server/util/Seeder/Data/Static/Passwords.cs

using Bit.Seeder.Data.Distributions;
using Bit.Seeder.Data.Enums;

namespace Bit.Seeder.Data.Static;

/// <summary>
/// Password collections by zxcvbn strength level (0-4) for realistic test data.
/// </summary>
internal static class Passwords
{
    /// <summary>
    /// Score 0 - Too guessable: keyboard walks, simple sequences, single words.
    /// </summary>
    internal static readonly string[] VeryWeak =
    [
        "password",
        "123456",
        "qwerty",
        "abc123",
        "letmein",
        "admin",
        "welcome",
        "monkey",
        "dragon",
        "master",
        "111111",
        "baseball",
        "iloveyou",
        "trustno1",
        "sunshine",
        "princess",
        "football",
        "shadow",
        "superman",
        "michael",
        "password1",
        "123456789",
        "12345678",
        "1234567",
        "12345",
        "qwerty123",
        "1q2w3e4r",
        "123123",
        "000000",
        "654321"
    ];

    /// <summary>
    /// Score 1 - Very guessable: common patterns with minor complexity.
    /// </summary>
    internal static readonly string[] Weak =
    [
        "Password1",
        "Qwerty123",
        "Welcome1",
        "Admin123",
        "Letmein1",
        "Dragon123",
        "Master123",
        "Shadow123",
        "Michael1",
        "Jennifer1",
        "abc123!",
        "pass123!",
        "test1234",
        "hello123",
        "love1234",
        "money123",
        "secret1",
        "access1",
        "login123",
        "super123",
        "changeme",
        "temp1234",
        "guest123",
        "user1234",
        "pass1234",
        "default1",
        "sample12",
        "demo1234",
        "trial123",
        "secure1"
    ];

    /// <summary>
    /// Score 2 - Somewhat guessable: meets basic complexity but predictable patterns.
    /// </summary>
    internal static readonly string[] Fair =
    [
        "Summer2024!",
        "Winter2023#",
        "Spring2024@",
        "Autumn2023$",
        "January2024!",
        "Welcome123!",
        "Company2024#",
        "Secure123!",
        "Access2024@",
        "Login2024!",
        "Michael123!",
        "Jennifer2024@",
        "Robert456#",
        "Sarah789!",
        "David2024!",
        "Password123!",
        "Security2024@",
        "Admin2024!",
        "User2024#",
        "Guest123!",
        "Football123!",
        "Baseball2024@",
        "Soccer456#",
        "Hockey789!",
        "Tennis2024!",
        "NewYork2024!",
        "Chicago123@",
        "Boston2024#",
        "Seattle789!",
        "Denver2024$"
    ];

    /// <summary>
    /// Score 3 - Safely unguessable: good entropy, mixed character types.
    /// </summary>
    internal static readonly string[] Strong =
    [
        "k#9Lm$vQ2@xR7nP!",
        "Yx8&mK3$pL5#wQ9@",
        "Nv4%jH7!bT2@sF6#",
        "Rm9#cX5$gW1@zK8!",
        "Qp3@hY6#nL9$tB2!",
        "Wz7!mF4@kS8#xC1$",
        "Jd2#pR9!vN5@bG7$",
        "Ht6@wL3#yK8!mQ4$",
        "Bf8$cM2@zT5#rX9!",
        "Lg1!nV7@sH4#pY6$",
        "Xk5#tW8@jR2$mN9!",
        "Cv3@yB6#pF1$qL4!",
        "correct-horse-battery",
        "purple-monkey-dishwasher",
        "quantum-bicycle-elephant",
        "velvet-thunder-crystal",
        "neon-wizard-cosmic",
        "amber-phoenix-digital",
        "Brave.Tiger.Runs.42",
        "Blue.Ocean.Deep.17",
        "Swift.Eagle.Soars.93",
        "maple#stream#winter",
        "ember@cloud@silent",
        "frost$dawn$valley"
    ];

    /// <summary>
    /// Score 4 - Very unguessable: high entropy, long passphrases, random strings.
    /// </summary>
    internal static readonly string[] VeryStrong =
    [
        "Kx9#mL4$pQ7@wR2!vN5hT8",
        "Yz3@hT8#bF1$cS6!nM9wK4",
        "Wv5!rK2@jG9#tX4$mL7nB3",
        "Qn7$sB3@yH6#pC1!zF8kW2",
        "Tm2@xD5#kW9$vL4!rJ7gN1",
        "Pf4!nC8@bR3#yL6$hS9mV2",
        "correct-horse-battery-staple",
        "purple-monkey-dishwasher-lamp",
        "quantum-bicycle-elephant-storm",
        "velvet-thunder-crystal-forge",
        "neon-wizard-cosmic-river",
        "amber-phoenix-digital-maze",
        "silver-falcon-ancient-code",
        "lunar-garden-frozen-spark",
        "echo-prism-wandering-light",
        "Brave.Tiger.Runs.Fast.42!",
        "Blue.Ocean.Deep.Wave.17@",
        "Swift.Eagle.Soars.High.93#",
        "maple#stream#winter#glow#dawn",
        "ember@cloud@silent@peak@mist",
        "frost$dawn$valley$mist$glow",
        "7hK$mN2@pL9#xR4!wQ8vB5&jF",
        "3yT@nC7#bS1$kW6!mH9rL2%xD",
        "9pF!vK4@jR8#tN3$yB7mL1&wS"
    ];

    /// <summary>All passwords combined for mixed/random selection.</summary>
    internal static readonly string[] All = [.. VeryWeak, .. Weak, .. Fair, .. Strong, .. VeryStrong];

    internal static string[] GetByStrength(PasswordStrength strength) => strength switch
    {
        PasswordStrength.VeryWeak => VeryWeak,
        PasswordStrength.Weak => Weak,
        PasswordStrength.Fair => Fair,
        PasswordStrength.Strong => Strong,
        PasswordStrength.VeryStrong => VeryStrong,
        _ => Strong
    };

    /// <summary>
    /// Gets a password using the provided distribution to select strength.
    /// </summary>
    internal static string GetPassword(int index, int total, Distribution<PasswordStrength> distribution)
    {
        var strength = distribution.Select(index, total);
        var passwords = GetByStrength(strength);
        return passwords[index % passwords.Length];
    }
}