From b24b71c0a4ca9c86e1d5db12e9472c6ab1ecd5f5 Mon Sep 17 00:00:00 2001 From: Eamonn O'Brien-Strain Date: Mon, 9 May 2022 01:31:46 -0700 Subject: [feature] Include password strength in error message when password strength is too low (#550) * When password validation fails, return how close to enough entropy it has. * Shorter version of low-strength password error message --- internal/validate/formvalidation.go | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'internal/validate/formvalidation.go') diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go index e4c169788..e0c27628b 100644 --- a/internal/validate/formvalidation.go +++ b/internal/validate/formvalidation.go @@ -22,6 +22,7 @@ import ( "errors" "fmt" "net/mail" + "strings" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/regexes" @@ -53,7 +54,16 @@ func NewPassword(password string) error { return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength) } - return pwv.Validate(password, minimumPasswordEntropy) + if err := pwv.Validate(password, minimumPasswordEntropy); err != nil { + // Modify error message to include percentage requred entropy the password has + percent := int(100 * pwv.GetEntropy(password) / minimumPasswordEntropy) + return errors.New(strings.ReplaceAll( + err.Error(), + "insecure password", + fmt.Sprintf("password is %d%% strength", percent))) + } + + return nil // pasword OK } // Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length). -- cgit v1.2.3