Merge pull request #5744 from panoschal/forgot-password-validation

Require strong password in forgot password form
2024-10-24 19:55:54 +03:00 · 2021-04-05 00:46:47 -06:00 · 2021-04-05 00:46:47 -06:00 · 4d72af7916
commit 4d72af7916
parent cd39474d26 901d5a86d0
4 changed files with 21 additions and 6 deletions
--- a/src/components/structures/auth/ForgotPassword.js
+++ b/src/components/structures/auth/ForgotPassword.js
@ -18,7 +18,7 @@ limitations under the License.

 import React from 'react';
 import PropTypes from 'prop-types';
-import { _t } from '../../../languageHandler';
+import { _t, _td } from '../../../languageHandler';
 import * as sdk from '../../../index';
 import Modal from "../../../Modal";
 import PasswordReset from "../../../PasswordReset";
@ -27,7 +27,9 @@ import classNames from 'classnames';
 import AuthPage from "../../views/auth/AuthPage";
 import CountlyAnalytics from "../../../CountlyAnalytics";
 import ServerPicker from "../../views/elements/ServerPicker";
+import PassphraseField from '../../views/auth/PassphraseField';
 import {replaceableComponent} from "../../../utils/replaceableComponent";
+import { PASSWORD_MIN_SCORE } from '../../views/auth/RegistrationForm';

 // Phases
 // Show the forgot password inputs
@ -137,10 +139,14 @@ export default class ForgotPassword extends React.Component {
        // refresh the server errors, just in case the server came back online
        await this._checkServerLiveliness(this.props.serverConfig);

+        await this['password_field'].validate({ allowEmpty: false });
+
        if (!this.state.email) {
            this.showErrorDialog(_t('The email address linked to your account must be entered.'));
        } else if (!this.state.password || !this.state.password2) {
            this.showErrorDialog(_t('A new password must be entered.'));
+        } else if (!this.state.passwordFieldValid) {
+            this.showErrorDialog(_t('Please choose a strong password'));
        } else if (this.state.password !== this.state.password2) {
            this.showErrorDialog(_t('New passwords must match each other.'));
        } else {
@ -186,6 +192,12 @@ export default class ForgotPassword extends React.Component {
        });
    }

+    onPasswordValidate(result) {
+        this.setState({
+            passwordFieldValid: result.valid,
+        });
+    }
+
    renderForgot() {
        const Field = sdk.getComponent('elements.Field');

@ -230,12 +242,15 @@ export default class ForgotPassword extends React.Component {
                    />
                </div>
                <div className="mx_AuthBody_fieldRow">
-                    <Field
+                    <PassphraseField
                        name="reset_password"
                        type="password"
-                        label={_t('New Password')}
+                        label={_td('New Password')}
                        value={this.state.password}
+                        minScore={PASSWORD_MIN_SCORE}
                        onChange={this.onInputChanged.bind(this, "password")}
+                        fieldRef={field => this['password_field'] = field}
+                        onValidate={(result) => this.onPasswordValidate(result)}
                        onFocus={() => CountlyAnalytics.instance.track("onboarding_forgot_password_newPassword_focus")}
                        onBlur={() => CountlyAnalytics.instance.track("onboarding_forgot_password_newPassword_blur")}
                        autoComplete="new-password"
--- a/src/components/views/auth/RegistrationForm.tsx
+++ b/src/components/views/auth/RegistrationForm.tsx
@ -40,7 +40,7 @@ enum RegistrationField {
    PasswordConfirm = "field_password_confirm",
 }

-const PASSWORD_MIN_SCORE = 3; // safely unguessable: moderate protection from offline slow-hash scenario.
+export const PASSWORD_MIN_SCORE = 3; // safely unguessable: moderate protection from offline slow-hash scenario.

 interface IProps {
    // Values pre-filled in the input boxes when the component loads
--- a/src/components/views/settings/ChangePassword.js
+++ b/src/components/views/settings/ChangePassword.js
@ -28,13 +28,12 @@ import Modal from "../../../Modal";
 import PassphraseField from "../auth/PassphraseField";
 import CountlyAnalytics from "../../../CountlyAnalytics";
 import {replaceableComponent} from "../../../utils/replaceableComponent";
+import { PASSWORD_MIN_SCORE } from '../auth/RegistrationForm';

 const FIELD_OLD_PASSWORD = 'field_old_password';
 const FIELD_NEW_PASSWORD = 'field_new_password';
 const FIELD_NEW_PASSWORD_CONFIRM = 'field_new_password_confirm';

-const PASSWORD_MIN_SCORE = 3; // safely unguessable: moderate protection from offline slow-hash scenario.
-
@replaceableComponent("views.settings.ChangePassword")
 export default class ChangePassword extends React.Component {
    static propTypes = {
--- a/src/i18n/strings/en_EN.json
+++ b/src/i18n/strings/en_EN.json
@ -2700,6 +2700,7 @@
    "Failed to send email": "Failed to send email",
    "The email address linked to your account must be entered.": "The email address linked to your account must be entered.",
    "A new password must be entered.": "A new password must be entered.",
+    "Please choose a strong password": "Please choose a strong password",
    "New passwords must match each other.": "New passwords must match each other.",
    "Changing your password will reset any end-to-end encryption keys on all of your sessions, making encrypted chat history unreadable. Set up Key Backup or export your room keys from another session before resetting your password.": "Changing your password will reset any end-to-end encryption keys on all of your sessions, making encrypted chat history unreadable. Set up Key Backup or export your room keys from another session before resetting your password.",
    "New Password": "New Password",