Update password to be at least 8 characters

Add description that emojis are supported. Update minimum password length for reset password popup add password utility Update onboarding and reset password views to share password checking code Update to support masked data Add error when password validation fails Formatting fix Fix is-sequential? function
status-im · Mar 8, 2022 · 18dae95 · 18dae95
1 parent cf606b9
commit 18dae95
Show file tree

Hide file tree

Showing 5 changed files with 66 additions and 14 deletions.
diff --git a/src/status_im/constants.cljs b/src/status_im/constants.cljs
@@ -67,7 +67,7 @@
 (def ^:const profile-pictures-visibility-everyone 2)
 (def ^:const profile-pictures-visibility-none 3)
 
-(def ^:const min-password-length 6)
+(def ^:const min-password-length 8)
 (def ^:const max-group-chat-participants 20)
 (def ^:const default-number-of-messages 20)
 (def ^:const default-number-of-pin-messages 3)

diff --git a/src/status_im/subs.cljs b/src/status_im/subs.cljs
@@ -32,6 +32,7 @@
             [status-im.utils.gfycat.core :as gfycat]
             [status-im.utils.money :as money]
             [status-im.utils.security :as security]
+            [status-im.utils.password-utils :as pass]
             [status-im.wallet.db :as wallet.db]
             [status-im.wallet.utils :as wallet.utils]
             status-im.ui.screens.keycard.subs
@@ -2938,9 +2939,9 @@
       (and (pos? (count current-password))
            (pos? (count new-password))
            (pos? (count confirm-new-password))
-           (>= (count new-password) 6)
+           (pass/validate-password new-password)
            (>= (count current-password) 6)
-           (= new-password confirm-new-password))})))
+           (pass/confirm-password new-password confirm-new-password))})))
 
 (re-frame/reg-sub
  :bookmarks/active

diff --git a/src/status_im/ui/screens/onboarding/password/views.cljs b/src/status_im/ui/screens/onboarding/password/views.cljs
@@ -3,26 +3,20 @@
             [reagent.core :as reagent]
             [status-im.ui.components.toolbar :as toolbar]
             [status-im.i18n.i18n :as i18n]
-            [status-im.constants :as const]
             [status-im.utils.security :as security]
+            [status-im.utils.password-utils :as pass]
             [quo.react-native :as rn]
             [quo.core :as quo]))
 
-(defn validate-password [password]
-  (>= (count password) const/min-password-length))
-
-(defn confirm-password [password confirm]
-  (= password confirm))
-
 (defn screen []
   (let [password    (reagent/atom nil)
         confirm     (reagent/atom nil)
         processing? (reagent/atom nil)
         show-error  (reagent/atom nil)
         confirm-ref (atom nil)]
     (fn []
-      (let [valid-password (validate-password @password)
-            valid-form     (confirm-password @password @confirm)
+      (let [valid-password (pass/validate-password @password)
+            valid-form     (pass/confirm-password @password @confirm)
             {:keys [recovering?]} @(re-frame/subscribe [:intro-wizard])
             on-submit      (fn []
                              (when (not @processing?)
@@ -52,6 +46,11 @@
                              :placeholder         (i18n/label :t/password-placeholder)
                              :on-change-text      #(reset! password (security/mask-data %))
                              :return-key-type     :next
+                                                  ; When the password is not valid, but it already meets the minimum length
+                                                  ; Then show the error about not allowing weak passwords like aaaa and 12345
+                             :error               (when (and (not valid-password)
+                                                             (pass/meets-minimum-length? @password))
+                                                    (i18n/label :t/password_error2))
                              :on-submit-editing   #(when valid-password
                                                      (some-> ^js @confirm-ref .focus))}]]
            [rn/view {:style {:padding 16
@@ -74,7 +73,7 @@
                                                        (> (count @password) (count @confirm))
                                                        (reset! show-error false)
 
-                                                       (not (confirm-password @password @confirm))
+                                                       (not (pass/confirm-password @password @confirm))
                                                        (reset! show-error true)
 
                                                        :else (reset! show-error false)))}]]]

diff --git a/src/status_im/utils/password_utils.cljs b/src/status_im/utils/password_utils.cljs
@@ -0,0 +1,51 @@
+(ns status-im.utils.password-utils
+  (:require [status-im.constants :as const]
+            [status-im.utils.security :as security]))
+
+(defn ord
+  "Convert a character to a unicode integer"
+  [val]
+  (.charCodeAt val))
+
+(defn to-numbers
+  "Maps a string to a array of integers representing the string"
+  [vals]
+  (map ord vals))
+
+(defn diff
+  "Compares all characters in a string to the character to their right.
+   If the character matches the next char, then the value becomes 1, if
+   the characters are different, the value becomes 0."
+  [vals]
+  (map - (next vals) vals))
+
+(defn is-same?
+  "Returns true if both values are the same."
+  [a b]
+  (= a b))
+
+(defn all-same?
+  "Returns true if all characters in the give string are the same."
+  [word]
+  (let [first-letter  (first word)]
+    (every? #{first-letter} word)))
+
+(defn is-sequential?
+  "Returns true if the unicode value of all characters in the given string are sequential"
+  [sequence]
+  (all-same? (diff (to-numbers sequence))))
+
+(defn meets-minimum-length?
+  "Returns true if the given string's length is greater than the defined minimum password length"
+  [password]
+  (>= (count password) const/min-password-length))
+
+(defn validate-password
+  "Returns true if all password requirements are met."
+  [password]
+  (and (meets-minimum-length? password)
+       (not (all-same? (security/safe-unmask-data password)))
+       (not (is-sequential? (security/safe-unmask-data password)))))
+
+(defn confirm-password [password confirm]
+  (= password confirm))
diff --git a/translations/en.json b/translations/en.json
@@ -1013,9 +1013,10 @@
     "pairing-please-set-a-name": "Please set a name for your device.",
     "passphrase": "Passphrase",
     "password": "Password",
-    "password-description": "At least 6 characters. Your password protects your keys. You need it to unlock Status and transact.",
+    "password-description": "At least 8 characters. It may also include unicode characters and emojis. Your password protects your keys. You need it to unlock Status and transact.",
     "password-placeholder2": "Confirm your password",
     "password_error1": "Passwords don't match.",
+    "password_error2": "Password does not meet minimum requirements. At least 8 characters and not like 12345678 or aaaaaaaa",
     "paste": "Paste",
     "paste-json": "Paste JSON",
     "pay-to-chat": "Pay to chat",