gtsocial-umbx

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE
commit b24b71c0a4ca9c86e1d5db12e9472c6ab1ecd5f5
parent 5004e0a9da665ccc0e18cd4075ee636641b71f0a
Author: Eamonn O'Brien-Strain <e@obrain.com>
Date:   Mon,  9 May 2022 01:31:46 -0700

[feature] Include password strength in error message when password strength is too low (#550)

* When password validation fails, return how close to enough entropy it has.

* Shorter version of low-strength password error message
Diffstat:

Minternal/api/client/user/passwordchange_test.go | 2+-


Minternal/processing/user/changepassword_test.go | 4++--


Minternal/validate/formvalidation.go | 12+++++++++++-


Minternal/validate/formvalidation_test.go | 8++++----


4 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/internal/api/client/user/passwordchange_test.go b/internal/api/client/user/passwordchange_test.go
@@ -153,7 +153,7 @@ func (suite *PasswordChangeTestSuite) TestPasswordWeakNewPassword() {
 	defer result.Body.Close()
 	b, err := ioutil.ReadAll(result.Body)
 	suite.NoError(err)
-	suite.Equal(`{"error":"bad request: insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b))
+	suite.Equal(`{"error":"bad request: password is 94% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"}`, string(b))
 }
 
 func TestPasswordChangeTestSuite(t *testing.T) {
diff --git a/internal/processing/user/changepassword_test.go b/internal/processing/user/changepassword_test.go
@@ -64,9 +64,9 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
 	user := suite.testUsers["local_account_1"]
 
 	errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234")
-	suite.EqualError(errWithCode, "insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
+	suite.EqualError(errWithCode, "password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
 	suite.Equal(http.StatusBadRequest, errWithCode.Code())
-	suite.Equal("bad request: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
+	suite.Equal("bad request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
 }
 
 func TestChangePasswordTestSuite(t *testing.T) {
diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go
@@ -22,6 +22,7 @@ import (
 	"errors"
 	"fmt"
 	"net/mail"
+	"strings"
 
 	apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
 	"github.com/superseriousbusiness/gotosocial/internal/regexes"
@@ -53,7 +54,16 @@ func NewPassword(password string) error {
 		return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
 	}
 
-	return pwv.Validate(password, minimumPasswordEntropy)
+	if err := pwv.Validate(password, minimumPasswordEntropy); err != nil {
+		// Modify error message to include percentage requred entropy the password has
+		percent := int(100 * pwv.GetEntropy(password) / minimumPasswordEntropy)
+		return errors.New(strings.ReplaceAll(
+			err.Error(),
+			"insecure password",
+			fmt.Sprintf("password is %d%% strength", percent)))
+	}
+
+	return nil // pasword OK
 }
 
 // Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length).
diff --git a/internal/validate/formvalidation_test.go b/internal/validate/formvalidation_test.go
@@ -50,22 +50,22 @@ func (suite *ValidationTestSuite) TestCheckPasswordStrength() {
 
 	err = validate.NewPassword(terriblePassword)
 	if assert.Error(suite.T(), err) {
-		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"), err)
+		assert.Equal(suite.T(), errors.New("password is 62% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"), err)
 	}
 
 	err = validate.NewPassword(weakPassword)
 	if assert.Error(suite.T(), err) {
-		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using numbers or using a longer password"), err)
+		assert.Equal(suite.T(), errors.New("password is 95% strength, try including more special characters, using numbers or using a longer password"), err)
 	}
 
 	err = validate.NewPassword(shortPassword)
 	if assert.Error(suite.T(), err) {
-		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err)
+		assert.Equal(suite.T(), errors.New("password is 39% strength, try including more special characters or using a longer password"), err)
 	}
 
 	err = validate.NewPassword(specialPassword)
 	if assert.Error(suite.T(), err) {
-		assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err)
+		assert.Equal(suite.T(), errors.New("password is 53% strength, try including more special characters or using a longer password"), err)
 	}
 
 	err = validate.NewPassword(longPassword)