summary refs log tree commit diff
path: root/api/src/util/utility/passwordStrength.ts
diff options
context:
space:
mode:
authorErkin Alp Güney <erkinalp9035@gmail.com>2022-04-09 21:45:45 +0300
committerGitHub <noreply@github.com>2022-04-09 21:45:45 +0300
commit662026507752095417c4d122615a1aab8f52f68d (patch)
tree3e22c1b7b27d32fe72d0cd12600ab5937c36306e /api/src/util/utility/passwordStrength.ts
parentbug fix (diff)
downloadserver-662026507752095417c4d122615a1aab8f52f68d.tar.xz
add an elegant entropy check
Diffstat (limited to '')
-rw-r--r--api/src/util/utility/passwordStrength.ts21
1 files changed, 16 insertions, 5 deletions
diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts
index 047df008..81ac2559 100644
--- a/api/src/util/utility/passwordStrength.ts
+++ b/api/src/util/utility/passwordStrength.ts
@@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored
  *  - min <n> numbers
  *  - min <n> symbols
  *  - min <n> uppercase chars
+ *  - shannon entropy divided by password entropy
  *
  * Returns: 0 > pw > 1
  */
@@ -22,28 +23,38 @@ export function checkPassword(password: string): number {
 
 	// checks for total password len
 	if (password.length >= minLength - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of Numbers
 	if (password.count(reNUMBER) >= minNumbers - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of Uppercase Letters
 	if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks for amount of symbols
 	if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) {
-		strength += 0.25;
+		strength += 0.05;
 	}
 
 	// checks if password only consists of numbers or only consists of chars
 	if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) {
 		strength = 0;
 	}
-
+	
+	var entropyMap;
+	for (let i = 0; i < password.length; i++) {
+		if (entropyMap[password[i]]) entropyMap[password[i]]++;
+		else entropyMap[password[i]] = 1;
+	}
+	
+	let entropies = Array(entropyMap);
+		
+	entropies.map(x => (x / entropyMap.length));
+	strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length);	
 	return strength;
 }