Master password security checks - web (#4799)

* [SG-571][SG-572][SG-573][SG-574] Master password change (web vault) (#4635) * SG-571 Add option to check master password breach * SG-571 Fix lint errors * SG-572 SG-573 SG-574 Add logic for leaked password * SG-571 Show error when new password equals hint * SG-571 Minor changes * SG-571 Undo changes * [SG-457][SG-553][SG-554][SG-555][SG-761] Master password security update - account creation (web) (#4672) * SG-571 Add option to check master password breach * SG-571 Fix lint errors * SG-572 SG-573 SG-574 Add logic for leaked password * SG-571 Show error when new password equals hint * SG-571 Minor changes * SG-761 Improve copy on master password * SG-571 Undo changes * SG-457 Add option to check for password leak * SG-457 Updated master password hint copy * SG-457 Hide minimum char message when joining org * SG-457 Added missing changes from last commit * SG-457 Fixed minimum length * SG-457 Updated message with dynamic minimum length * SG-457 Set checkForBreaches to true by default
2025-12-13 06:43:35 +00:00 · 2023-02-23 15:15:45 +00:00
parent 80c2f20f58
commit 30a66a9f65
6 changed files with 139 additions and 20 deletions
--- a/libs/angular/src/auth/components/change-password.component.ts
+++ b/libs/angular/src/auth/components/change-password.component.ts
@@ -26,6 +26,8 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
  passwordStrengthResult: any;
  color: string;
  text: string;
+  leakedPassword: boolean;
+  minimumLength = Utils.minimumPasswordLength;

  protected email: string;
  protected kdf: KdfType;
@@ -117,11 +119,11 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
      );
      return false;
    }
-    if (this.masterPassword.length < 8) {
+    if (this.masterPassword.length < this.minimumLength) {
      this.platformUtilsService.showToast(
        "error",
        this.i18nService.t("errorOccurred"),
-        this.i18nService.t("masterPasswordMinlength", Utils.minimumPasswordLength)
+        this.i18nService.t("masterPasswordMinimumlength", this.minimumLength)
      );
      return false;
    }
@@ -152,7 +154,21 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
      return false;
    }

-    if (strengthResult != null && strengthResult.score < 3) {
+    const weakPassword = strengthResult != null && strengthResult.score < 3;
+
+    if (weakPassword && this.leakedPassword) {
+      const result = await this.platformUtilsService.showDialog(
+        this.i18nService.t("weakAndBreachedMasterPasswordDesc"),
+        this.i18nService.t("weakAndExposedMasterPassword"),
+        this.i18nService.t("yes"),
+        this.i18nService.t("no"),
+        "warning"
+      );
+      if (!result) {
+        return false;
+      }
+    }
+    if (weakPassword) {
      const result = await this.platformUtilsService.showDialog(
        this.i18nService.t("weakMasterPasswordDesc"),
        this.i18nService.t("weakMasterPassword"),
@@ -164,7 +180,18 @@ export class ChangePasswordComponent implements OnInit, OnDestroy {
        return false;
      }
    }
-
+    if (this.leakedPassword) {
+      const result = await this.platformUtilsService.showDialog(
+        this.i18nService.t("exposedMasterPasswordDesc"),
+        this.i18nService.t("exposedMasterPassword"),
+        this.i18nService.t("yes"),
+        this.i18nService.t("no"),
+        "warning"
+      );
+      if (!result) {
+        return false;
+      }
+    }
    return true;
  }