Improved master password validation

2023-06-28 00:08:51 +03:00 · 2023-06-28 00:08:51 +03:00 · 580641bcf4
commit 580641bcf4
parent bc56846843
3 changed files with 157 additions and 54 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -8,6 +8,21 @@ version = "0.11.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe438c63458706e03479442743baae6c88256498e6431708f6dfc520a26515d3"

+[[package]]
+name = "addr2line"
+version = "0.19.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a76fd60b23679b7d19bd066031410fb7e458ccc5e958eb5c325888ce4baedc97"
+dependencies = [
+ "gimli",
+]
+
+[[package]]
+name = "adler"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe"
+
 [[package]]
 name = "aead"
 version = "0.5.2"
@ -120,7 +135,7 @@ checksum = "16e62a023e7c117e27523144c5d2459f4397fcc3cab0085af8e2224f643a0193"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -131,7 +146,7 @@ checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -149,6 +164,21 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"

+[[package]]
+name = "backtrace"
+version = "0.3.67"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "233d376d6d185f2a3093e58f283f60f880315b6c60075b01f36b3b85154564ca"
+dependencies = [
+ "addr2line",
+ "cc",
+ "cfg-if",
+ "libc",
+ "miniz_oxide",
+ "object",
+ "rustc-demangle",
+]
+
 [[package]]
 name = "bae"
 version = "0.1.7"
@ -193,9 +223,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

 [[package]]
 name = "bitflags"
-version = "2.3.2"
+version = "2.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6dbe3c979c178231552ecba20214a8272df4e09f232a87aef4320cf06539aded"
+checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42"

 [[package]]
 name = "bitvec"
@ -435,7 +465,7 @@ name = "cryptography"
 version = "0.1.0"
 dependencies = [
 "arrayvec",
- "bitflags 2.3.2",
+ "bitflags 2.3.3",
 "chacha20poly1305",
 "entity",
 "once_cell",
@ -700,7 +730,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -755,10 +785,16 @@ dependencies = [
 ]

 [[package]]
-name = "h2"
-version = "0.3.19"
+name = "gimli"
+version = "0.27.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d357c7ae988e7d2182f7d7871d0b963962420b0678b0997ce7de72001aeab782"
+checksum = "b6c80984affa11d98d1b88b66ac8853f143217b399d3c74116778ff8fdb4ed2e"
+
+[[package]]
+name = "h2"
+version = "0.3.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97ec8491ebaf99c8eaa73058b045fe58073cd6be7f596ac993ced0b0a0c01049"
 dependencies = [
 "bytes",
 "fnv",
@ -900,9 +936,9 @@ checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"

 [[package]]
 name = "hyper"
-version = "0.14.26"
+version = "0.14.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ab302d72a6f11a3b910431ff93aae7e773078c769f0a3ef15fb9ec692ed147d4"
+checksum = "ffb1cfd654a8219eaef89881fdb3bb3b1cdc5fa75ded05d6933b2b382e395468"
 dependencies = [
 "bytes",
 "futures-channel",
@ -1015,9 +1051,9 @@ dependencies = [

 [[package]]
 name = "ipnet"
-version = "2.7.2"
+version = "2.8.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "12b6ee2129af8d4fb011108c73d99a1b83a85977f23b82460c0ae2e25bb4b57f"
+checksum = "28b29a3cd74f0f4598934efe3aeba42bae0eb4680554128851ebbecb02af14e6"

 [[package]]
 name = "is-terminal"
@ -1075,9 +1111,9 @@ dependencies = [

 [[package]]
 name = "libc"
-version = "0.2.146"
+version = "0.2.147"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b"
+checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3"

 [[package]]
 name = "libm"
@ -1151,6 +1187,15 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"

+[[package]]
+name = "miniz_oxide"
+version = "0.6.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b275950c28b37e794e8c55d88aeb5e139d0ce23fdbbeda68f8d7174abdf9e8fa"
+dependencies = [
+ "adler",
+]
+
 [[package]]
 name = "mio"
 version = "0.8.8"
@ -1191,9 +1236,9 @@ dependencies = [

 [[package]]
 name = "num-bigint-dig"
-version = "0.8.2"
+version = "0.8.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2399c9463abc5f909349d8aa9ba080e0b88b3ce2885389b60b993f39b1a56905"
+checksum = "53ba502077159ace3aa56c25449a007173a406607a94ef665247246191eb38b1"
 dependencies = [
 "byteorder",
 "lazy_static",
@ -1247,6 +1292,15 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "object"
+version = "0.30.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03b4680b86d9cfafba8fc491dc9b6df26b68cf40e9e6cd73909194759a63c385"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "once_cell"
 version = "1.18.0"
@ -1414,7 +1468,7 @@ checksum = "39407670928234ebc5e6e580247dd567ad73a3578460c5990f9503df207e8f07"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -1513,9 +1567,9 @@ dependencies = [

 [[package]]
 name = "proc-macro2"
-version = "1.0.60"
+version = "1.0.63"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dec2b086b7a862cf4de201096214fa870344cf922b2b30c167badb3af3195406"
+checksum = "7b368fba921b0dce7e60f5e04ec15e565b3303972b42bcfde1d0713b881959eb"
 dependencies = [
 "unicode-ident",
 ]
@ -1776,6 +1830,12 @@ dependencies = [
 "serde_json",
 ]

+[[package]]
+name = "rustc-demangle"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d626bb9dae77e28219937af045c257c28bfd3f69333c512553507f5f9798cb76"
+
 [[package]]
 name = "rustc-hash"
 version = "1.1.0"
@ -2070,14 +2130,14 @@ checksum = "d9735b638ccc51c28bf6914d90a2e9725b377144fc612c49a611fddd1b631d68"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
 name = "serde_json"
-version = "1.0.97"
+version = "1.0.99"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bdf3bf93142acad5821c99197022e170842cdbc1c30482b98750c688c640842a"
+checksum = "46266871c240a00b8f503b877622fe33430b3c7d963bdc0f2adc511e54a1eae3"
 dependencies = [
 "itoa",
 "ryu",
@ -2336,9 +2396,9 @@ dependencies = [

 [[package]]
 name = "syn"
-version = "2.0.18"
+version = "2.0.22"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32d41677bcbe24c20c52e7c70b0d8db04134c5d1066bf98662e2871ad200ea3e"
+checksum = "2efbeae7acf4eabd6bcdcbd11c92f45231ddda7539edc7806bd1a04a03b24616"
 dependencies = [
 "proc-macro2",
 "quote",
@ -2459,7 +2519,7 @@ checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -2516,11 +2576,12 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"

 [[package]]
 name = "tokio"
-version = "1.28.2"
+version = "1.29.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94d7b1cfd2aa4011f2de74c2c4c63665e27a71006b0a192dcd2710272e73dfa2"
+checksum = "374442f06ee49c3a28a8fc9f01a2596fed7559c6b99b31279c3261778e77d84f"
 dependencies = [
 "autocfg",
+ "backtrace",
 "bytes",
 "libc",
 "mio",
@ -2540,7 +2601,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -2625,7 +2686,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 ]

 [[package]]
@ -2742,9 +2803,9 @@ dependencies = [

 [[package]]
 name = "uuid"
-version = "1.3.4"
+version = "1.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fa2982af2eec27de306107c027578ff7f423d65f7250e40ce0fea8f45248b81"
+checksum = "d023da39d1fde5a8a3fe1f3e01ca9632ada0a63e9797de55a879d6e2236277be"
 dependencies = [
 "getrandom",
 "serde",
@ -2798,7 +2859,7 @@ dependencies = [
 "once_cell",
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 "wasm-bindgen-shared",
 ]

@ -2832,7 +2893,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b"
 dependencies = [
 "proc-macro2",
 "quote",
- "syn 2.0.18",
+ "syn 2.0.22",
 "wasm-bindgen-backend",
 "wasm-bindgen-shared",
 ]
--- a/cryptography/src/passwords.rs
+++ b/cryptography/src/passwords.rs
@ -11,6 +11,15 @@ bitflags::bitflags! {
        const NUMBER = 0b0100;
        const SPECIAL_CHARACTER = 0b1000;
    }
+
+    #[derive(PartialEq, Eq)]
+    pub struct PasswordValidity: u8 {
+        const NO_LOWERCASE = 0b00001;
+        const NO_UPPERCASE = 0b00010;
+        const NO_NUMBER = 0b00100;
+        const NO_SPECIAL_CHARACTER = 0b01000;
+        const TOO_SHORT = 0b10000;
+    }
 }

 /// Returns true if the generated master password is valid.
@ -35,6 +44,7 @@ fn check_generated_password<const LENGTH: usize>(password: &[u8; LENGTH]) -> boo
    false
 }

+/// Continuously generates the password until it passes the checks
 #[inline]
 fn generate_password<R, const LENGTH: usize>(rng: &mut R) -> ArrayString<LENGTH>
 where
@ -48,7 +58,6 @@ where
    }
 }

-/// Continuously generates the password until it passes the checks
 #[inline]
 pub fn generate_passwords<const AMOUNT: usize, const LENGTH: usize>(
 ) -> [ArrayString<LENGTH>; AMOUNT] {
@ -57,26 +66,32 @@ pub fn generate_passwords<const AMOUNT: usize, const LENGTH: usize>(
 }

 #[inline]
-pub fn check_master_pass(password: &str) -> bool {
+pub fn check_master_pass(password: &str) -> PasswordValidity {
    let mut count = 0;
    let mut chars = password.chars();
-    let mut flags = PasswordFlags::empty();
+    let mut flags = PasswordValidity::all();
+
    for char in &mut chars {
        count += 1;
        if char.is_lowercase() {
-            flags |= PasswordFlags::LOWERCASE
+            flags.remove(PasswordValidity::NO_LOWERCASE)
        } else if char.is_uppercase() {
-            flags |= PasswordFlags::UPPERCASE
+            flags.remove(PasswordValidity::NO_UPPERCASE)
        } else if char.is_ascii_digit() {
-            flags |= PasswordFlags::NUMBER;
+            flags.remove(PasswordValidity::NO_NUMBER)
        } else if char.is_ascii_punctuation() {
-            flags |= PasswordFlags::SPECIAL_CHARACTER
+            flags.remove(PasswordValidity::NO_SPECIAL_CHARACTER)
        }

-        if flags.is_all() {
+        if flags == PasswordValidity::TOO_SHORT {
            count += chars.count();
-            return count >= 8;
+            break;
        }
    }
-    false
+
+    if count >= 8 {
+        flags.remove(PasswordValidity::TOO_SHORT)
+    }
+
+    flags
 }
--- a/src/state/get_new_master_pass.rs
+++ b/src/state/get_new_master_pass.rs
@ -1,10 +1,36 @@
 use crate::MainDialogue;
-use cryptography::passwords::check_master_pass;
+use cryptography::passwords::{check_master_pass, PasswordValidity};
 use sea_orm::DatabaseConnection;
 use teloxide::{adaptors::Throttle, prelude::*};

-const INVALID_MASTER_PASS_MESSAGE: &str = "Master password is invalid. It must be at least 8 characters long. \
-It also has to contain at least one lowercase, one uppercase, one number and one punctuation character";
+#[inline]
+fn process_validity(validity: PasswordValidity) -> Result<(), String> {
+    if validity.is_empty() {
+        return Ok(());
+    }
+
+    let mut error_text = "Your master password is invalid:\n".to_owned();
+
+    if validity.contains(PasswordValidity::NO_LOWERCASE) {
+        error_text.push_str("\n* It doesn't have any lowercase characters")
+    }
+    if validity.contains(PasswordValidity::NO_UPPERCASE) {
+        error_text.push_str("\n* It doesn't have any uppercase characters")
+    }
+    if validity.contains(PasswordValidity::NO_NUMBER) {
+        error_text.push_str("\n* It doesn't have any numbers")
+    }
+    if validity.contains(PasswordValidity::NO_SPECIAL_CHARACTER) {
+        error_text.push_str("\n* It doesn't have any special characters")
+    }
+    if validity.contains(PasswordValidity::TOO_SHORT) {
+        error_text.push_str("\n* It is shorter than 8 characters")
+    }
+
+    error_text.push_str("\n\nModify your password and send it again");
+
+    Err(error_text)
+}

 /// Checks that the account with that name exists
 #[inline]
@ -13,14 +39,15 @@ async fn check_new_master_pass(
    msg: &Message,
    password: &str,
 ) -> crate::Result<Option<Message>> {
-    let is_valid = check_master_pass(password);
-    if !is_valid {
-        let msg = bot
-            .send_message(msg.chat.id, INVALID_MASTER_PASS_MESSAGE)
-            .await?;
-        return Ok(Some(msg));
+    let validity = check_master_pass(password);
+
+    match process_validity(validity) {
+        Ok(()) => Ok(None),
+        Err(error_text) => {
+            let msg = bot.send_message(msg.chat.id, error_text).await?;
+            Ok(Some(msg))
+        }
    }
-    Ok(None)
 }

 /// Handles GetNewMasterPass state