From cfa4a4a66c4c670f82b16ef4663b5fcb8978e9c0 Mon Sep 17 00:00:00 2001
From: Maxim Chervonny <fiskus@chervonny.ru>
Date: Mon, 21 Feb 2022 18:07:26 +0300
Subject: [PATCH] Password strength (#2682)

---
 .../app/containers/Auth/PasswordStrength.tsx  | 96 +++++++++++++++++++
 catalog/app/containers/Auth/SignUp.js         | 50 +++++++++-
 catalog/package-lock.json                     | 26 ++++-
 catalog/package.json                          |  4 +-
 4 files changed, 171 insertions(+), 5 deletions(-)
 create mode 100644 catalog/app/containers/Auth/PasswordStrength.tsx

diff --git a/catalog/app/containers/Auth/PasswordStrength.tsx b/catalog/app/containers/Auth/PasswordStrength.tsx
new file mode 100644
index 00000000000..8533eb04bad
--- /dev/null
+++ b/catalog/app/containers/Auth/PasswordStrength.tsx
@@ -0,0 +1,96 @@
+import cx from 'classnames'
+import * as React from 'react'
+import zxcvbn from 'zxcvbn'
+import { fade } from '@material-ui/core/styles/colorManipulator'
+import * as M from '@material-ui/core'
+
+const useStyles = M.makeStyles((t) => ({
+  root: {
+    backgroundColor: t.palette.divider,
+    height: t.spacing(0.5),
+    position: 'relative',
+    transition: '.3s ease background-color',
+    '&:after': {
+      bottom: 0,
+      content: '""',
+      left: 0,
+      position: 'absolute',
+      top: 0,
+      transition: '.3s ease background-color, .3s ease width',
+    },
+    '&$tooGuessable': {
+      backgroundColor: fade(t.palette.error.dark, 0.3),
+    },
+    '&$tooGuessable:after': {
+      backgroundColor: t.palette.error.dark,
+      width: '10%',
+    },
+    '&$veryGuessable': {
+      backgroundColor: fade(t.palette.error.main, 0.3),
+    },
+    '&$veryGuessable:after': {
+      backgroundColor: t.palette.error.main,
+      width: '33%',
+    },
+    '&$somewhatGuessable': {
+      backgroundColor: fade(t.palette.warning.dark, 0.3),
+    },
+    '&$somewhatGuessable:after': {
+      backgroundColor: t.palette.warning.dark,
+      width: '55%',
+    },
+    '&$safelyUnguessable': {
+      backgroundColor: fade(t.palette.success.light, 0.3),
+    },
+    '&$safelyUnguessable:after': {
+      backgroundColor: t.palette.success.light,
+      width: '78%',
+    },
+    '&$veryUnguessable': {
+      backgroundColor: fade(t.palette.success.dark, 0.3),
+    },
+    '&$veryUnguessable:after': {
+      backgroundColor: t.palette.success.dark,
+      width: '100%',
+    },
+  },
+  tooGuessable: {},
+  veryGuessable: {},
+  somewhatGuessable: {},
+  safelyUnguessable: {},
+  veryUnguessable: {},
+}))
+
+type PasswordStrength = zxcvbn.ZXCVBNResult | null
+
+export function useStrength(value: string): PasswordStrength {
+  return React.useMemo(() => {
+    if (!value) return null
+    return zxcvbn(value)
+  }, [value])
+}
+
+interface IndicatorProps {
+  strength: PasswordStrength
+}
+
+type ScoreState =
+  | 'tooGuessable'
+  | 'veryGuessable'
+  | 'somewhatGuessable'
+  | 'safelyUnguessable'
+  | 'veryUnguessable'
+
+const ScoreMap: ScoreState[] = [
+  'tooGuessable',
+  'veryGuessable',
+  'somewhatGuessable',
+  'safelyUnguessable',
+  'veryUnguessable',
+]
+
+export function Indicator({ strength }: IndicatorProps) {
+  const classes = useStyles()
+  const stateClassName = strength ? classes[ScoreMap[strength.score]] : ''
+  return <div className={cx(classes.root, stateClassName)} />
+}
diff --git a/catalog/app/containers/Auth/SignUp.js b/catalog/app/containers/Auth/SignUp.js
index 015f99a0d39..efdf5dbe0a3 100644
--- a/catalog/app/containers/Auth/SignUp.js
+++ b/catalog/app/containers/Auth/SignUp.js
@@ -15,6 +15,7 @@ import parseSearch from 'utils/parseSearch'
 import useMutex from 'utils/useMutex'
 import validate, * as validators from 'utils/validators'
 
+import * as PasswordStrength from './PasswordStrength'
 import * as Layout from './Layout'
 import SSOAzure from './SSOAzure'
 import SSOGoogle from './SSOGoogle'
@@ -28,6 +29,51 @@ const Container = Layout.mkLayout('Complete sign-up')
 
 const MUTEX_ID = 'password'
 
+const useWeakPasswordIconStyles = M.makeStyles((t) => ({
+  icon: {
+    color: t.palette.warning.dark,
+  },
+}))
+
+function WeakPasswordIcon() {
+  const classes = useWeakPasswordIconStyles()
+  return (
+    <M.Tooltip title="Password is too weak">
+      <M.Icon className={classes.icon} fontSize="small" color="inherit">
+        error_outline
+      </M.Icon>
+    </M.Tooltip>
+  )
+}
+
+function PasswordField({ input, ...rest }) {
+  const { value } = input
+  const strength = PasswordStrength.useStrength(value)
+  const isWeak = strength?.score <= 2
+  const helperText = strength?.feedback.suggestions.length
+    ? `Hint: ${strength?.feedback.suggestions.join(' ')}`
+    : ''
+  return (
+    <>
+      <Layout.Field
+        InputProps={{
+          endAdornment: isWeak && (
+            <M.InputAdornment position="end">
+              <WeakPasswordIcon />
+            </M.InputAdornment>
+          ),
+        }}
+        helperText={helperText}
+        type="password"
+        floatingLabelText="Password"
+        {...input}
+        {...rest}
+      />
+      <PasswordStrength.Indicator strength={strength} />
+    </>
+  )
+}
+
 function PasswordSignUp({ mutex, next, onSuccess }) {
   const sentry = Sentry.use()
   const dispatch = redux.useDispatch()
@@ -143,12 +189,10 @@ function PasswordSignUp({ mutex, next, onSuccess }) {
             }}
           />
           <RF.Field
-            component={Layout.Field}
+            component={PasswordField}
             name="password"
-            type="password"
             validate={validators.required}
             disabled={!!mutex.current || submitting}
-            floatingLabelText="Password"
             errors={{
               required: 'Enter a password',
               invalid: 'Password must be at least 8 characters long',
diff --git a/catalog/package-lock.json b/catalog/package-lock.json
index eecec35e92d..87f8f4f0e1d 100644
--- a/catalog/package-lock.json
+++ b/catalog/package-lock.json
@@ -92,7 +92,8 @@
         "vega-lite": "^5.1.1",
         "warning": "^4.0.3",
         "wonka": "^4.0.15",
-        "xlsx": "^0.17.5"
+        "xlsx": "^0.17.5",
+        "zxcvbn": "^4.4.2"
       },
       "devDependencies": {
         "@graphql-codegen/cli": "^1.21.6",
@@ -127,6 +128,7 @@
         "@types/react-test-renderer": "^17.0.1",
         "@types/remarkable": "^2.0.3",
         "@types/semver": "^7.3.9",
+        "@types/zxcvbn": "^4.4.1",
         "@typescript-eslint/eslint-plugin": "^4.33.0",
         "@typescript-eslint/parser": "^4.33.0",
         "bundlewatch": "^0.3.2",
@@ -3658,6 +3660,12 @@
       "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==",
       "dev": true
     },
+    "node_modules/@types/zxcvbn": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/@types/zxcvbn/-/zxcvbn-4.4.1.tgz",
+      "integrity": "sha512-3NoqvZC2W5gAC5DZbTpCeJ251vGQmgcWIHQJGq2J240HY6ErQ9aWKkwfoKJlHLx+A83WPNTZ9+3cd2ILxbvr1w==",
+      "dev": true
+    },
     "node_modules/@typescript-eslint/eslint-plugin": {
       "version": "4.33.0",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz",
@@ -17705,6 +17713,11 @@
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz",
       "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg=="
+    },
+    "node_modules/zxcvbn": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/zxcvbn/-/zxcvbn-4.4.2.tgz",
+      "integrity": "sha1-KOwXzwl0PtyrBW3dixsGJizHPDA="
     }
   },
   "dependencies": {
@@ -20569,6 +20582,12 @@
       "integrity": "sha512-37RSHht+gzzgYeobbG+KWryeAW8J33Nhr69cjTqSYymXVZEN9NbRYWoYlRtDhHKPVT1FyNKwaTPC1NynKZpzRA==",
       "dev": true
     },
+    "@types/zxcvbn": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/@types/zxcvbn/-/zxcvbn-4.4.1.tgz",
+      "integrity": "sha512-3NoqvZC2W5gAC5DZbTpCeJ251vGQmgcWIHQJGq2J240HY6ErQ9aWKkwfoKJlHLx+A83WPNTZ9+3cd2ILxbvr1w==",
+      "dev": true
+    },
     "@typescript-eslint/eslint-plugin": {
       "version": "4.33.0",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-4.33.0.tgz",
@@ -31523,6 +31542,11 @@
           "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg=="
         }
       }
+    },
+    "zxcvbn": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/zxcvbn/-/zxcvbn-4.4.2.tgz",
+      "integrity": "sha1-KOwXzwl0PtyrBW3dixsGJizHPDA="
     }
   }
 }
diff --git a/catalog/package.json b/catalog/package.json
index c876affd803..a1217750c25 100644
--- a/catalog/package.json
+++ b/catalog/package.json
@@ -133,7 +133,8 @@
     "vega-lite": "^5.1.1",
     "warning": "^4.0.3",
     "wonka": "^4.0.15",
-    "xlsx": "^0.17.5"
+    "xlsx": "^0.17.5",
+    "zxcvbn": "^4.4.2"
   },
   "devDependencies": {
     "@graphql-codegen/cli": "^1.21.6",
@@ -168,6 +169,7 @@
     "@types/react-test-renderer": "^17.0.1",
     "@types/remarkable": "^2.0.3",
     "@types/semver": "^7.3.9",
+    "@types/zxcvbn": "^4.4.1",
     "@typescript-eslint/eslint-plugin": "^4.33.0",
     "@typescript-eslint/parser": "^4.33.0",
     "bundlewatch": "^0.3.2",