From b0217d0ec688d144b5af5ab538a2a99ea3922269 Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 17 Mar 2022 00:11:46 -0700 Subject: [PATCH] password_quality: Switch zxcvbn to zxcvbn-ts. zxcvbn has had no releases since 2017. Signed-off-by: Anders Kaseorg --- frontend_tests/node_tests/password.js | 2 +- package.json | 7 ++++--- static/js/password_quality.ts | 14 +++++++++++-- version.py | 2 +- yarn.lock | 29 +++++++++++++++++---------- 5 files changed, 36 insertions(+), 18 deletions(-) diff --git a/frontend_tests/node_tests/password.js b/frontend_tests/node_tests/password.js index 32e7d01711..cd338047ef 100644 --- a/frontend_tests/node_tests/password.js +++ b/frontend_tests/node_tests/password.js @@ -69,5 +69,5 @@ run_test("basics w/progress bar", () => { assert.ok(!accepted); assert.equal($bar.added_class, "bar-danger"); warning = password_warning(password, password_field(6)); - assert.equal(warning, 'Repeats like "aaa" are easy to guess'); + assert.equal(warning, 'Repeated characters like "aaa" are easy to guess.'); }); diff --git a/package.json b/package.json index 5fbd5a3792..a0c31d78d3 100644 --- a/package.json +++ b/package.json @@ -17,6 +17,9 @@ "@uppy/core": "^2.1.6", "@uppy/progress-bar": "^2.0.4", "@uppy/xhr-upload": "^2.0.7", + "@zxcvbn-ts/core": "^2.0.0", + "@zxcvbn-ts/language-common": "^2.0.0", + "@zxcvbn-ts/language-en": "^2.0.0", "autoprefixer": "^10.0.0", "autosize": "^5.0.1", "babel-loader": "^8.0.6", @@ -79,8 +82,7 @@ "webpack": "^5.61.0", "webpack-bundle-tracker": "^1.2.0", "webpack-cli": "^4.6.0", - "winchan": "^0.2.1", - "zxcvbn": "^4.4.2" + "winchan": "^0.2.1" }, "devDependencies": { "@babel/eslint-parser": "^7.11.3", @@ -91,7 +93,6 @@ "@types/node": "^16.11.6", "@types/node-fetch": "^2.5.8", "@types/webpack-dev-server": "^4.1.0", - "@types/zxcvbn": "^4.4.1", "@typescript-eslint/eslint-plugin": "^5.0.0", "@typescript-eslint/parser": "^5.0.0", "babel-plugin-rewire-ts": "^1.4.0", diff --git a/static/js/password_quality.ts b/static/js/password_quality.ts index d56561af4d..cf7d6c5bd3 100644 --- a/static/js/password_quality.ts +++ b/static/js/password_quality.ts @@ -1,7 +1,17 @@ -import zxcvbn from "zxcvbn"; +import {zxcvbn, zxcvbnOptions} from "@zxcvbn-ts/core"; +import zxcvbnCommonPackage from "@zxcvbn-ts/language-common"; +import zxcvbnEnPackage from "@zxcvbn-ts/language-en"; import {$t} from "./i18n"; +zxcvbnOptions.setOptions({ + translations: zxcvbnEnPackage.translations, + dictionary: { + ...zxcvbnCommonPackage.dictionary, + ...zxcvbnEnPackage.dictionary, + }, +}); + // Note: this module is loaded asynchronously from the app with // import() to keep zxcvbn out of the initial page load. Do not // import it synchronously from the app. @@ -21,7 +31,7 @@ export function password_quality( const acceptable = password.length >= min_length && result.guesses >= min_guesses; if ($bar !== undefined) { - const t = Number(result.crack_times_seconds.offline_slow_hashing_1e4_per_second); + const t = result.crackTimesSeconds.offlineSlowHashing1e4PerSecond; let bar_progress = Math.min(1, Math.log(1 + t) / 22); // Even if zxcvbn loves your short password, the bar should be diff --git a/version.py b/version.py index e6a62c3353..6ee27a46c2 100644 --- a/version.py +++ b/version.py @@ -48,4 +48,4 @@ API_FEATURE_LEVEL = 121 # historical commits sharing the same major version, in which case a # minor version bump suffices. -PROVISION_VERSION = "183.0" +PROVISION_VERSION = "184.0" diff --git a/yarn.lock b/yarn.lock index 97a33fd45b..92a37b0605 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1843,11 +1843,6 @@ dependencies: "@types/node" "*" -"@types/zxcvbn@^4.4.1": - version "4.4.1" - resolved "https://registry.yarnpkg.com/@types/zxcvbn/-/zxcvbn-4.4.1.tgz#46e42cbdcee681b22181478feaf4af2bc4c1abd2" - integrity sha512-3NoqvZC2W5gAC5DZbTpCeJ251vGQmgcWIHQJGq2J240HY6ErQ9aWKkwfoKJlHLx+A83WPNTZ9+3cd2ILxbvr1w== - "@typescript-eslint/eslint-plugin@^5.0.0": version "5.15.0" resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.15.0.tgz#c28ef7f2e688066db0b6a9d95fb74185c114fb9a" @@ -2238,6 +2233,23 @@ resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31" integrity sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ== +"@zxcvbn-ts/core@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@zxcvbn-ts/core/-/core-2.0.0.tgz#4b6969cd98c6b56ee75bce11c2c9d7ed1168c1db" + integrity sha512-j9XY5TQq6fldHQ5BC/3kVNcw9zIg91i7ddeIZzwL8xAq3nqi7gw/YZxPY8Ry4KE4xmcYCiB+6AG6/jHO9uylPg== + dependencies: + fastest-levenshtein "1.0.12" + +"@zxcvbn-ts/language-common@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@zxcvbn-ts/language-common/-/language-common-2.0.0.tgz#77ee6c1107e116cb74e0e8c80147bc967dd2140c" + integrity sha512-RM4PmOev2pRQ1gMf5rjFKvsEb+qYTy+5YZY/g+vy7QibR66TiyD91VoOVaHArcj07wXj0J3eDpsiU+mpB1Oijg== + +"@zxcvbn-ts/language-en@^2.0.0": + version "2.0.0" + resolved "https://registry.yarnpkg.com/@zxcvbn-ts/language-en/-/language-en-2.0.0.tgz#454b09578f8713bd204465354565972d8512de85" + integrity sha512-ijDtOYeJxBpuoXdTtyXpoOcMRTDjRiABIWX3X7T7XquZ2c6IfrKwXVrvwzVSlRhhPqaCI0tienDeQYG7631eHA== + abab@^2.0.3, abab@^2.0.5: version "2.0.5" resolved "https://registry.yarnpkg.com/abab/-/abab-2.0.5.tgz#c0b678fb32d60fc1219c784d6a826fe385aeb79a" @@ -4945,7 +4957,7 @@ fast-xml-parser@^3.19.0: dependencies: strnum "^1.0.4" -fastest-levenshtein@^1.0.12: +fastest-levenshtein@1.0.12, fastest-levenshtein@^1.0.12: version "1.0.12" resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz#9990f7d3a88cc5a9ffd1f1745745251700d497e2" integrity sha512-On2N+BpYJ15xIC974QNVuYGMOlEVt4s0EOI3wwMqOmK1fdDY+FN/zltPV8vosq4ad4c/gJ1KHScUn/6AWIgiow== @@ -11478,8 +11490,3 @@ zulip-js@^2.0.8: ini "^1.3.7" isomorphic-fetch "^3.0.0" isomorphic-form-data "2.0.0" - -zxcvbn@^4.4.2: - version "4.4.2" - resolved "https://registry.yarnpkg.com/zxcvbn/-/zxcvbn-4.4.2.tgz#28ec17cf09743edcab056ddd8b1b06262cc73c30" - integrity sha1-KOwXzwl0PtyrBW3dixsGJizHPDA=