Warn about insecure passwords (#2419)

* Add warnings about password security * Warn about weak steam passwords even if they are encrypted * Apply feedback * Apply feedback * Simplify code * Move return criteria up a bit for increased performance * Choose more fitting strings for localization * Extract const value * Fix incorrect null reference warning * Switch prefix operator for postfix one Co-authored-by: Łukasz Domeradzki <JustArchi@JustArchi.net> * Add tests * Disable CA1724 The type name Utilities conflicts in whole or in part with the namespace name 'Microsoft.VisualStudio.TestPlatform.Common.ExtensionFramework.Utilities'. * Tell users why their password is considered weak * Apply feedback * Merge resource comments * Misc. * Use library for password testing and Run testing in background * Clean up * OncSeparate forbidden phrases forfor IPC passwords (once again) * Additionally check encryption key * Add comment about {0} Co-authored-by: Łukasz Domeradzki <JustArchi@JustArchi.net>
2025-12-16 06:20:34 +00:00 · 2021-10-13 21:44:48 +02:00
parent 5af5e55cfe
commit be027523ac
9 changed files with 166 additions and 1 deletions
--- a/ArchiSteamFarm.Tests/Utilities.cs
+++ b/ArchiSteamFarm.Tests/Utilities.cs
@@ -0,0 +1,52 @@
+//     _                _      _  ____   _                           _____
+//    / \    _ __  ___ | |__  (_)/ ___| | |_  ___   __ _  _ __ ___  |  ___|__ _  _ __  _ __ ___
+//   / _ \  | '__|/ __|| '_ \ | |\___ \ | __|/ _ \ / _` || '_ ` _ \ | |_  / _` || '__|| '_ ` _ \
+//  / ___ \ | |  | (__ | | | || | ___) || |_|  __/| (_| || | | | | ||  _|| (_| || |   | | | | | |
+// /_/   \_\|_|   \___||_| |_||_||____/  \__|\___| \__,_||_| |_| |_||_|   \__,_||_|   |_| |_| |_|
+// |
+// Copyright 2015-2021 Łukasz "JustArchi" Domeradzki
+// Contact: JustArchi@JustArchi.net
+// |
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// |
+// http://www.apache.org/licenses/LICENSE-2.0
+// |
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+using System.Collections.Generic;
+using Microsoft.VisualStudio.TestTools.UnitTesting;
+using static ArchiSteamFarm.Core.Utilities;
+
+namespace ArchiSteamFarm.Tests {
+	[TestClass]
+#pragma warning disable CA1724
+	public sealed class Utilities {
+#pragma warning restore CA1724
+		[TestMethod]
+		public void LongPassphraseIsNotWeak() => Assert.IsFalse(TestPasswordStrength("10chars<!>asdf").IsWeak);
+
+		[TestMethod]
+		public void ShortPassphraseIsWeak() => Assert.IsTrue(TestPasswordStrength("four").IsWeak);
+
+		[TestMethod]
+		public void RepetitiveCharactersWeakenPassphrases() => Assert.IsTrue(TestPasswordStrength("testaaaatest").IsWeak);
+
+		[TestMethod]
+		public void SequentialCharactersWeakenPassphrases() => Assert.IsTrue(TestPasswordStrength("testabcdtest").IsWeak);
+
+		[TestMethod]
+		public void SequentialDescendingCharactersWeakenPassphrases() => Assert.IsTrue(TestPasswordStrength("testdcbatest").IsWeak);
+
+		[TestMethod]
+		public void ContextSpecificWordsWeakenPassphrases() => Assert.IsTrue(TestPasswordStrength("archisteamfarmpassword").IsWeak);
+
+		[TestMethod]
+		public void AdditionallyForbiddenWordsWeakenPassphrases() => Assert.IsTrue(TestPasswordStrength("10chars<!>asdf", new HashSet<string> { "chars<!>" }).IsWeak);
+	}
+}