Remove zxcvbn dependency

Pushing external lib purely to save user's from eventual stupidity is just simply not worth the bytes in the final zip archive.
JustArchiNET · May 2, 2024 · ff02a4a · ff02a4a
1 parent c8c35b5
commit ff02a4a
Show file tree

Hide file tree

Showing 9 changed files with 0 additions and 204 deletions.
diff --git a/ArchiSteamFarm.Tests/Utilities.cs b/ArchiSteamFarm.Tests/Utilities.cs
diff --git a/ArchiSteamFarm/ArchiSteamFarm.csproj b/ArchiSteamFarm/ArchiSteamFarm.csproj
@@ -25,7 +25,6 @@
 		<PackageReference Include="System.Composition" />
 		<PackageReference Include="System.Linq.Async" />
 		<PackageReference Include="System.Security.Cryptography.ProtectedData" />
-		<PackageReference Include="zxcvbn-core" />
 	</ItemGroup>
 
 	<ItemGroup>

diff --git a/ArchiSteamFarm/Core/Utilities.cs b/ArchiSteamFarm/Core/Utilities.cs
@@ -45,7 +45,6 @@
 using JetBrains.Annotations;
 using Microsoft.IdentityModel.JsonWebTokens;
 using SteamKit2;
-using Zxcvbn;
 
 namespace ArchiSteamFarm.Core;
 
@@ -57,9 +56,6 @@ public static class Utilities {
 
 	private static readonly FrozenSet<char> DirectorySeparators = new HashSet<char>(2) { Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar }.ToFrozenSet();
 
-	// normally we'd just use words like "steam" and "farm", but the library we're currently using is a bit iffy about banned words, so we need to also add combinations such as "steamfarm"
-	private static readonly FrozenSet<string> ForbiddenPasswordPhrases = new HashSet<string>(10, StringComparer.OrdinalIgnoreCase) { "archisteamfarm", "archi", "steam", "farm", "archisteam", "archifarm", "steamfarm", "asf", "asffarm", "password" }.ToFrozenSet(StringComparer.OrdinalIgnoreCase);
-
 	[PublicAPI]
 	public static string GenerateChecksumFor(byte[] source) {
 		ArgumentNullException.ThrowIfNull(source);
@@ -293,40 +289,6 @@ internal static void OnProgressChanged(string fileName, byte progressPercentage)
 		ASF.ArchiLogger.LogGenericDebug($"{fileName} {progressPercentage}%...");
 	}
 
-	internal static (bool IsWeak, string? Reason) TestPasswordStrength(string password, IEnumerable<string>? additionallyForbiddenPhrases = null) {
-		ArgumentException.ThrowIfNullOrEmpty(password);
-
-		HashSet<string> forbiddenPhrases = ForbiddenPasswordPhrases.ToHashSet(StringComparer.OrdinalIgnoreCase);
-
-		if (additionallyForbiddenPhrases != null) {
-			forbiddenPhrases.UnionWith(additionallyForbiddenPhrases);
-		}
-
-		Result result = Zxcvbn.Core.EvaluatePassword(password, forbiddenPhrases);
-
-		IList<string>? suggestions = result.Feedback.Suggestions;
-
-		if (!string.IsNullOrEmpty(result.Feedback.Warning)) {
-			suggestions ??= new List<string>(1);
-
-			suggestions.Insert(0, result.Feedback.Warning);
-		}
-
-		if (suggestions != null) {
-			for (byte i = 0; i < suggestions.Count; i++) {
-				string suggestion = suggestions[i];
-
-				if ((suggestion.Length == 0) || (suggestion[^1] == '.')) {
-					continue;
-				}
-
-				suggestions[i] = $"{suggestion}.";
-			}
-		}
-
-		return (result.Score < 4, suggestions is { Count: > 0 } ? string.Join(' ', suggestions.Where(static suggestion => suggestion.Length > 0)) : null);
-	}
-
 	internal static async Task<bool> UpdateCleanup(string targetDirectory) {
 		ArgumentException.ThrowIfNullOrEmpty(targetDirectory);
 

diff --git a/ArchiSteamFarm/Helpers/ArchiCryptoHelper.cs b/ArchiSteamFarm/Helpers/ArchiCryptoHelper.cs
@@ -22,7 +22,6 @@
 // limitations under the License.
 
 using System;
-using System.Collections.Frozen;
 using System.Collections.Generic;
 using System.ComponentModel;
 using System.Globalization;
@@ -47,8 +46,6 @@ public static class ArchiCryptoHelper {
 
 	internal static bool HasDefaultCryptKey { get; private set; } = true;
 
-	private static readonly FrozenSet<string> ForbiddenCryptKeyPhrases = new HashSet<string>(3, StringComparer.OrdinalIgnoreCase) { "crypt", "key", "cryptkey" }.ToFrozenSet(StringComparer.OrdinalIgnoreCase);
-
 	private static IEnumerable<byte> SteamParentalCharacters => Enumerable.Range('0', 10).Select(static character => (byte) character);
 
 	private static IEnumerable<byte[]> SteamParentalCodes {
@@ -179,16 +176,6 @@ internal static void SetEncryptionKey(string key) {
 			return;
 		}
 
-		Utilities.InBackground(
-			() => {
-				(bool isWeak, string? reason) = Utilities.TestPasswordStrength(key, ForbiddenCryptKeyPhrases);
-
-				if (isWeak) {
-					ASF.ArchiLogger.LogGenericWarning(string.Format(CultureInfo.CurrentCulture, Strings.WarningWeakCryptKey, reason));
-				}
-			}
-		);
-
 		byte[] encryptionKey = Encoding.UTF8.GetBytes(key);
 
 		if (encryptionKey.Length < MinimumRecommendedCryptKeyBytes) {

diff --git a/ArchiSteamFarm/Localization/Strings.Designer.cs b/ArchiSteamFarm/Localization/Strings.Designer.cs
diff --git a/ArchiSteamFarm/Localization/Strings.resx b/ArchiSteamFarm/Localization/Strings.resx
@@ -690,18 +690,6 @@ Process uptime: {1}</value>
 		<value>{0} config file will be migrated to the latest syntax...</value>
 		<comment>{0} will be replaced with the relative path to the affected config file</comment>
 	</data>
-	<data name="WarningWeakIPCPassword" xml:space="preserve">
-		<value>Your IPC password seems to be weak. Consider choosing a stronger one for increased security. Details: {0}</value>
-		<comment>{0} will be replaced by additional details about the password being considered weak</comment>
-	</data>
-	<data name="WarningWeakSteamPassword" xml:space="preserve">
-		<value>Your Steam password for '{0}' seems to be weak. Consider choosing a stronger one for increased security. Details: {1}</value>
-		<comment>{0} will be replaced by the affected bot name, {1} will be replaced by additional details about the password being considered weak</comment>
-	</data>
-	<data name="WarningWeakCryptKey" xml:space="preserve">
-		<value>Your encryption key seems to be weak. Consider choosing a stronger one for increased security. Details: {0}</value>
-		<comment>{0} will be replaced by additional details about the encryption key being considered weak</comment>
-	</data>
 	<data name="WarningTooShortCryptKey" xml:space="preserve">
 		<value>Your encryption key is too short. We recommend to use one that is at least {0} bytes (characters) long.</value>
 		<comment>{0} will be replaced by the number of bytes (characters) recommended</comment>

diff --git a/ArchiSteamFarm/Steam/Storage/BotConfig.cs b/ArchiSteamFarm/Steam/Storage/BotConfig.cs
@@ -562,30 +562,6 @@ public static async Task<bool> Write(string filePath, BotConfig botConfig) {
 			return (null, null);
 		}
 
-		string? decryptedSteamPassword = await botConfig.GetDecryptedSteamPassword().ConfigureAwait(false);
-
-		if (!string.IsNullOrEmpty(decryptedSteamPassword)) {
-			HashSet<string> disallowedValues = new(StringComparer.OrdinalIgnoreCase) { "account" };
-
-			if (!string.IsNullOrEmpty(botConfig.SteamLogin)) {
-				disallowedValues.Add(botConfig.SteamLogin);
-			}
-
-			Utilities.InBackground(
-				() => {
-					(bool isWeak, string? reason) = Utilities.TestPasswordStrength(decryptedSteamPassword, disallowedValues);
-
-					if (isWeak) {
-						if (string.IsNullOrEmpty(botName)) {
-							botName = Path.GetFileNameWithoutExtension(filePath);
-						}
-
-						ASF.ArchiLogger.LogGenericWarning(string.Format(CultureInfo.CurrentCulture, Strings.WarningWeakSteamPassword, botName, reason));
-					}
-				}
-			);
-		}
-
 		switch (botConfig.PasswordFormat) {
 			case ArchiCryptoHelper.ECryptoMethod.AES when ArchiCryptoHelper.HasDefaultCryptKey:
 				ASF.ArchiLogger.LogGenericError(string.Format(CultureInfo.CurrentCulture, Strings.WarningDefaultCryptKeyUsedForEncryption, botConfig.PasswordFormat, nameof(SteamPassword)));

diff --git a/ArchiSteamFarm/Storage/GlobalConfig.cs b/ArchiSteamFarm/Storage/GlobalConfig.cs
@@ -22,7 +22,6 @@
 // limitations under the License.
 
 using System;
-using System.Collections.Frozen;
 using System.Collections.Generic;
 using System.Collections.Immutable;
 using System.ComponentModel.DataAnnotations;
@@ -151,8 +150,6 @@ public sealed class GlobalConfig {
 	[PublicAPI]
 	public static readonly ImmutableHashSet<string> DefaultPluginsUpdateList = [];
 
-	private static readonly FrozenSet<string> ForbiddenIPCPasswordPhrases = new HashSet<string>(5, StringComparer.OrdinalIgnoreCase) { "ipc", "api", "gui", "asf-ui", "asf-gui" }.ToFrozenSet(StringComparer.OrdinalIgnoreCase);
-
 	[JsonIgnore]
 	[PublicAPI]
 	public WebProxy? WebProxy {
@@ -566,18 +563,6 @@ internal GlobalConfig() { }
 
 		if (globalConfig.IPC) {
 			switch (globalConfig.IPCPasswordFormat) {
-				case ArchiCryptoHelper.EHashingMethod.PlainText when !string.IsNullOrEmpty(globalConfig.IPCPassword):
-					Utilities.InBackground(
-						() => {
-							(bool isWeak, string? reason) = Utilities.TestPasswordStrength(globalConfig.IPCPassword, ForbiddenIPCPasswordPhrases);
-
-							if (isWeak) {
-								ASF.ArchiLogger.LogGenericWarning(string.Format(CultureInfo.CurrentCulture, Strings.WarningWeakIPCPassword, reason));
-							}
-						}
-					);
-
-					break;
 				case ArchiCryptoHelper.EHashingMethod.Pbkdf2 when ArchiCryptoHelper.HasDefaultCryptKey:
 				case ArchiCryptoHelper.EHashingMethod.SCrypt when ArchiCryptoHelper.HasDefaultCryptKey:
 					ASF.ArchiLogger.LogGenericWarning(string.Format(CultureInfo.CurrentCulture, Strings.WarningDefaultCryptKeyUsedForHashing, globalConfig.IPCPasswordFormat, nameof(IPCPassword)));

diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -22,6 +22,5 @@
 		<PackageVersion Include="System.Composition.AttributedModel" Version="8.0.0" />
 		<PackageVersion Include="System.Linq.Async" Version="6.0.1" />
 		<PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="8.0.0" />
-		<PackageVersion Include="zxcvbn-core" Version="7.0.92" />
 	</ItemGroup>
 </Project>