Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add sensitive to password strength and password policy #753

Merged
merged 1 commit into from
May 2, 2024
Merged

Add sensitive to password strength and password policy #753

merged 1 commit into from
May 2, 2024

Conversation

dani-garcia
Copy link
Member

Type of change

- [ ] Bug fix
- [ ] New feature development
- [x] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [ ] Build/deploy pipeline (DevOps)
- [ ] Other

Objective

Add sensitive to password strength and password policy. This required adding some ways to get the length of a Sensitive String and check if all the characters match a predicate.

The is_empty added to SensitiveString is because there's a lint for len implementation without a corresponding is_empty.

@github-actions GitHub Actions
Copy link
Contributor

Logo
Checkmarx One – Scan Summary & Details20b6a998-4039-4d27-8224-5c27350d8a08

No New Or Fixed Issues Found

@codecov Codecov
Copy link

codecov bot commented Apr 30, 2024

Codecov Report

Attention: Patch coverage is 67.74194% with 10 lines in your changes are missing coverage. Please review.

Project coverage is 61.76%. Comparing base (faa3444) to head (817cbe3).

Files Patch % Lines
crates/bitwarden-crypto/src/sensitive/sensitive.rs 33.33% 6 Missing ⚠️
crates/bitwarden-uniffi/src/auth/mod.rs 0.00% 2 Missing ⚠️
crates/bitwarden/src/auth/client_auth.rs 0.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #753      +/-   ##
==========================================
- Coverage   61.78%   61.76%   -0.02%     
==========================================
  Files         172      172              
  Lines       10921    10931      +10     
==========================================
+ Hits         6747     6751       +4     
- Misses       4174     4180       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@dani-garcia dani-garcia requested a review from Hinton April 30, 2024 13:03
Hinton
Hinton approved these changes May 2, 2024
View reviewed changes
crates/bitwarden/src/auth/password/strength.rs
@@ -13,7 +14,7 @@ pub(crate) fn password_strength(
let mut arr: Vec<_> = inputs.iter().map(String::as_str).collect();
arr.extend(GLOBAL_INPUTS);

zxcvbn(&password, &arr).map_or(0, |e| e.score())
zxcvbn(password.expose(), &arr).map_or(0, |e| e.score())
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess zxcvbn will create copies on their end?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They make at least one yeah, this is inside the zxcvbn function:

let password = password.chars().take(100).collect::<String>();

I'll look later into seeing how that can be improved.

@dani-garcia dani-garcia merged commit da8bcbc into main May 2, 2024
77 checks passed
@dani-garcia dani-garcia deleted the ps/sensitive-password-strength branch May 2, 2024 10:31
Hinton added a commit that referenced this pull request May 17, 2024
@Hinton
Revert "Add sensitive to password strength and password policy (#753)"
c84ec8f 
This reverts commit da8bcbc.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hinton Hinton Hinton approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@dani-garcia @Hinton