From b24b71c0a4ca9c86e1d5db12e9472c6ab1ecd5f5 Mon Sep 17 00:00:00 2001 From: Eamonn O'Brien-Strain Date: Mon, 9 May 2022 01:31:46 -0700 Subject: [feature] Include password strength in error message when password strength is too low (#550) * When password validation fails, return how close to enough entropy it has. * Shorter version of low-strength password error message --- internal/validate/formvalidation.go | 12 +++++++++++- internal/validate/formvalidation_test.go | 8 ++++---- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'internal/validate') diff --git a/internal/validate/formvalidation.go b/internal/validate/formvalidation.go index e4c169788..e0c27628b 100644 --- a/internal/validate/formvalidation.go +++ b/internal/validate/formvalidation.go @@ -22,6 +22,7 @@ import ( "errors" "fmt" "net/mail" + "strings" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/regexes" @@ -53,7 +54,16 @@ func NewPassword(password string) error { return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength) } - return pwv.Validate(password, minimumPasswordEntropy) + if err := pwv.Validate(password, minimumPasswordEntropy); err != nil { + // Modify error message to include percentage requred entropy the password has + percent := int(100 * pwv.GetEntropy(password) / minimumPasswordEntropy) + return errors.New(strings.ReplaceAll( + err.Error(), + "insecure password", + fmt.Sprintf("password is %d%% strength", percent))) + } + + return nil // pasword OK } // Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length). diff --git a/internal/validate/formvalidation_test.go b/internal/validate/formvalidation_test.go index 23e0307db..7b92b9a8c 100644 --- a/internal/validate/formvalidation_test.go +++ b/internal/validate/formvalidation_test.go @@ -50,22 +50,22 @@ func (suite *ValidationTestSuite) TestCheckPasswordStrength() { err = validate.NewPassword(terriblePassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using uppercase letters, using numbers or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is 62% strength, try including more special characters, using uppercase letters, using numbers or using a longer password"), err) } err = validate.NewPassword(weakPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("insecure password, try including more special characters, using numbers or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is 95% strength, try including more special characters, using numbers or using a longer password"), err) } err = validate.NewPassword(shortPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is 39% strength, try including more special characters or using a longer password"), err) } err = validate.NewPassword(specialPassword) if assert.Error(suite.T(), err) { - assert.Equal(suite.T(), errors.New("insecure password, try including more special characters or using a longer password"), err) + assert.Equal(suite.T(), errors.New("password is 53% strength, try including more special characters or using a longer password"), err) } err = validate.NewPassword(longPassword) -- cgit v1.2.3