diff --git a/template/config/index.js b/template/config/index.js index 6b33530e..347a6bd9 100644 --- a/template/config/index.js +++ b/template/config/index.js @@ -8,7 +8,7 @@ const consolidate = require('consolidate'); const manifestRev = require('manifest-rev'); const ms = require('ms'); const nodemailer = require('nodemailer'); -const strength = require('strength'); +const zxcvbn = require('zxcvbn'); const { boolean } = require('boolean'); const pkg = require('../package'); @@ -171,9 +171,9 @@ const config = { keylen: 512, passwordValidator: (password, fn) => { if (env.NODE_ENV === 'development') return fn(); - const howStrong = strength(password); + const { score } = zxcvbn(password); fn( - howStrong < 3 + score < 3 ? Boom.badRequest(phrases.INVALID_PASSWORD_STRENGTH) : null ); diff --git a/template/package.json b/template/package.json index a70904f1..ab9d9e4a 100644 --- a/template/package.json +++ b/template/package.json @@ -112,11 +112,11 @@ "signale": "^1.4.0", "speakingurl": "^14.0.1", "stacktrace-js": "^2.0.2", - "strength": "^0.1.4", "sweetalert2": "8.x", "titleize": "^2.1.0", "uncaught": "^0.0.5", - "validator": "^13.0.0" + "validator": "^13.0.0", + "zxcvbn": "^4.4.2" }, "devDependencies": { "@babel/cli": "^7.8.4", diff --git a/template/test/web/auth.js b/template/test/web/auth.js index 16900b11..e2a0cecb 100644 --- a/template/test/web/auth.js +++ b/template/test/web/auth.js @@ -1,5 +1,6 @@ const util = require('util'); const test = require('ava'); +const cryptoRandomString = require('crypto-random-string'); const phrases = require('../../config/phrases'); const { Users } = require('../../app/models'); @@ -27,6 +28,28 @@ test('fails registering with easy password', async t => { t.is(res.status, 400); }); +test('successfully registers with strong password', async t => { + const res = await global.web.post('/en/register', { + body: { + email: 'test12@example.com', + password: 'Thi$i$@$r0ng3rP@$$W0rdMyDude' + } + }); + t.is(res.body.message, undefined); + t.is(res.status, 200); +}); + +test('successfully registers with stronger password', async t => { + const res = await global.web.post('/en/register', { + body: { + email: 'test123@example.com', + password: cryptoRandomString({ length: 50 }) + } + }); + t.is(res.body.message, undefined); + t.is(res.status, 200); +}); + test('fails registering invalid email', async t => { const res = await global.web.post('/en/register', { body: { diff --git a/template/yarn.lock b/template/yarn.lock index 19f15782..28f95281 100644 --- a/template/yarn.lock +++ b/template/yarn.lock @@ -17180,11 +17180,6 @@ streaming-json-stringify@3: json-stringify-safe "5" readable-stream "2" -strength@^0.1.4: - version "0.1.4" - resolved "https://registry.yarnpkg.com/strength/-/strength-0.1.4.tgz#c12b1a254fe50150eab6e21a80ebac6426ec561b" - integrity sha1-wSsaJU/lAVDqtuIagOusZCbsVhs= - strict-uri-encode@^1.0.0: version "1.1.0" resolved "https://registry.yarnpkg.com/strict-uri-encode/-/strict-uri-encode-1.1.0.tgz#279b225df1d582b1f54e65addd4352e18faa0713" @@ -19737,3 +19732,8 @@ ylru@^1.2.0: version "1.2.1" resolved "https://registry.yarnpkg.com/ylru/-/ylru-1.2.1.tgz#f576b63341547989c1de7ba288760923b27fe84f" integrity sha512-faQrqNMzcPCHGVC2aaOINk13K+aaBDUPjGWl0teOXywElLjyVAB6Oe2jj62jHYtwsU49jXhScYbvPENK+6zAvQ== + +zxcvbn@^4.4.2: + version "4.4.2" + resolved "https://registry.yarnpkg.com/zxcvbn/-/zxcvbn-4.4.2.tgz#28ec17cf09743edcab056ddd8b1b06262cc73c30" + integrity sha1-KOwXzwl0PtyrBW3dixsGJizHPDA=