SuperSeriousBusiness/GoToSocial
1
1
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial synced 2025-06-05 21:59:39 +02:00
Code Issues Projects Releases Wiki Activity

[feature] Include password strength in error message when password strength is too low (#550)

Browse Source 
* When password validation fails, return how close to enough entropy it has.

* Shorter version of low-strength password error message
This commit is contained in:
Eamonn O'Brien-Strain
2022-05-09 01:31:46 -07:00
committed by GitHub
parent 5004e0a9da
commit b24b71c0a4
4 changed files with 18 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
internal/validate/formvalidation.go
View File

@ -22,6 +22,7 @@ import (
"errors"
"fmt"
"net/mail"
"strings"
apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model"
"github.com/superseriousbusiness/gotosocial/internal/regexes"
@ -53,7 +54,16 @@ func NewPassword(password string) error {
return fmt.Errorf("password should be no more than %d chars", maximumPasswordLength)
}
return pwv.Validate(password, minimumPasswordEntropy)
if err := pwv.Validate(password, minimumPasswordEntropy); err != nil {
// Modify error message to include percentage requred entropy the password has
percent := int(100 * pwv.GetEntropy(password) / minimumPasswordEntropy)
return errors.New(strings.ReplaceAll(
err.Error(),
"insecure password",
fmt.Sprintf("password is %d%% strength", percent)))
}
return nil // pasword OK
}
// Username makes sure that a given username is valid (ie., letters, numbers, underscores, check length).