feat: provide password feedback #5111
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
This presents a somewhat suboptimal user flow. If the user enters a weak password, sees the feedback, and then wishes to try a better password, they need to restart the password changing flow. Another option is to provide feedback prior to the confirmation prompt and return to the initial prompt. If the user enters the same password, continue to the confirmation prompt without feedback. This adds no additional steps to the case where the password is strong (as there is no feedback), but adds an additional password entry step to the case where the password is weak (and feedback is presented). Not sure if this is preferable, or just annoying to the user. |
CjS77
added
P-acks_required
AaronFeickert
commented
Jan 12, 2023
AaronFeickert
force-pushed
the
password-feedback
branch
2 times, most recently
from
78b75b3
to
648f0f8
Compare
AaronFeickert
force-pushed
the
password-feedback
branch
from
648f0f8
to
d01d1c0
Compare
stringhandler
approved these changes
Jan 18, 2023
CjS77
removed
the
P-reviews_required
SWvheerden
pushed a commit
that referenced
this pull request
Mar 31, 2023
Description --- Improves the flow for setting or changing a passphrase. Closes [issue 5127](#5127). Motivation and Context --- When setting or [changing](#5175) a wallet passphrase, the console wallet provides [feedback](#5111) on the strength of the provided passphrase. In the case of a weak passphrase, it does not prompt the user to choose a better one. This PR implements a better flow for this process, as shown in [this flowchart](#5127 (comment)). How Has This Been Tested? --- Tested manually. What process can a PR reviewer use to test or verify this change? --- Testing needs to be done manually to assert that the process represented by the linked flowchart is implemented. Manual testing should cover the entire flow for these two operations: - Setting the passphrase for a new wallet - Changing the passphrase for an existing wallet Breaking Changes --- None.
agubarev
pushed a commit
to agubarev/tari
that referenced
this pull request
Mar 31, 2023
Description --- Improves the flow for setting or changing a passphrase. Closes [issue 5127](tari-project#5127). Motivation and Context --- When setting or [changing](tari-project#5175) a wallet passphrase, the console wallet provides [feedback](tari-project#5111) on the strength of the provided passphrase. In the case of a weak passphrase, it does not prompt the user to choose a better one. This PR implements a better flow for this process, as shown in [this flowchart](tari-project#5127 (comment)). How Has This Been Tested? --- Tested manually. What process can a PR reviewer use to test or verify this change? --- Testing needs to be done manually to assert that the process represented by the linked flowchart is implemented. Manual testing should cover the entire flow for these two operations: - Setting the passphrase for a new wallet - Changing the passphrase for an existing wallet Breaking Changes --- None.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Adds wallet password complexity feedback. Allows empty passwords. Adds a warning indicating that password changing functionality is not yet implemented. Adds tests.
Closes issue 5101.
Motivation and Context
The only check on a wallet password is that it not be empty. This introduces two issues:
This PR uses the zxcvbn password complexity library to score a password and provide actionable feedback to the user. When the user enters a new password or changes their password, feedback is displayed if applicable. This is informational; the user is free to ignore the feedback if they wish.
Further, the user is now allowed to set an empty password, which may be desired for backups that must fail available. A warning is displayed if this happens.
Finally, a warning message is displayed during the password changing process to indicate that this functionality is incomplete.
How Has This Been Tested?
Existing CI passes. New tests pass. Tested manually for new wallets.