Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Outreachy Task Submission] Prevent Weak Passwords from Creating Accounts #990

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

[Outreachy Task Submission] Prevent Weak Passwords from Creating Accounts #990

wants to merge 1 commit into from

Conversation

Chiemezuo
Copy link
Contributor

Introduction

This fixes #4908. It prevents weak passwords (despite achieving minimum length requirements) from being able to create accounts. It does this by disabling the signup button.

How to Test this PR

  1. Open the Ushahidi platform (either via a deployment or Localhost)
  2. Click on Login & Signup.
  3. Switch to the Signup view and fill in the form (except the password form).
  4. For the password, fill in something that only meets the minimum length constraints but ignores other constraints (for example "adminooo"). Note: you can copy and paste the example.
  5. You will notice that the password hint suggests that your password is very weak.
  6. Agree to the terms and conditions.
  7. You will notice that the Signup button is no longer disabled and can be clicked on.
  8. Checkout to this PR.
  9. Repeat steps 1-6.
  10. You will notice that the Signup button is still disabled and can't be clicked on.
  11. Try updating the password to meet another constraint such as adding a number. For example "adminooo1".
  12. You will notice that the Signup button is no longer disabled and can be clicked on.

@Chiemezuo
Copy link
Contributor Author

@Angamanga I'd like your thoughts on this.

ushahidlee
ushahidlee requested changes Apr 3, 2024
View reviewed changes
Copy link
Contributor

@ushahidlee ushahidlee left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Chiemezuo Thank you for contribution!

@Angamanga Initially this works, but once you have typed in a strong password you can then delete the characters back to anything above a length of 6 and the button is still enabled.

@Chiemezuo
Copy link
Contributor Author

@ushahidlee I just checked this, and it isn't the case with this PR.
I started with a password of admin (5 letters) and the button was disabled.
Then I changed to a password of adminooo (8 letters) and the button was disabled, because it still had only alphabets.
Afterwards, I changed the password to admin123 (8 letters with numbers) and the button was active.
Again, I deleted and changed it to admin000 (8 letters) again, and the button was disabled again.

I will try to show you a screen recording in the next comment.

@Chiemezuo
Copy link
Contributor Author

Here's the video @ushahidlee
https://github.com/ushahidi/platform-client-mzima/assets/29470516/28742ffb-c46a-4324-b758-b44aa1f7de57

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ushahidlee ushahidlee ushahidlee requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Outreachy Task Submission] Weak Passwords Creating Accounts
2 participants
@Chiemezuo @ushahidlee