port zxcvbnStrengthBar #1061
Description
part of #1051
We use zxcvbn to figure out how many guesses does one have to make in brute force attempt against a user chosen pass phrase. This is a way to estimate strength of pass phrase.
zxcvbn only gives us a number. We have our own code that translates that into renderable wisdom.
From https://github.com/FlowCrypt/flowcrypt-mobile-core/blob/master/source/mobile-interface/endpoints.ts
public zxcvbnStrengthBar = async (uncheckedReq: any) => {
const r = ValidateInput.zxcvbnStrengthBar(uncheckedReq);
if (r.purpose === 'passphrase') {
if (typeof r.guesses === 'number') { // the host has a port of zxcvbn and already knows amount of guesses per password
return fmtRes(PgpPwd.estimateStrength(r.guesses));
} else if (typeof r.value === 'string') { // host does not have zxcvbn, let's use zxcvbn-js to estimate guesses
type FakeWindow = { zxcvbn: (password: string, weakWords: string[]) => { guesses: number } };
if (typeof (window as unknown as FakeWindow).zxcvbn !== 'function') {
throw new Error("window.zxcvbn missing in js")
}
let guesses = (window as unknown as FakeWindow).zxcvbn(r.value, PgpPwd.weakWords()).guesses;
return fmtRes(PgpPwd.estimateStrength(guesses));
} else {
throw new Error('Unexpected format: guesses is not a number, value is not a string');
}
} else {
throw new Error(`Unknown purpose: ${r.purpose}`);
}which uses this implementation we need to port: https://github.com/FlowCrypt/flowcrypt-mobile-core/blob/f80d5491451b61dcf8e539932b693fb28e84217f/source/core/pgp-password.ts#L21
Test
ava.default('zxcvbnStrengthBar', async t => {
const { data, json } = await request('zxcvbnStrengthBar', { guesses: 88946283684265, purpose: 'passphrase' }, []);
expectNoData(data);
expect(json).to.deep.equal({
word: {
match: 'week',
word: 'poor',
bar: 30,
color: 'darkred',
pass: false
},
seconds: 1111829,
time: '2 weeks',
});
t.pass();
});