diff --git a/go.mod b/go.mod index af99b9a9c..d078ee606 100644 --- a/go.mod +++ b/go.mod @@ -68,7 +68,6 @@ require ( github.com/minio/sha256-simd v1.0.0 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 github.com/multiformats/go-multiaddr v0.3.3 - github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d github.com/patrickmn/go-cache v2.1.0+incompatible github.com/paulbellamy/ratecounter v0.2.0 github.com/pborman/uuid v1.2.1 diff --git a/go.sum b/go.sum index 05aeadcf8..e55b54cb6 100644 --- a/go.sum +++ b/go.sum @@ -1063,8 +1063,6 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w= github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c= -github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E= -github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo= github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM= github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso= diff --git a/io/prompt/BUILD.bazel b/io/prompt/BUILD.bazel index 287b52df4..3062ed02a 100644 --- a/io/prompt/BUILD.bazel +++ b/io/prompt/BUILD.bazel @@ -11,7 +11,6 @@ go_library( deps = [ "//io/file:go_default_library", "@com_github_logrusorgru_aurora//:go_default_library", - "@com_github_nbutton23_zxcvbn_go//:go_default_library", "@com_github_pkg_errors//:go_default_library", "@com_github_sirupsen_logrus//:go_default_library", "@com_github_urfave_cli_v2//:go_default_library", diff --git a/io/prompt/prompt.go b/io/prompt/prompt.go index 3234142a0..73382e282 100644 --- a/io/prompt/prompt.go +++ b/io/prompt/prompt.go @@ -143,8 +143,7 @@ func InputPassword( return enteredPassword, nil } if strings.Contains(strings.ToLower(promptText), "new wallet") { - fmt.Println("Password requirements: at least 8 characters including at least 1 alphabetical character, 1 number, and 1 unicode special character. " + - "Must not be a common password nor easy to guess") + fmt.Println("Password requirements: at least 8 characters") } var hasValidPassword bool var password string diff --git a/io/prompt/validate.go b/io/prompt/validate.go index 829ce0bfc..41e2a917b 100644 --- a/io/prompt/validate.go +++ b/io/prompt/validate.go @@ -5,21 +5,16 @@ import ( "strconv" "strings" "unicode" - - strongPasswords "github.com/nbutton23/zxcvbn-go" ) const ( // Constants for passwords. minPasswordLength = 8 - // Min password score of 2 out of 5 based on the https://github.com/nbutton23/zxcvbn-go - // library for strong-entropy password computation. - minPasswordScore = 2 ) var ( errIncorrectPhrase = errors.New("input does not match wanted phrase") - errPasswordWeak = errors.New("password must have at least 8 characters, at least 1 alphabetical character, 1 unicode symbol, and 1 number") + errPasswordWeak = errors.New("password must have at least 8 characters") ) // NotEmpty is a validation function to make sure the input given isn't empty and is valid unicode. @@ -78,40 +73,9 @@ func IsValidUnicode(input string) bool { // including a min length, at least 1 number and at least // 1 special character. func ValidatePasswordInput(input string) error { - var ( - hasMinLen = false - hasLetter = false - hasNumber = false - hasSpecial = false - ) - if len(input) >= minPasswordLength { - hasMinLen = true - } - for _, char := range input { - switch { - case !(unicode.IsSpace(char) || - unicode.IsLetter(char) || - unicode.IsNumber(char) || - unicode.IsPunct(char) || - unicode.IsSymbol(char)): - return errors.New("password must only contain unicode alphanumeric characters, numbers, or unicode symbols") - case unicode.IsLetter(char): - hasLetter = true - case unicode.IsNumber(char): - hasNumber = true - case unicode.IsPunct(char) || unicode.IsSymbol(char): - hasSpecial = true - } - } - if !(hasMinLen && hasLetter && hasNumber && hasSpecial) { + if len(input) < minPasswordLength { return errPasswordWeak } - strength := strongPasswords.PasswordStrength(input, nil) - if strength.Score < minPasswordScore { - return errors.New( - "password is too easy to guess, try a stronger password", - ) - } return nil } diff --git a/io/prompt/validate_test.go b/io/prompt/validate_test.go index c2ce035a9..badd725a7 100644 --- a/io/prompt/validate_test.go +++ b/io/prompt/validate_test.go @@ -16,45 +16,17 @@ func TestValidatePasswordInput(t *testing.T) { wantedErr string }{ { - name: "no numbers nor special characters", - input: "abcdefghijklmnopqrs", + name: "too short", + input: "a", wantedErr: errPasswordWeak.Error(), }, { - name: "number and letters but no special characters", - input: "abcdefghijklmnopqrs2020", - wantedErr: errPasswordWeak.Error(), + name: "right at min length", + input: "12345678", }, { - name: "numbers, letters, special characters, but too short", - input: "abc2$", - wantedErr: errPasswordWeak.Error(), - }, - { - name: "proper length and strong password", - input: "%Str0ngpassword32kjAjsd22020$%", - }, - { - name: "password format correct but weak entropy score", - input: "aaaaaaa1$", - wantedErr: "password is too easy to guess, try a stronger password", - }, - { - name: "allow spaces", - input: "x*329293@aAJSD i22903saj", - }, - { - name: "strong password from LastPass", - input: "jXl!q5pkQnXsyT6dbJ3X5plQ!9%iqJCTr&*UIoaDu#b6GYJD##^GI3qniKdr240f", - }, - { - name: "allow underscores", - input: "jXl!q5pkQn_syT6dbJ3X5plQ_9_iqJCTr_*UIoaDu#b6GYJD##^GI3qniKdr240f", - }, - { - name: "only numbers and symbols should fail", - input: "123493489223423_23923929", - wantedErr: errPasswordWeak.Error(), + name: "above min length", + input: "123456789", }, } for _, tt := range tests {