PM-11962 - InputPasswordComp - add weak password checking (#11252)

bitwarden · Sep 26, 2024 · eb7eb61 · eb7eb61
1 parent 069ed80
commit eb7eb61
Showing 1 changed file with 71 additions and 31 deletions.
diff --git a/libs/auth/src/angular/input-password/input-password.component.ts b/libs/auth/src/angular/input-password/input-password.component.ts
@@ -129,38 +129,13 @@ export class InputPasswordComponent {
 
     const password = this.formGroup.controls.password.value;
 
-    // Check if password is breached (if breached, user chooses to accept and continue or not)
-    const passwordIsBreached =
-      this.formGroup.controls.checkForBreaches.value &&
-      (await this.auditService.passwordLeaked(password));
-
-    if (passwordIsBreached) {
-      const userAcceptedDialog = await this.dialogService.openSimpleDialog({
-        title: { key: "exposedMasterPassword" },
-        content: { key: "exposedMasterPasswordDesc" },
-        type: "warning",
-      });
-
-      if (!userAcceptedDialog) {
-        return;
-      }
-    }
-
-    // Check if password meets org policy requirements
-    if (
-      this.masterPasswordPolicyOptions != null &&
-      !this.policyService.evaluateMasterPassword(
-        this.passwordStrengthScore,
-        password,
-        this.masterPasswordPolicyOptions,
-      )
-    ) {
-      this.toastService.showToast({
-        variant: "error",
-        title: this.i18nService.t("errorOccurred"),
-        message: this.i18nService.t("masterPasswordPolicyRequirementsNotMet"),
-      });
+    const passwordEvaluatedSuccessfully = await this.evaluatePassword(
+      password,
+      this.passwordStrengthScore,
+      this.formGroup.controls.checkForBreaches.value,
+    );
 
+    if (!passwordEvaluatedSuccessfully) {
       return;
     }
 
@@ -194,4 +169,69 @@ export class InputPasswordComponent {
       password,
     });
   };
+
+  // Returns true if the password passes all checks, false otherwise
+  private async evaluatePassword(
+    password: string,
+    passwordStrengthScore: PasswordStrengthScore,
+    checkForBreaches: boolean,
+  ) {
+    // Check if the password is breached, weak, or both
+    const passwordIsBreached =
+      checkForBreaches && (await this.auditService.passwordLeaked(password));
+
+    const passwordWeak = passwordStrengthScore != null && passwordStrengthScore < 3;
+
+    if (passwordIsBreached && passwordWeak) {
+      const userAcceptedDialog = await this.dialogService.openSimpleDialog({
+        title: { key: "weakAndExposedMasterPassword" },
+        content: { key: "weakAndBreachedMasterPasswordDesc" },
+        type: "warning",
+      });
+
+      if (!userAcceptedDialog) {
+        return false;
+      }
+    } else if (passwordWeak) {
+      const userAcceptedDialog = await this.dialogService.openSimpleDialog({
+        title: { key: "weakMasterPasswordDesc" },
+        content: { key: "weakMasterPasswordDesc" },
+        type: "warning",
+      });
+
+      if (!userAcceptedDialog) {
+        return false;
+      }
+    } else if (passwordIsBreached) {
+      const userAcceptedDialog = await this.dialogService.openSimpleDialog({
+        title: { key: "exposedMasterPassword" },
+        content: { key: "exposedMasterPasswordDesc" },
+        type: "warning",
+      });
+
+      if (!userAcceptedDialog) {
+        return false;
+      }
+    }
+
+    // Check if password meets org policy requirements
+    if (
+      this.masterPasswordPolicyOptions != null &&
+      !this.policyService.evaluateMasterPassword(
+        this.passwordStrengthScore,
+        password,
+        this.masterPasswordPolicyOptions,
+      )
+    ) {
+      this.toastService.showToast({
+        variant: "error",
+        title: this.i18nService.t("errorOccurred"),
+        message: this.i18nService.t("masterPasswordPolicyRequirementsNotMet"),
+      });
+
+      return false;
+    }
+
+    return true;
+  }
 }