password_quality: Switch zxcvbn to zxcvbn-ts.

zxcvbn has had no releases since 2017. Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-03-17 00:11:46 -07:00 · 2022-03-17 00:11:46 -07:00 · b0217d0ec6
parent 7aa03e9d2a
commit b0217d0ec6
5 changed files with 36 additions and 18 deletions
--- a/frontend_tests/node_tests/password.js
+++ b/frontend_tests/node_tests/password.js
@ -69,5 +69,5 @@ run_test("basics w/progress bar", () => {
    assert.ok(!accepted);
    assert.equal($bar.added_class, "bar-danger");
    warning = password_warning(password, password_field(6));
-    assert.equal(warning, 'Repeats like "aaa" are easy to guess');
+    assert.equal(warning, 'Repeated characters like "aaa" are easy to guess.');
 });
--- a/package.json
+++ b/package.json
@ -17,6 +17,9 @@
    "@uppy/core": "^2.1.6",
    "@uppy/progress-bar": "^2.0.4",
    "@uppy/xhr-upload": "^2.0.7",
    "@zxcvbn-ts/core": "^2.0.0",
    "@zxcvbn-ts/language-common": "^2.0.0",
    "@zxcvbn-ts/language-en": "^2.0.0",
    "autoprefixer": "^10.0.0",
    "autosize": "^5.0.1",
    "babel-loader": "^8.0.6",
@ -79,8 +82,7 @@
    "webpack": "^5.61.0",
    "webpack-bundle-tracker": "^1.2.0",
    "webpack-cli": "^4.6.0",
-    "winchan": "^0.2.1",
+    "winchan": "^0.2.1"
    "zxcvbn": "^4.4.2"
  },
  "devDependencies": {
    "@babel/eslint-parser": "^7.11.3",
@ -91,7 +93,6 @@
    "@types/node": "^16.11.6",
    "@types/node-fetch": "^2.5.8",
    "@types/webpack-dev-server": "^4.1.0",
    "@types/zxcvbn": "^4.4.1",
    "@typescript-eslint/eslint-plugin": "^5.0.0",
    "@typescript-eslint/parser": "^5.0.0",
    "babel-plugin-rewire-ts": "^1.4.0",
--- a/static/js/password_quality.ts
+++ b/static/js/password_quality.ts
@ -1,7 +1,17 @@
-import zxcvbn from "zxcvbn";
+import {zxcvbn, zxcvbnOptions} from "@zxcvbn-ts/core";
 import zxcvbnCommonPackage from "@zxcvbn-ts/language-common";
 import zxcvbnEnPackage from "@zxcvbn-ts/language-en";
 import {$t} from "./i18n";
 zxcvbnOptions.setOptions({
    translations: zxcvbnEnPackage.translations,
    dictionary: {
        ...zxcvbnCommonPackage.dictionary,
        ...zxcvbnEnPackage.dictionary,
    },
 });
 // Note: this module is loaded asynchronously from the app with
 // import() to keep zxcvbn out of the initial page load.  Do not
 // import it synchronously from the app.
@ -21,7 +31,7 @@ export function password_quality(
    const acceptable = password.length >= min_length && result.guesses >= min_guesses;
    if ($bar !== undefined) {
-        const t = Number(result.crack_times_seconds.offline_slow_hashing_1e4_per_second);
+        const t = result.crackTimesSeconds.offlineSlowHashing1e4PerSecond;
        let bar_progress = Math.min(1, Math.log(1 + t) / 22);
        // Even if zxcvbn loves your short password, the bar should be
--- a/version.py
+++ b/version.py
@ -48,4 +48,4 @@ API_FEATURE_LEVEL = 121
 #   historical commits sharing the same major version, in which case a
 #   minor version bump suffices.
-PROVISION_VERSION = "183.0"
+PROVISION_VERSION = "184.0"
--- a/yarn.lock
+++ b/yarn.lock
@ -1843,11 +1843,6 @@
  dependencies:
    "@types/node" "*"
 "@types/zxcvbn@^4.4.1":
  version "4.4.1"
  resolved "https://registry.yarnpkg.com/@types/zxcvbn/-/zxcvbn-4.4.1.tgz#46e42cbdcee681b22181478feaf4af2bc4c1abd2"
  integrity sha512-3NoqvZC2W5gAC5DZbTpCeJ251vGQmgcWIHQJGq2J240HY6ErQ9aWKkwfoKJlHLx+A83WPNTZ9+3cd2ILxbvr1w==
 "@typescript-eslint/eslint-plugin@^5.0.0":
  version "5.15.0"
  resolved "https://registry.yarnpkg.com/@typescript-eslint/eslint-plugin/-/eslint-plugin-5.15.0.tgz#c28ef7f2e688066db0b6a9d95fb74185c114fb9a"
@ -2238,6 +2233,23 @@
  resolved "https://registry.yarnpkg.com/@yarnpkg/lockfile/-/lockfile-1.1.0.tgz#e77a97fbd345b76d83245edcd17d393b1b41fb31"
  integrity sha512-GpSwvyXOcOOlV70vbnzjj4fW5xW/FdUF6nQEt1ENy7m4ZCczi1+/buVUPAqmGfqznsORNFzUMjctTIp8a9tuCQ==
 "@zxcvbn-ts/core@^2.0.0":
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/@zxcvbn-ts/core/-/core-2.0.0.tgz#4b6969cd98c6b56ee75bce11c2c9d7ed1168c1db"
  integrity sha512-j9XY5TQq6fldHQ5BC/3kVNcw9zIg91i7ddeIZzwL8xAq3nqi7gw/YZxPY8Ry4KE4xmcYCiB+6AG6/jHO9uylPg==
  dependencies:
    fastest-levenshtein "1.0.12"
 "@zxcvbn-ts/language-common@^2.0.0":
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/@zxcvbn-ts/language-common/-/language-common-2.0.0.tgz#77ee6c1107e116cb74e0e8c80147bc967dd2140c"
  integrity sha512-RM4PmOev2pRQ1gMf5rjFKvsEb+qYTy+5YZY/g+vy7QibR66TiyD91VoOVaHArcj07wXj0J3eDpsiU+mpB1Oijg==
 "@zxcvbn-ts/language-en@^2.0.0":
  version "2.0.0"
  resolved "https://registry.yarnpkg.com/@zxcvbn-ts/language-en/-/language-en-2.0.0.tgz#454b09578f8713bd204465354565972d8512de85"
  integrity sha512-ijDtOYeJxBpuoXdTtyXpoOcMRTDjRiABIWX3X7T7XquZ2c6IfrKwXVrvwzVSlRhhPqaCI0tienDeQYG7631eHA==
 abab@^2.0.3, abab@^2.0.5:
  version "2.0.5"
  resolved "https://registry.yarnpkg.com/abab/-/abab-2.0.5.tgz#c0b678fb32d60fc1219c784d6a826fe385aeb79a"
@ -4945,7 +4957,7 @@ fast-xml-parser@^3.19.0:
  dependencies:
    strnum "^1.0.4"
-fastest-levenshtein@^1.0.12:
+fastest-levenshtein@1.0.12, fastest-levenshtein@^1.0.12:
  version "1.0.12"
  resolved "https://registry.yarnpkg.com/fastest-levenshtein/-/fastest-levenshtein-1.0.12.tgz#9990f7d3a88cc5a9ffd1f1745745251700d497e2"
  integrity sha512-On2N+BpYJ15xIC974QNVuYGMOlEVt4s0EOI3wwMqOmK1fdDY+FN/zltPV8vosq4ad4c/gJ1KHScUn/6AWIgiow==
@ -11478,8 +11490,3 @@ zulip-js@^2.0.8:
    ini "^1.3.7"
    isomorphic-fetch "^3.0.0"
    isomorphic-form-data "2.0.0"
 zxcvbn@^4.4.2:
  version "4.4.2"
  resolved "https://registry.yarnpkg.com/zxcvbn/-/zxcvbn-4.4.2.tgz#28ec17cf09743edcab056ddd8b1b06262cc73c30"
  integrity sha1-KOwXzwl0PtyrBW3dixsGJizHPDA=