From 4e6a8de93505622c777478e235af6b8ca24d0579 Mon Sep 17 00:00:00 2001
From: "Jonathan (JB) Belcher" <belcherj@gmail.com>
Date: Thu, 14 May 2020 10:58:38 -0400
Subject: [PATCH 1/5] Add protection against insecure passwords

---
 lib/auth/index.tsx        | 20 ++++++++++++++++++++
 lib/boot-without-auth.tsx |  6 ++++++
 2 files changed, 26 insertions(+)

diff --git a/lib/auth/index.tsx b/lib/auth/index.tsx
index c9a3f3635..a8a5aa796 100644
--- a/lib/auth/index.tsx
+++ b/lib/auth/index.tsx
@@ -11,6 +11,7 @@ import { viewExternalUrl } from '../utils/url-utils';
 
 type OwnProps = {
   authPending: boolean;
+  hasInsecurePassword: boolean;
   hasInvalidCredentials: boolean;
   hasLoginError: boolean;
   login: (username: string, password: string) => any;
@@ -76,6 +77,25 @@ export class Auth extends Component<Props> {
           {!this.state.onLine && (
             <p className="login__auth-message is-error">Offline</p>
           )}
+          {this.props.hasInsecurePassword && (
+            <p
+              className="login__auth-message is-error"
+              data-error-name="invalid-login"
+            >
+              Your password is insecure and must be
+              <a
+                className="login__reset"
+                href="https://app.simplenote.com/reset/"
+                target="_blank"
+                rel="noopener noreferrer"
+                onClick={this.onForgot}
+              >
+                reset
+              </a>
+              . The password requirements are: Password cannot match email,
+              Between 8 and 64 characters, No new lines, and No tabs
+            </p>
+          )}
           {this.props.hasInvalidCredentials && (
             <p
               className="login__auth-message is-error"
diff --git a/lib/boot-without-auth.tsx b/lib/boot-without-auth.tsx
index 93bbf5dc8..c249d20ab 100644
--- a/lib/boot-without-auth.tsx
+++ b/lib/boot-without-auth.tsx
@@ -3,6 +3,7 @@ import { render } from 'react-dom';
 import { Auth as AuthApp } from './auth';
 import { Auth as SimperiumAuth } from 'simperium';
 import analytics from './analytics';
+import { validatePassword } from '../utils/validate-password';
 
 import getConfig from '../get-config';
 
@@ -16,6 +17,7 @@ type State = {
   authStatus:
     | 'unsubmitted'
     | 'submitting'
+    | 'insecure-password'
     | 'invalid-credentials'
     | 'unknown-error';
 };
@@ -42,6 +44,9 @@ class AppWithoutAuth extends Component<Props, State> {
       auth
         .authorize(username, password)
         .then((user: User) => {
+          if (!validatePassword(password, username)) {
+            this.setState({ authStatus: 'insecure-password' });
+          }
           if (!user.access_token) {
             throw new Error('missing access token');
           }
@@ -96,6 +101,7 @@ class AppWithoutAuth extends Component<Props, State> {
       <div className={`app theme-${systemTheme}`}>
         <AuthApp
           authPending={this.state.authStatus === 'submitting'}
+          hasInsecurePassword={this.state.authStatus === 'insecure-password'}
           hasInvalidCredentials={
             this.state.authStatus === 'invalid-credentials'
           }

From 882491e9a125bae3978b31fee26e30087b08284a Mon Sep 17 00:00:00 2001
From: Kat Hagan <kat@codebykat.com>
Date: Fri, 15 May 2020 03:18:52 -0700
Subject: [PATCH 2/5] fix util location

---
 lib/boot-without-auth.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/boot-without-auth.tsx b/lib/boot-without-auth.tsx
index c249d20ab..ff7f880bd 100644
--- a/lib/boot-without-auth.tsx
+++ b/lib/boot-without-auth.tsx
@@ -3,7 +3,7 @@ import { render } from 'react-dom';
 import { Auth as AuthApp } from './auth';
 import { Auth as SimperiumAuth } from 'simperium';
 import analytics from './analytics';
-import { validatePassword } from '../utils/validate-password';
+import { validatePassword } from './utils/validate-password';
 
 import getConfig from '../get-config';
 

From 044e5305a684a7c1621e2c2d84fbb69e6fab2e7e Mon Sep 17 00:00:00 2001
From: Kat Hagan <kat@codebykat.com>
Date: Fri, 15 May 2020 03:21:33 -0700
Subject: [PATCH 3/5] text update

---
 lib/auth/index.tsx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/auth/index.tsx b/lib/auth/index.tsx
index a8a5aa796..592f5ab35 100644
--- a/lib/auth/index.tsx
+++ b/lib/auth/index.tsx
@@ -92,8 +92,8 @@ export class Auth extends Component<Props> {
               >
                 reset
               </a>
-              . The password requirements are: Password cannot match email,
-              Between 8 and 64 characters, No new lines, and No tabs
+              . Passwords must be between 8 and 64 characters long and may not
+              include your email address, new lines, or tabs.
             </p>
           )}
           {this.props.hasInvalidCredentials && (

From 18a07fbe29d7d0637968b111d0c9903cc3c71778 Mon Sep 17 00:00:00 2001
From: "Jonathan (JB) Belcher" <belcherj@gmail.com>
Date: Fri, 15 May 2020 14:30:31 -0400
Subject: [PATCH 4/5] Add small fixes

---
 lib/auth/index.tsx        | 2 +-
 lib/boot-without-auth.tsx | 1 +
 package-lock.json         | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/auth/index.tsx b/lib/auth/index.tsx
index 592f5ab35..a22cddff1 100644
--- a/lib/auth/index.tsx
+++ b/lib/auth/index.tsx
@@ -82,7 +82,7 @@ export class Auth extends Component<Props> {
               className="login__auth-message is-error"
               data-error-name="invalid-login"
             >
-              Your password is insecure and must be
+              Your password is insecure and must be{' '}
               <a
                 className="login__reset"
                 href="https://app.simplenote.com/reset/"
diff --git a/lib/boot-without-auth.tsx b/lib/boot-without-auth.tsx
index ff7f880bd..00aea48b8 100644
--- a/lib/boot-without-auth.tsx
+++ b/lib/boot-without-auth.tsx
@@ -46,6 +46,7 @@ class AppWithoutAuth extends Component<Props, State> {
         .then((user: User) => {
           if (!validatePassword(password, username)) {
             this.setState({ authStatus: 'insecure-password' });
+            return;
           }
           if (!user.access_token) {
             throw new Error('missing access token');
diff --git a/package-lock.json b/package-lock.json
index 596d09b92..80fc2d10e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "simplenote",
-  "version": "1.16.0-2073",
+  "version": "1.16.0-2078",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {

From b90a3cdf45e41b65e5ad2a941791ccc43179a9e2 Mon Sep 17 00:00:00 2001
From: Kat Hagan <kat@codebykat.com>
Date: Sun, 17 May 2020 16:41:13 -0700
Subject: [PATCH 5/5] pass email to reset URL

---
 lib/auth/index.tsx | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/auth/index.tsx b/lib/auth/index.tsx
index a22cddff1..971c5b658 100644
--- a/lib/auth/index.tsx
+++ b/lib/auth/index.tsx
@@ -85,7 +85,10 @@ export class Auth extends Component<Props> {
               Your password is insecure and must be{' '}
               <a
                 className="login__reset"
-                href="https://app.simplenote.com/reset/"
+                href={
+                  'https://app.simplenote.com/reset/?email=' +
+                  encodeURIComponent(get(this.usernameInput, 'value'))
+                }
                 target="_blank"
                 rel="noopener noreferrer"
                 onClick={this.onForgot}