New password strength implementation based on zxcvbn4j

2026-04-19 17:16:53 -04:00 · 2016-04-15 22:52:57 +02:00
parent bcfe040784
commit bf5ce9a3a5
8 changed files with 163 additions and 105 deletions
--- a/main/ui/src/main/java/org/cryptomator/ui/controllers/ChangePasswordController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controllers/ChangePasswordController.java
@@ -5,6 +5,7 @@
 *
 * Contributors:
 *     Sebastian Stenzel - initial API and implementation
+ *     Jean-Noël Charon - password strength meter
 *******************************************************************************/
 package org.cryptomator.ui.controllers;

@@ -20,6 +21,8 @@ import javax.inject.Singleton;

 import com.nulabinc.zxcvbn.Strength;
 import com.nulabinc.zxcvbn.Zxcvbn;
+import javafx.beans.property.IntegerProperty;
+import javafx.beans.property.SimpleIntegerProperty;
 import javafx.scene.control.Label;
 import javafx.scene.paint.Color;
 import javafx.scene.shape.Rectangle;
@@ -29,6 +32,8 @@ import org.cryptomator.crypto.engine.UnsupportedVaultFormatException;
 import org.cryptomator.ui.controls.SecPasswordField;
 import org.cryptomator.ui.model.Vault;
 import org.cryptomator.ui.settings.Localization;
+import org.cryptomator.ui.util.PasswordStrengthUtil;
+import org.fxmisc.easybind.EasyBind;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -51,8 +56,7 @@ public class ChangePasswordController extends LocalizedFXMLViewController {
 	private final Application app;
 	final ObjectProperty<Vault> vault = new SimpleObjectProperty<>();
 	private Optional<ChangePasswordListener> listener = Optional.empty();
-	private Zxcvbn zxcvbn = new Zxcvbn();
-	private List<String> sanitizedInputs = new ArrayList();
+	final IntegerProperty passwordStrength = new SimpleIntegerProperty(); // 0-4

 	@Inject
 	public ChangePasswordController(Application app, Localization localization) {
@@ -60,6 +64,9 @@ public class ChangePasswordController extends LocalizedFXMLViewController {
 		this.app = app;
 	}

+	@Inject
+	PasswordStrengthUtil strengthRater;
+
 	@FXML
 	private SecPasswordField oldPasswordField;

@@ -90,17 +97,14 @@ public class ChangePasswordController extends LocalizedFXMLViewController {
 		BooleanBinding newPasswordIsEmpty = newPasswordField.textProperty().isEmpty();
 		BooleanBinding passwordsDiffer = newPasswordField.textProperty().isNotEqualTo(retypePasswordField.textProperty());
 		changePasswordButton.disableProperty().bind(oldPasswordIsEmpty.or(newPasswordIsEmpty.or(passwordsDiffer)));
-		newPasswordField.textProperty().addListener((observable, oldValue, newValue) -> {
-			checkPasswordStrength(newValue);
-		});
+		EasyBind.subscribe(newPasswordField.textProperty(), this::checkPasswordStrength);

-		// default password strength bar visual properties
-		passwordStrengthShape.setStroke(Color.GRAY);
-		changeProgressBarAspect(0f, 0f, Color.web("#FF0000"));
-		passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : 0%");
+		strengthRater.setLocalization(localization);

-		// preparing inputs for the password strength checker
-		sanitizedInputs.add("cryptomator");
+		passwordStrengthShape.widthProperty().bind(EasyBind.map(passwordStrength, strengthRater::getWidth));
+		passwordStrengthShape.fillProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthColor));
+		passwordStrengthShape.strokeWidthProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrokeWidth));
+		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
 	}

 	@Override
@@ -154,46 +158,8 @@ public class ChangePasswordController extends LocalizedFXMLViewController {
 	// ****************************************

 	private void checkPasswordStrength(String password) {
-		int strengthPercentage = 0;
-		if (StringUtils.isEmpty(password)) {
-			changeProgressBarAspect(0f, 0f, Color.web("#FF0000"));
-			passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : " + strengthPercentage + "%");
-		} else {
-			Color color = Color.web("#FF0000");
-			Strength strength = zxcvbn.measure(password, sanitizedInputs);
-			switch (strength.getScore()) {
-				case 0:
-					strengthPercentage = 20;
-					break;
-				case 1:
-					strengthPercentage = 40;
-					color = Color.web("#FF8000");
-					break;
-				case 2:
-					strengthPercentage = 60;
-					color = Color.web("#FFBF00");
-					break;
-				case 3:
-					strengthPercentage = 80;
-					color = Color.web("#FFFF00");
-					break;
-				case 4:
-					strengthPercentage = 100;
-					color = Color.web("#BFFF00");
-					break;
-			}
-
-			passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : " + strengthPercentage + "%");
-			changeProgressBarAspect(0.5f, strengthPercentage * 2.23f, color); // 2.23f is the factor used to get the width to fit the window
-		}
+		passwordStrength.set(strengthRater.computeRate(password));
 	}
-
-	private void changeProgressBarAspect(float strokeWidth, float length, Color color) {
-		passwordStrengthShape.setFill(color);
-		passwordStrengthShape.setStrokeWidth(strokeWidth);
-		passwordStrengthShape.setWidth(length);
-	}
-
 	/* Getter/Setter */

 	public ChangePasswordListener getListener() {
--- a/main/ui/src/main/java/org/cryptomator/ui/controllers/InitializeController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controllers/InitializeController.java
@@ -5,13 +5,13 @@
 *
 * Contributors:
 *     Sebastian Stenzel - initial API and implementation
+ *     Jean-Noël Charon - password strength meter
 ******************************************************************************/
 package org.cryptomator.ui.controllers;

 import javafx.application.Platform;
 import javafx.beans.binding.BooleanBinding;
-import javafx.beans.property.ObjectProperty;
-import javafx.beans.property.SimpleObjectProperty;
+import javafx.beans.property.*;
 import javafx.event.ActionEvent;
 import javafx.fxml.FXML;
 import javafx.scene.control.Button;
@@ -22,6 +22,8 @@ import org.apache.commons.lang3.StringUtils;
 import org.cryptomator.ui.controls.SecPasswordField;
 import org.cryptomator.ui.model.Vault;
 import org.cryptomator.ui.settings.Localization;
+import org.cryptomator.ui.util.PasswordStrengthUtil;
+import org.fxmisc.easybind.EasyBind;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -44,14 +46,16 @@ public class InitializeController extends LocalizedFXMLViewController {

 	final ObjectProperty<Vault> vault = new SimpleObjectProperty<>();
 	private Optional<InitializationListener> listener = Optional.empty();
-	private Zxcvbn zxcvbn = new Zxcvbn();
-	private List<String> sanitizedInputs = new ArrayList();
+	final IntegerProperty passwordStrength = new SimpleIntegerProperty(); // 0-4

 	@Inject
 	public InitializeController(Localization localization) {
 		super(localization);
 	}

+	@Inject
+	PasswordStrengthUtil strengthRater;
+
 	@FXML
 	private SecPasswordField passwordField;

@@ -75,17 +79,14 @@ public class InitializeController extends LocalizedFXMLViewController {
 		BooleanBinding passwordIsEmpty = passwordField.textProperty().isEmpty();
 		BooleanBinding passwordsDiffer = passwordField.textProperty().isNotEqualTo(retypePasswordField.textProperty());
 		okButton.disableProperty().bind(passwordIsEmpty.or(passwordsDiffer));
-		passwordField.textProperty().addListener((observable, oldValue, newValue) -> {
-			checkPasswordStrength(newValue);
-		});
+		EasyBind.subscribe(passwordField.textProperty(), this::checkPasswordStrength);

-		// default password strength bar visual properties
-		passwordStrengthShape.setStroke(Color.GRAY);
-		changeProgressBarAspect(0f, 0f, Color.web("#FF0000"));
-		passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : 0%");
+		strengthRater.setLocalization(localization);

-		// preparing inputs for the password strength checker
-		sanitizedInputs.add("cryptomator");
+		passwordStrengthShape.widthProperty().bind(EasyBind.map(passwordStrength, strengthRater::getWidth));
+		passwordStrengthShape.fillProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthColor));
+		passwordStrengthShape.strokeWidthProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrokeWidth));
+		passwordStrengthLabel.textProperty().bind(EasyBind.map(passwordStrength, strengthRater::getStrengthDescription));
 	}

 	@Override
@@ -127,44 +128,7 @@ public class InitializeController extends LocalizedFXMLViewController {
 	/* Methods */

 	private void checkPasswordStrength(String password) {
-		int strengthPercentage = 0;
-		if (StringUtils.isEmpty(password)) {
-			changeProgressBarAspect(0f, 0f, Color.web("#FF0000"));
-			passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : " + strengthPercentage + "%");
-		} else {
-			Color color = Color.web("#FF0000");
-			Strength strength = zxcvbn.measure(password, sanitizedInputs);
-			switch (strength.getScore()) {
-				case 0:
-					strengthPercentage = 20;
-					break;
-				case 1:
-					strengthPercentage = 40;
-					color = Color.web("#FF8000");
-					break;
-				case 2:
-					strengthPercentage = 60;
-					color = Color.web("#FFBF00");
-					break;
-				case 3:
-					strengthPercentage = 80;
-					color = Color.web("#FFFF00");
-					break;
-				case 4:
-					strengthPercentage = 100;
-					color = Color.web("#BFFF00");
-					break;
-			}
-
-			passwordStrengthLabel.setText(localization.getString("initialize.messageLabel.passwordStrength") + " : " + strengthPercentage + "%");
-			changeProgressBarAspect(0.5f, strengthPercentage * 2.23f, color); // 2.23f is the factor used to get the width to fit the window
-		}
-	}
-
-	private void changeProgressBarAspect(float strokeWidth, float length, Color color) {
-		passwordStrengthShape.setFill(color);
-		passwordStrengthShape.setStrokeWidth(strokeWidth);
-		passwordStrengthShape.setWidth(length);
+		passwordStrength.set(strengthRater.computeRate(password));
 	}

 	/* callback */
--- a/main/ui/src/main/java/org/cryptomator/ui/controllers/WelcomeController.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/controllers/WelcomeController.java
@@ -154,6 +154,7 @@ public class WelcomeController extends LocalizedFXMLViewController {
 			Platform.runLater(() -> {
 				this.updateLink.setText(msg);
 				this.updateLink.setVisible(true);
+				this.updateLink.setDisable(false);
 			});
 		}
 	}
--- a/main/ui/src/main/java/org/cryptomator/ui/util/PasswordStrengthUtil.java
+++ b/main/ui/src/main/java/org/cryptomator/ui/util/PasswordStrengthUtil.java
@@ -0,0 +1,120 @@
+/*******************************************************************************
+ * Copyright (c) 2016 Sebastian Stenzel and others.
+ * This file is licensed under the terms of the MIT license.
+ * See the LICENSE.txt file for more info.
+ *
+ * Contributors:
+ *     Jean-Noël Charon - initial API and implementation
+ *******************************************************************************/
+package org.cryptomator.ui.util;
+
+import com.nulabinc.zxcvbn.Zxcvbn;
+import javafx.beans.property.IntegerProperty;
+import javafx.scene.paint.Color;
+import org.apache.commons.lang3.StringUtils;
+import org.cryptomator.ui.settings.Localization;
+
+import javax.inject.Inject;
+import javax.inject.Singleton;
+import java.util.ArrayList;
+import java.util.List;
+
+@Singleton
+public class PasswordStrengthUtil {
+
+    private Zxcvbn zxcvbn = new Zxcvbn();
+    private List<String> sanitizedInputs = new ArrayList<>();
+    private Localization localization;
+
+    @Inject
+    public PasswordStrengthUtil(){
+        // preparing inputs for the password strength checker
+        sanitizedInputs.add("cryptomator");
+    }
+
+    public int computeRate(String password) {
+        if (StringUtils.isEmpty(password)) {
+            return -1;
+        } else {
+            return zxcvbn.measure(password, sanitizedInputs).getScore();
+        }
+    }
+
+    public Color getStrengthColor(Number score) {
+        Color strengthColor = Color.web("#FF0000");
+        switch (score.intValue()) {
+            case 0:
+                strengthColor = Color.web("#FF0000");
+                break;
+            case 1:
+                strengthColor = Color.web("#FF8000");
+                break;
+            case 2:
+                strengthColor = Color.web("#FFBF00");
+                break;
+            case 3:
+                strengthColor = Color.web("#FFFF00");
+                break;
+            case 4:
+                strengthColor = Color.web("#BFFF00");
+                break;
+            default:
+                strengthColor = Color.web("#FF0000");
+                break;
+        }
+        return strengthColor;
+    }
+
+    public int getWidth(Number score) {
+        int width = 0;
+        switch (score.intValue()) {
+            case 0:
+                width += 5;
+                break;
+            case 1:
+                width += 25;
+                break;
+            case 2:
+                width += 50;
+                break;
+            case 3:
+                width += 75;
+                break;
+            case 4:
+                width = 100;
+                break;
+            default:
+                width = 0;
+                break;
+        }
+        return Math.round(width*2.23f);
+    }
+
+    public float getStrokeWidth(Number score) {
+        if (score.intValue() >= 0) {
+            return 0.5f;
+        } else {
+            return 0;
+        }
+    }
+
+    public String getStrengthDescription(Number score) {
+        if (score.intValue() >= 0) {
+            return String.format(localization.getString("initialize.messageLabel.passwordStrength"),
+                    localization.getString("initialize.messageLabel.passwordStrength." + score.intValue()));
+        } else {
+            return "";
+        }
+    }
+
+    /* Getter / Setter */
+
+    public Localization getLocalization() {
+        return localization;
+    }
+
+    public void setLocalization(Localization localization) {
+        this.localization = localization;
+    }
+
+}
--- a/main/ui/src/main/resources/fxml/change_password.fxml
+++ b/main/ui/src/main/resources/fxml/change_password.fxml
@@ -6,6 +6,7 @@
  
  Contributors:
      Sebastian Stenzel - initial API and implementation
+      Jean-Noël Charon - password strength meter
 -->
 <?import java.net.URL?>
 <?import java.lang.String?>
@@ -50,7 +51,7 @@
 		<Label fx:id="passwordStrengthLabel" cache="true" cacheShape="true" text="" GridPane.columnIndex="1" GridPane.rowIndex="3" />

 		<!-- Row 4 -->
-		<Rectangle fx:id="passwordStrengthShape" width="0" height="15" GridPane.columnIndex="1" GridPane.rowIndex="4" />
+		<Rectangle fx:id="passwordStrengthShape" width="0" height="15" GridPane.columnIndex="1" GridPane.rowIndex="3" fill="#FF0000" stroke="grey" strokeWidth="0" />

 		<!-- Row 5 -->
 		<Button fx:id="changePasswordButton" text="%changePassword.button.change" defaultButton="true" GridPane.rowIndex="5" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" prefWidth="150.0" onAction="#didClickChangePasswordButton" disable="true" cacheShape="true" cache="true"/>
--- a/main/ui/src/main/resources/fxml/initialize.fxml
+++ b/main/ui/src/main/resources/fxml/initialize.fxml
@@ -7,6 +7,7 @@
  
  Contributors:
      Sebastian Stenzel - initial API and implementation
+      Jean-Noël Charon - password strength meter
 -->

 <?import java.lang.*?>
@@ -45,7 +46,7 @@
 		<Label fx:id="passwordStrengthLabel" cache="true" cacheShape="true" text="" GridPane.columnIndex="1" GridPane.rowIndex="2" />

 		<!-- Row 2 -->
-		<Rectangle fx:id="passwordStrengthShape" width="0" height="15" GridPane.columnIndex="1" GridPane.rowIndex="3" />
+		<Rectangle fx:id="passwordStrengthShape" width="0" height="15" GridPane.columnIndex="1" GridPane.rowIndex="3" fill="#FF0000" stroke="grey" strokeWidth="0" />

 		<!-- Row 3 -->
 		<Button fx:id="okButton" cache="true" cacheShape="true" defaultButton="true" disable="true" focusTraversable="false" onAction="#initializeVault" prefWidth="150.0" text="%initialize.button.ok" GridPane.columnIndex="0" GridPane.columnSpan="2" GridPane.halignment="RIGHT" GridPane.rowIndex="4" />
--- a/main/ui/src/main/resources/fxml/welcome.fxml
+++ b/main/ui/src/main/resources/fxml/welcome.fxml
@@ -25,7 +25,7 @@
 			<Label fx:id="checkForUpdatesStatus" cacheShape="true" cache="true" />
 			<ProgressIndicator fx:id="checkForUpdatesIndicator" progress="-1" prefWidth="15.0" prefHeight="15.0" cacheShape="true" cache="true" cacheHint="SPEED" />
 		</HBox>
-		<Hyperlink alignment="CENTER" fx:id="updateLink" onAction="#didClickUpdateLink" cacheShape="true" cache="true" />
+		<Hyperlink alignment="CENTER" fx:id="updateLink" onAction="#didClickUpdateLink" cacheShape="true" cache="true" disable="true" />
 	</VBox>
 	
 	<ImageView fitHeight="200.0" preserveRatio="true" smooth="false" cache="true" style="-fx-background-color: green;">
--- a/main/ui/src/main/resources/localization.properties
+++ b/main/ui/src/main/resources/localization.properties
@@ -24,7 +24,12 @@ initialize.label.retypePassword=Retype password
 initialize.button.ok=Create vault
 initialize.messageLabel.alreadyInitialized=Vault already initialized
 initialize.messageLabel.initializationFailed=Could not initialize vault. See logfile for details.
-initialize.messageLabel.passwordStrength=Password Strength
+initialize.messageLabel.passwordStrength=Password Strength: %s
+initialize.messageLabel.passwordStrength.0=Weak
+initialize.messageLabel.passwordStrength.1=Fair
+initialize.messageLabel.passwordStrength.2=Good
+initialize.messageLabel.passwordStrength.3=Strong
+initialize.messageLabel.passwordStrength.4=Very strong

 # notfound.fxml
 notfound.label=Vault couldn't be found. Has it been moved?