Simplify Prysm Backend Password Requirements (#9814)

* simpler reqs

* gaz

* tidy mod

go.mod

@@ -68,7 +68,6 @@ require (
 	github.com/minio/sha256-simd v1.0.0
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
 	github.com/multiformats/go-multiaddr v0.3.3
-	github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/paulbellamy/ratecounter v0.2.0
 	github.com/pborman/uuid v1.2.1

go.sum

@@ -1063,8 +1063,6 @@ github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzE
 github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
 github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
-github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E=
-github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU=
 github.com/neelance/astrewrite v0.0.0-20160511093645-99348263ae86/go.mod h1:kHJEU3ofeGjhHklVoIGuVj85JJwZ6kWPaJwCIxgnFmo=
 github.com/neelance/sourcemap v0.0.0-20151028013722-8c68805598ab/go.mod h1:Qr6/a/Q4r9LP1IltGz7tA7iOK1WonHEYhu1HRBA7ZiM=
 github.com/nishanths/predeclared v0.0.0-20200524104333-86fad755b4d3/go.mod h1:nt3d53pc1VYcphSCIaYAJtnPYnr3Zyn8fMq2wvPGPso=

io/prompt/BUILD.bazel

@@ -11,7 +11,6 @@ go_library(
     deps = [
         "//io/file:go_default_library",
         "@com_github_logrusorgru_aurora//:go_default_library",
-        "@com_github_nbutton23_zxcvbn_go//:go_default_library",
         "@com_github_pkg_errors//:go_default_library",
         "@com_github_sirupsen_logrus//:go_default_library",
         "@com_github_urfave_cli_v2//:go_default_library",

io/prompt/prompt.go

@@ -143,8 +143,7 @@ func InputPassword(
 		return enteredPassword, nil
 	}
 	if strings.Contains(strings.ToLower(promptText), "new wallet") {
-		fmt.Println("Password requirements: at least 8 characters including at least 1 alphabetical character, 1 number, and 1 unicode special character. " +
-			"Must not be a common password nor easy to guess")
+		fmt.Println("Password requirements: at least 8 characters")
 	}
 	var hasValidPassword bool
 	var password string

io/prompt/validate.go

@@ -5,21 +5,16 @@ import (
 	"strconv"
 	"strings"
 	"unicode"
-
-	strongPasswords "github.com/nbutton23/zxcvbn-go"
 )
 
 const (
 	// Constants for passwords.
 	minPasswordLength = 8
-	// Min password score of 2 out of 5 based on the https://github.com/nbutton23/zxcvbn-go
-	// library for strong-entropy password computation.
-	minPasswordScore = 2
 )
 
 var (
 	errIncorrectPhrase = errors.New("input does not match wanted phrase")
-	errPasswordWeak    = errors.New("password must have at least 8 characters, at least 1 alphabetical character, 1 unicode symbol, and 1 number")
+	errPasswordWeak    = errors.New("password must have at least 8 characters")
 )
 
 // NotEmpty is a validation function to make sure the input given isn't empty and is valid unicode.
@@ -78,40 +73,9 @@ func IsValidUnicode(input string) bool {
 // including a min length, at least 1 number and at least
 // 1 special character.
 func ValidatePasswordInput(input string) error {
-	var (
-		hasMinLen  = false
-		hasLetter  = false
-		hasNumber  = false
-		hasSpecial = false
-	)
-	if len(input) >= minPasswordLength {
-		hasMinLen = true
-	}
-	for _, char := range input {
-		switch {
-		case !(unicode.IsSpace(char) ||
-			unicode.IsLetter(char) ||
-			unicode.IsNumber(char) ||
-			unicode.IsPunct(char) ||
-			unicode.IsSymbol(char)):
-			return errors.New("password must only contain unicode alphanumeric characters, numbers, or unicode symbols")
-		case unicode.IsLetter(char):
-			hasLetter = true
-		case unicode.IsNumber(char):
-			hasNumber = true
-		case unicode.IsPunct(char) || unicode.IsSymbol(char):
-			hasSpecial = true
-		}
-	}
-	if !(hasMinLen && hasLetter && hasNumber && hasSpecial) {
+	if len(input) < minPasswordLength {
 		return errPasswordWeak
 	}
-	strength := strongPasswords.PasswordStrength(input, nil)
-	if strength.Score < minPasswordScore {
-		return errors.New(
-			"password is too easy to guess, try a stronger password",
-		)
-	}
 	return nil
 }
 

io/prompt/validate_test.go

@@ -16,45 +16,17 @@ func TestValidatePasswordInput(t *testing.T) {
 		wantedErr string
 	}{
 		{
-			name:      "no numbers nor special characters",
-			input:     "abcdefghijklmnopqrs",
+			name:      "too short",
+			input:     "a",
 			wantedErr: errPasswordWeak.Error(),
 		},
 		{
-			name:      "number and letters but no special characters",
-			input:     "abcdefghijklmnopqrs2020",
-			wantedErr: errPasswordWeak.Error(),
+			name:  "right at min length",
+			input: "12345678",
 		},
 		{
-			name:      "numbers, letters, special characters, but too short",
-			input:     "abc2$",
-			wantedErr: errPasswordWeak.Error(),
-		},
-		{
-			name:  "proper length and strong password",
-			input: "%Str0ngpassword32kjAjsd22020$%",
-		},
-		{
-			name:      "password format correct but weak entropy score",
-			input:     "aaaaaaa1$",
-			wantedErr: "password is too easy to guess, try a stronger password",
-		},
-		{
-			name:  "allow spaces",
-			input: "x*329293@aAJSD i22903saj",
-		},
-		{
-			name:  "strong password from LastPass",
-			input: "jXl!q5pkQnXsyT6dbJ3X5plQ!9%iqJCTr&*UIoaDu#b6GYJD##^GI3qniKdr240f",
-		},
-		{
-			name:  "allow underscores",
-			input: "jXl!q5pkQn_syT6dbJ3X5plQ_9_iqJCTr_*UIoaDu#b6GYJD##^GI3qniKdr240f",
-		},
-		{
-			name:      "only numbers and symbols should fail",
-			input:     "123493489223423_23923929",
-			wantedErr: errPasswordWeak.Error(),
+			name:  "above min length",
+			input: "123456789",
 		},
 	}
 	for _, tt := range tests {