Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Correctly count length of password with multibyte characters #485

Merged
merged 4 commits into from
Jan 10, 2024
Merged

Correctly count length of password with multibyte characters #485

merged 4 commits into from
Jan 10, 2024

Conversation

sisou
Copy link
Member

@sisou sisou commented Jan 6, 2024

This PR fixes the way password character length is counted to use the recommended method from MDN for strings with potential multibyte characters.

Additionally, this method is applied to the password strength calculator to always handle full characters, not "lone surrogates".

@sisou sisou added the enhancement New feature or request label Jan 6, 2024
@sisou sisou requested review from Eligioo, Albermonte and onmax January 6, 2024 15:56
@sisou sisou self-assigned this Jan 6, 2024
@sisou
Treat non-ASCII characters as symbols in password strength calculation
f6c9a22 
Before, any non-ASCII characters were simply ignored for password strength.
@sisou sisou force-pushed the soeren/password-length branch from 60732fd to f6c9a22 Compare January 6, 2024 15:58
onmax
onmax approved these changes Jan 8, 2024
View reviewed changes
Copy link
Member

@onmax onmax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Now, I have one password with emojis 🥳

src/lib/PasswordStrength.js Outdated
count.upperCase += 1;
} else if (characters[i].match(/[0-9]/g)) {
count.numbers += 1;
} else if (characters[i].match(/[^a-z]/)) {
Copy link
Member

@onmax onmax Jan 8, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Subjective take: Easier to read
!characters[i].match(/[a-z]/), instead of
characters[i].match(/[^a-z]/)

Probably not worth changing

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this is a great suggestion! Code readability is a priority in the security-relevant Keyguard.

@Eligioo
Copy link
Member

Eligioo commented Jan 9, 2024

LGTM

@Albermonte
Copy link
Member

I would include some comments on why using the spread operator makes a difference in the lenght.

Otherwise, LGTM 👍🏼

@sisou sisou merged commit 33a88d2 into master Jan 10, 2024
2 checks passed
@sisou sisou deleted the soeren/password-length branch January 10, 2024 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@onmax onmax onmax approved these changes

@Albermonte Albermonte Albermonte approved these changes

@Eligioo Eligioo Eligioo approved these changes

Assignees

@sisou sisou

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sisou @Eligioo @Albermonte @onmax