Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce strong passwords in UI #1266

Merged
merged 16 commits into from
Oct 13, 2023
Merged

Enforce strong passwords in UI #1266

merged 16 commits into from
Oct 13, 2023

Conversation

SuaYoo
Copy link
Member

@SuaYoo SuaYoo commented Oct 11, 2023
edited
Loading

Resolves #1233

Changes

  • Enforces password with minimum zxcvbn score of 3 on org join, password reset, and user account settings pages
  • Shows suggestions returned from zxcvbn. Only supports english at this time
  • Login/sign-up form size tweaks to accommodate longer help text
  • Re-order display name entry and password on org join form so that password feedback is closer to submit button

Out-of-scope change: made name required so that reorder makes sense, and also so that we don't have to deal with displaying long email addresses in the UI. cc @Shrinks99 @ikreymer

Manual testing

Test password input works as expected on following pages:

  • Org join
  • Account settings
  • Password reset

Screenshots

Page Image/video
Sign-up/Join Screenshot 2023-10-11 at 1 26 36 PM
Password reset Screenshot 2023-10-11 at 1 20 38 PM
Password Input - Unacceptable scores 0-2 Screenshot 2023-10-11 at 1 26 43 PM

Screenshot 2023-10-11 at 1 26 50 PM

Screenshot 2023-10-11 at 1 26 56 PM

Screenshot 2023-10-11 at 1 27 06 PM
Password input - Acceptable score of 3 Screenshot 2023-10-11 at 1 27 12 PM
Password input - Strong password score of 4 Screenshot 2023-10-11 at 1 27 16 PM

@SuaYoo SuaYoo mentioned this pull request Oct 11, 2023
Merged
@SuaYoo SuaYoo force-pushed the frontend-password-strength-check branch from f050ce1 to a72d6ae Compare October 11, 2023 20:43
@SuaYoo SuaYoo marked this pull request as ready for review October 11, 2023 21:07
tw4l
tw4l approved these changes Oct 11, 2023
View reviewed changes
Copy link
Member

@tw4l tw4l left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice! Tested and working great

@Shrinks99
Copy link
Member

If we don't allow either level 1 or level 2, should we keep the error state the same between both levels?

... Or is there more value in showing users that their password has gotten more secure but still isn't enough? Currently leaning towards what we have already, but still worth a question.

@tw4l
Copy link
Member

tw4l commented Oct 11, 2023

If we don't allow either level 1 or level 2, should we keep the error state the same between both levels?

... Or is there more value in showing users that their password has gotten more secure but still isn't enough? Currently leaning towards what we have already, but still worth a question.

I for one like the incremental changes as a way to know you're on the right track

Shrinks99
Shrinks99 approved these changes Oct 11, 2023
View reviewed changes
Copy link
Member

@Shrinks99 Shrinks99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes, looks great! :D

@tw4l
Copy link
Member

tw4l commented Oct 11, 2023
edited
Loading

@SuaYoo I just realized we'll want to add this new password validation to the Account Settings password change flow and the reset a password from a "forgot password" email flow as well

@SuaYoo
Copy link
Member Author

SuaYoo commented Oct 12, 2023
edited
Loading

@SuaYoo I just realized we'll want to add this new password validation to the Account Settings password change flow and the reset a password from a "forgot password" email flow as well

Can you clarify what you mean? This is implemented in the account settings and reset password, see screenshots!

Edit: oh bummer, I see that my manual testing steps got truncated.

@tw4l
Copy link
Member

tw4l commented Oct 12, 2023
edited
Loading

This is implemented in the account settings and reset password, see screenshots!

Edit: oh bummer, I see that my manual testing steps got truncated.

Oh good, then never mind me! :)

@SuaYoo SuaYoo merged commit 630c00c into main Oct 13, 2023
2 checks passed
@SuaYoo SuaYoo deleted the frontend-password-strength-check branch October 13, 2023 02:37
tw4l pushed a commit that referenced this pull request Oct 18, 2023
@SuaYoo @tw4l
Enforce strong passwords in UI (#1266)
792f2dd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tw4l tw4l tw4l approved these changes

@Shrinks99 Shrinks99 Shrinks99 approved these changes

@ikreymer ikreymer Awaiting requested review from ikreymer

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add and enforce password validation
3 participants
@SuaYoo @Shrinks99 @tw4l