added blockInsecureCommonPasswords config flag

2021-02-03 19:54:12 +01:00 · 2021-02-03 19:54:12 +01:00 · e63f127a56
commit e63f127a56
parent 3e6481c7d9
2 changed files with 27 additions and 13 deletions
--- a/src/util/Constants.ts
+++ b/src/util/Constants.ts
@ -72,10 +72,11 @@ export interface DefaultOptions {
 		allowNewRegistration: boolean;
 		allowMultipleAccounts: boolean;
 		password: {
-			pwMinLength: number;
-			pwMinNumbers: number;
-			pwMinUpperCase: number;
-			pwMinSymbols: number;
+			minLength: number;
+			minNumbers: number;
+			minUpperCase: number;
+			minSymbols: number;
+			blockInsecureCommonPasswords: boolean; // TODO: efficiently save password blocklist in database
 		};
 	};
 }
@ -141,10 +142,11 @@ export const DefaultOptions: DefaultOptions = {
 		allowNewRegistration: true,
 		allowMultipleAccounts: true,
 		password: {
-			pwMinLength: 8,
-			pwMinNumbers: 2,
-			pwMinUpperCase: 2,
-			pwMinSymbols: 0,
+			minLength: 8,
+			minNumbers: 2,
+			minUpperCase: 2,
+			minSymbols: 0,
+			blockInsecureCommonPasswords: false,
 		},
 	},
 };
--- a/src/util/passwordStrength.ts
+++ b/src/util/passwordStrength.ts
@ -5,6 +5,7 @@ const reNUMBER = /[0-9]/g;
 const reUPPERCASELETTER = /[A-Z]/g;
 const reSYMBOLS = /[A-Z,a-z,0-9]/g;

+const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored in db
 /*
 * https://en.wikipedia.org/wiki/Password_policy
 * password must meet following criteria, to be perfect:
@ -16,26 +17,32 @@ const reSYMBOLS = /[A-Z,a-z,0-9]/g;
 * Returns: 0 > pw > 1
 */
 export function check(password: string): number {
-	const { pwMinLength, pwMinNumbers, pwMinUpperCase, pwMinSymbols } = Config.get().register.password;
+	const {
+		minLength,
+		minNumbers,
+		minUpperCase,
+		minSymbols,
+		blockInsecureCommonPasswords,
+	} = Config.get().register.password;
 	var strength = 0;

 	// checks for total password len
-	if (password.length >= pwMinLength - 1) {
+	if (password.length >= minLength - 1) {
 		strength += 0.25;
 	}

 	// checks for amount of Numbers
-	if (password.count(reNUMBER) >= pwMinNumbers - 1) {
+	if (password.count(reNUMBER) >= minNumbers - 1) {
 		strength += 0.25;
 	}

 	// checks for amount of Uppercase Letters
-	if (password.count(reUPPERCASELETTER) >= pwMinUpperCase - 1) {
+	if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
 		strength += 0.25;
 	}

 	// checks for amount of symbols
-	if (password.replace(reSYMBOLS, "").length >= pwMinSymbols - 1) {
+	if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
 		strength += 0.25;
 	}

@ -44,5 +51,10 @@ export function check(password: string): number {
 		strength = 0;
 	}

+	if (blockInsecureCommonPasswords) {
+		if (blocklist.includes(password)) {
+			strength = 0;
+		}
+	}
 	return strength;
 }