weak password checks on master password change

This commit is contained in:
Kyle Spearrin 2018-11-12 23:00:58 -05:00
parent 85c0ddba10
commit 9d01bba170
2 changed files with 31 additions and 3 deletions

View File

@ -13,8 +13,9 @@
<div class="col-6"> <div class="col-6">
<div class="form-group"> <div class="form-group">
<label for="newMasterPassword">{{'newMasterPass' | i18n}}</label> <label for="newMasterPassword">{{'newMasterPass' | i18n}}</label>
<input id="newMasterPassword" type="password" name="NewMasterPasswordHash" class="form-control" [(ngModel)]="newMasterPassword" <input id="newMasterPassword" type="password" name="NewMasterPasswordHash" class="form-control mb-1" [(ngModel)]="newMasterPassword"
required appInputVerbatim autocomplete="new-password"> (input)="updatePasswordStrength()" required appInputVerbatim autocomplete="new-password">
<app-password-strength [score]="masterPasswordScore" [showText]="true"></app-password-strength>
</div> </div>
</div> </div>
<div class="col-6"> <div class="col-6">

View File

@ -9,7 +9,10 @@ import { ApiService } from 'jslib/abstractions/api.service';
import { CryptoService } from 'jslib/abstractions/crypto.service'; import { CryptoService } from 'jslib/abstractions/crypto.service';
import { I18nService } from 'jslib/abstractions/i18n.service'; import { I18nService } from 'jslib/abstractions/i18n.service';
import { MessagingService } from 'jslib/abstractions/messaging.service'; import { MessagingService } from 'jslib/abstractions/messaging.service';
import { PasswordGenerationService } from 'jslib/abstractions/passwordGeneration.service';
import { PlatformUtilsService } from 'jslib/abstractions/platformUtils.service';
import { UserService } from 'jslib/abstractions/user.service'; import { UserService } from 'jslib/abstractions/user.service';
import { PasswordRequest } from 'jslib/models/request/passwordRequest'; import { PasswordRequest } from 'jslib/models/request/passwordRequest';
@Component({ @Component({
@ -21,11 +24,15 @@ export class ChangePasswordComponent {
newMasterPassword: string; newMasterPassword: string;
confirmNewMasterPassword: string; confirmNewMasterPassword: string;
formPromise: Promise<any>; formPromise: Promise<any>;
masterPasswordScore: number;
private masterPasswordStrengthTimeout: any;
constructor(private apiService: ApiService, private i18nService: I18nService, constructor(private apiService: ApiService, private i18nService: I18nService,
private analytics: Angulartics2, private toasterService: ToasterService, private analytics: Angulartics2, private toasterService: ToasterService,
private cryptoService: CryptoService, private messagingService: MessagingService, private cryptoService: CryptoService, private messagingService: MessagingService,
private userService: UserService) { } private userService: UserService, private passwordGenerationService: PasswordGenerationService,
private platformUtilsService: PlatformUtilsService) { }
async submit() { async submit() {
const hasEncKey = await this.cryptoService.hasEncKey(); const hasEncKey = await this.cryptoService.hasEncKey();
@ -51,6 +58,16 @@ export class ChangePasswordComponent {
return; return;
} }
const strengthResult = this.passwordGenerationService.passwordStrength(this.newMasterPassword, null);
if (strengthResult != null && strengthResult.score < 3) {
const result = await this.platformUtilsService.showDialog(this.i18nService.t('weakMasterPasswordDesc'),
this.i18nService.t('weakMasterPassword'), this.i18nService.t('yes'), this.i18nService.t('no'),
'warning');
if (!result) {
return;
}
}
const request = new PasswordRequest(); const request = new PasswordRequest();
request.masterPasswordHash = await this.cryptoService.hashPassword(this.currentMasterPassword, null); request.masterPasswordHash = await this.cryptoService.hashPassword(this.currentMasterPassword, null);
const email = await this.userService.getEmail(); const email = await this.userService.getEmail();
@ -69,4 +86,14 @@ export class ChangePasswordComponent {
this.messagingService.send('logout'); this.messagingService.send('logout');
} catch { } } catch { }
} }
updatePasswordStrength() {
if (this.masterPasswordStrengthTimeout != null) {
clearTimeout(this.masterPasswordStrengthTimeout);
}
this.masterPasswordStrengthTimeout = setTimeout(() => {
const strengthResult = this.passwordGenerationService.passwordStrength(this.newMasterPassword, null);
this.masterPasswordScore = strengthResult == null ? null : strengthResult.score;
}, 300);
}
} }