthify/jquery.strengthify.js
@@ -2,7 +2,7 @@
  * Strengthify - show the weakness of a password (uses zxcvbn for this)
  * https://github.com/MorrisJobke/strengthify
  *
- * Version: 0.5.4
+ * Version: 0.5.5
  * Author: Morris Jobke (github.com/MorrisJobke) - original
  *         Eve Ragins @ Eve Corp (github.com/eve-corp)
  *
@@ -52,7 +52,8 @@
             drawTitles: false,
             drawMessage: false,
             drawBars: true,
-            $addAfter: null
+            $addAfter: null,
+            nonce: null
         };
 
         return this.each(function() {
@@ -209,6 +210,9 @@
 
                 var script = document.createElement("script");
                 script.src = options.zxcvbn;
+                if (options.nonce !== null) {
+                    script.nonce = options.nonce;
+                }
                 document.head.appendChild(script);
 
                 $elem.bind('keyup input change', drawSelf);
diff --git a/core/vendor/strengthify/strengthify.css b/core/vendor/strengthify/strengthify.css
index f94e9ccc9b..390b8f8a23 100644
--- a/core/vendor/strengthify/strengthify.css
+++ b/core/vendor/strengthify/strengthify.css
@@ -1,7 +1,7 @@
 /**
  * Strengthify - show the weakness of a password (uses zxcvbn for this)
  * https://github.com/MorrisJobke/strengthify
- * Version: 0.5.4
+ * Version: 0.5.5
  * License: The MIT License (MIT)
  * Copyright (c) 2013-2016 Morris Jobke <morris.jobke@gmail.com>
  */

From c8e617b07c2df1e85f5504cca11e438921a3aafd Mon Sep 17 00:00:00 2001
From: Morris Jobke <hey@morrisjobke.de>
Date: Wed, 3 Oct 2018 16:07:21 +0200
Subject: [PATCH 2/2] Set nonce for loading the zxcvbn

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
---
 core/js/setup.js                 | 1 +
 settings/js/security_password.js | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/core/js/setup.js b/core/js/setup.js
index b3b2049c44..5b0bd679db 100644
--- a/core/js/setup.js
+++ b/core/js/setup.js
@@ -123,6 +123,7 @@ $(document).ready(function() {
 			t('core', 'Strong password')
 		],
 		drawTitles: true,
+		nonce: btoa(OC.requestToken),
 	});
 
 	// centers the database chooser if it is too wide
diff --git a/settings/js/security_password.js b/settings/js/security_password.js
index f7cb657c25..c23e60cfea 100644
--- a/settings/js/security_password.js
+++ b/settings/js/security_password.js
@@ -81,5 +81,6 @@ $(document).ready(function () {
 		],
 		drawTitles: true,
 		$addAfter: $('input[name="newpassword-clone"]'),
+		nonce: btoa(OC.requestToken),
 	});
-});
\ No newline at end of file
+});