Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementing password strength check #1071

Open
wants to merge 13 commits into
base: master
Choose a base branch
from
2 changes: 1 addition & 1 deletion assets/locales/ur/auth.json
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
"EMAIL_INVALID": "Invalid Email",
"EMAIL_ALREADY_REGISTERED": "Email is already registered",
"DATE_OF_BIRTH_UNDERAGE": "You need to be {{years}} years or older",
"PASSWORD_REQUIREMENTS_MIN_LENGTH": "Must be at least {{min}} characters long.",
"PASSWORD_BAD_PASSWORD": "Password is too weak or common to use.",
"CONSENT_REQUIRED": "You must agree to the Terms of Service and Privacy Policy.",
"USERNAME_TOO_MANY_USERS": "Too many users have this username, please try another"
}
Expand Down
14 changes: 4 additions & 10 deletions src/api/routes/auth/register.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import {
IPAnalysis,
checkPassword,
getIpAdress,
isProxy,
route,
Expand Down Expand Up @@ -159,7 +160,6 @@ router.post(
}

// TODO: gift_code_sku_id?
// TODO: check password strength

if (email) {
// replace all dots and chars after +, if its a gmail.com email
Expand Down Expand Up @@ -225,17 +225,11 @@ router.post(
}

if (body.password) {
const min = register.password.minLength
? register.password.minLength
: 8;
if (body.password.length < min) {
if (checkPassword(body.password) < register.password.strength) {
throw FieldErrors({
password: {
code: "PASSWORD_REQUIREMENTS_MIN_LENGTH",
message: req.t(
"auth:register.PASSWORD_REQUIREMENTS_MIN_LENGTH",
{ min: min },
),
code: "PASSWORD_BAD_PASSWORD",
message: req.t("auth:register.PASSWORD_BAD_PASSWORD"),
},
});
}
Expand Down
55 changes: 31 additions & 24 deletions src/api/util/utility/passwordStrength.ts
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,8 @@ import { Config } from "@spacebar/util";
import "missing-native-js-functions";

const reNUMBER = /[0-9]/g;
const reUPPERCASELETTER = /[A-Z]/g;
const reSYMBOLS = /[A-Z,a-z,0-9]/g;
const reUPPER = /[A-Z]/g;
const reSYMBOLS = /[^a-zA-Z0-9\s]/g;

// const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored in db
/*
Expand All @@ -35,39 +35,43 @@ const reSYMBOLS = /[A-Z,a-z,0-9]/g;
*
* Returns: 0 > pw > 1
*/

function calculateEntropy(str: string) {
// TODO: calculate the shannon entropy
return 0;
}

export function checkPassword(password: string): number {
const { minLength, minNumbers, minUpperCase, minSymbols } =
Config.get().register.password;
let strength = 0;

// checks for total password len
if (password.length >= minLength - 1) {
strength += 0.05;
}
if (password.length >= 7) strength += 0.2;

// checks for amount of Numbers
if (password.count(reNUMBER) >= minNumbers - 1) {
strength += 0.05;
}
// checks for numbers
const numbers = password.match(reNUMBER);
if (numbers) strength += 0.2;

// checks for amount of Uppercase Letters
if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
strength += 0.05;
}
// checks for uppercase Letters
const uppercase = password.match(reUPPER);
if (uppercase) strength += 0.3;

// checks for amount of symbols
if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
strength += 0.05;
}
// checks for symbols
const symbols = password.match(reSYMBOLS);
if (symbols) strength += 0.3;

// checks if password only consists of numbers or only consists of chars
if (
password.length == password.count(reNUMBER) ||
password.length === password.count(reUPPERCASELETTER)
) {
strength = 0;
if (numbers && uppercase) {
if (
password.length == numbers.length ||
password.length === uppercase.length
) {
strength = 0;
}
}

/*
* this seems to be broken
*
const entropyMap: { [key: string]: number } = {};
for (let i = 0; i < password.length; i++) {
if (entropyMap[password[i]]) entropyMap[password[i]]++;
Expand All @@ -80,5 +84,8 @@ export function checkPassword(password: string): number {
strength +=
entropies.reduceRight((a: number, x: number) => a - x * Math.log2(x)) /
Math.log2(password.length);
*/

strength += calculateEntropy(password);
return strength;
}
5 changes: 1 addition & 4 deletions src/util/config/types/subconfigurations/register/Password.ts
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,5 @@

export class PasswordConfiguration {
required: boolean = false;
minLength: number = 8;
minNumbers: number = 2;
minUpperCase: number = 2;
minSymbols: number = 0;
strength: number = 0.5;
}