From 4f3a150074f79a6a93c53bcf4bad765e169b7741 Mon Sep 17 00:00:00 2001
From: Derek Ho <dxho@amazon.com>
Date: Tue, 30 Apr 2024 16:58:40 -0400
Subject: [PATCH] Create a password strength UI for security dashboards plugin
 (#1762)

* Initial password strength bar

Signed-off-by: Derek Ho <dxho@amazon.com>

* save resolution

Signed-off-by: Derek Ho <dxho@amazon.com>

* make the bar look nice

Signed-off-by: Derek Ho <dxho@amazon.com>

* Updates according to UX

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add yarn.lock

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add step to install dependencies prior to building

Signed-off-by: Derek Ho <dxho@amazon.com>

* Lint

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add tests

Signed-off-by: Derek Ho <dxho@amazon.com>

* Lint fix

Signed-off-by: Derek Ho <dxho@amazon.com>

* Add it for the self reset panel and fix spacing

Signed-off-by: Derek Ho <dxho@amazon.com>

* Lint

Signed-off-by: Derek Ho <dxho@amazon.com>

* Remove warning

Signed-off-by: Derek Ho <dxho@amazon.com>

* Update the color and padding

Signed-off-by: Derek Ho <dxho@amazon.com>

---------

Signed-off-by: Derek Ho <dxho@amazon.com>
---
 package.json                                  |  3 +-
 public/apps/account/password-reset-panel.tsx  | 42 ++++++----
 .../utils/password-edit-panel.tsx             | 26 +++---
 .../utils/password-strength-bar.tsx           | 78 ++++++++++++++++++
 .../password-strength-bar.test.tsx.snap       | 31 ++++++++
 .../utils/test/password-strength-bar.test.tsx | 79 +++++++++++++++++++
 yarn.lock                                     |  5 ++
 7 files changed, 239 insertions(+), 25 deletions(-)
 create mode 100644 public/apps/configuration/utils/password-strength-bar.tsx
 create mode 100644 public/apps/configuration/utils/test/__snapshots__/password-strength-bar.test.tsx.snap
 create mode 100644 public/apps/configuration/utils/test/password-strength-bar.test.tsx

diff --git a/package.json b/package.json
index a886c2939..944c3f426 100644
--- a/package.json
+++ b/package.json
@@ -42,7 +42,8 @@
   "dependencies": {
     "@hapi/cryptiles": "5.0.0",
     "@hapi/wreck": "^17.1.0",
-    "html-entities": "1.3.1"
+    "html-entities": "1.3.1",
+    "zxcvbn": "^4.4.2"
   },
   "resolutions": {
     "selenium-webdriver": "4.10.0",
diff --git a/public/apps/account/password-reset-panel.tsx b/public/apps/account/password-reset-panel.tsx
index 97d45400e..703d617e9 100644
--- a/public/apps/account/password-reset-panel.tsx
+++ b/public/apps/account/password-reset-panel.tsx
@@ -19,6 +19,9 @@ import {
   EuiButtonEmpty,
   EuiCallOut,
   EuiFieldPassword,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFormRow,
   EuiModal,
   EuiModalBody,
   EuiModalFooter,
@@ -33,6 +36,7 @@ import { PASSWORD_INSTRUCTION } from '../apps-constants';
 import { constructErrorMessageAndLog } from '../error-utils';
 import { validateCurrentPassword } from '../../utils/login-utils';
 import { getDashboardsInfo } from '../../utils/dashboards-info-utils';
+import { PasswordStrengthBar } from '../configuration/utils/password-strength-bar';
 
 interface PasswordResetPanelProps {
   coreStart: CoreStart;
@@ -121,22 +125,30 @@ export function PasswordResetPanel(props: PasswordResetPanelProps) {
               isInvalid={isCurrentPasswordInvalid}
             />
           </FormRow>
+          <EuiSpacer />
 
-          <FormRow
-            headerText="New password"
-            helpText={passwordHelpText}
-            isInvalid={isNewPasswordInvalid}
-          >
-            <EuiFieldPassword
-              data-test-subj="new-password"
-              onChange={function (e: React.ChangeEvent<HTMLInputElement>) {
-                setNewPassword(e.target.value);
-                setIsNewPasswordInvalid(false);
-                setIsRepeatNewPasswordInvalid(repeatNewPassword !== newPassword);
-              }}
-              isInvalid={isNewPasswordInvalid}
-            />
-          </FormRow>
+          <EuiFlexGroup direction="row">
+            <EuiFlexItem grow={false}>
+              <FormRow
+                headerText="New password"
+                helpText={passwordHelpText}
+                isInvalid={isNewPasswordInvalid}
+              >
+                <EuiFieldPassword
+                  data-test-subj="new-password"
+                  onChange={function (e: React.ChangeEvent<HTMLInputElement>) {
+                    setNewPassword(e.target.value);
+                    setIsNewPasswordInvalid(false);
+                    setIsRepeatNewPasswordInvalid(repeatNewPassword !== newPassword);
+                  }}
+                  isInvalid={isNewPasswordInvalid}
+                />
+              </FormRow>
+              <EuiFormRow>
+                <PasswordStrengthBar password={newPassword} />
+              </EuiFormRow>
+            </EuiFlexItem>
+          </EuiFlexGroup>
 
           <FormRow
             headerText="Re-enter new password"
diff --git a/public/apps/configuration/utils/password-edit-panel.tsx b/public/apps/configuration/utils/password-edit-panel.tsx
index 0a52347ae..918d0e000 100644
--- a/public/apps/configuration/utils/password-edit-panel.tsx
+++ b/public/apps/configuration/utils/password-edit-panel.tsx
@@ -15,10 +15,11 @@
 
 import React from 'react';
 import { CoreStart } from 'opensearch-dashboards/public';
-import { EuiFieldText, EuiIcon } from '@elastic/eui';
+import { EuiFieldText, EuiFlexGroup, EuiFlexItem, EuiFormRow, EuiIcon } from '@elastic/eui';
 import { FormRow } from './form-row';
 import { PASSWORD_INSTRUCTION } from '../../apps-constants';
 import { getDashboardsInfo } from '../../../utils/dashboards-info-utils';
+import { PasswordStrengthBar } from './password-strength-bar';
 
 export function PasswordEditPanel(props: {
   coreStart: CoreStart;
@@ -61,14 +62,21 @@ export function PasswordEditPanel(props: {
 
   return (
     <>
-      <FormRow headerText="Password" helpText={passwordHelpText}>
-        <EuiFieldText
-          data-test-subj="password"
-          prepend={<EuiIcon type="lock" />}
-          type="password"
-          onChange={passwordChangeHandler}
-        />
-      </FormRow>
+      <EuiFlexGroup direction="row">
+        <EuiFlexItem grow={false}>
+          <FormRow headerText="Password" helpText={passwordHelpText}>
+            <EuiFieldText
+              data-test-subj="password"
+              prepend={<EuiIcon type="lock" />}
+              type="password"
+              onChange={passwordChangeHandler}
+            />
+          </FormRow>
+          <EuiFormRow>
+            <PasswordStrengthBar password={password} />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGroup>
 
       <FormRow
         headerText="Re-enter password"
diff --git a/public/apps/configuration/utils/password-strength-bar.tsx b/public/apps/configuration/utils/password-strength-bar.tsx
new file mode 100644
index 000000000..58eb6755f
--- /dev/null
+++ b/public/apps/configuration/utils/password-strength-bar.tsx
@@ -0,0 +1,78 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { EuiFlexGroup, EuiFlexItem, EuiProgress, EuiSpacer, EuiText } from '@elastic/eui';
+import React from 'react';
+import zxcvbn from 'zxcvbn';
+
+interface PasswordStrengthBarProps {
+  password: string;
+}
+
+export const PasswordStrengthBar = (props: PasswordStrengthBarProps) => {
+  const { password } = props;
+  const passwordStrength = zxcvbn(password);
+  const strength = passwordStrength.score;
+  let message;
+  let color;
+  switch (strength) {
+    case 0:
+      message = 'Very weak';
+      color = 'danger';
+      break;
+    case 1:
+      message = 'Weak';
+      color = 'danger';
+      break;
+    case 2:
+      message = 'Ok';
+      color = 'warning';
+      break;
+    case 3:
+      message = 'Strong';
+      color = 'success';
+      break;
+    case 4:
+      message = 'Very strong';
+      color = 'success';
+      break;
+  }
+
+  return (
+    password && (
+      <EuiFlexGroup direction="column" gutterSize="xs">
+        <EuiFlexItem>
+          <EuiProgress
+            value={strength}
+            max={4}
+            size="m"
+            color={color}
+            valueText={message}
+            label={'Password strength'}
+            data-test-subj="password-strength-progress"
+          />
+        </EuiFlexItem>
+        {passwordStrength.feedback.suggestions && (
+          <EuiFlexItem>
+            <EuiText size="xs" data-test-subj="password-strength-feedback-suggestions">
+              {passwordStrength.feedback.suggestions}
+            </EuiText>
+          </EuiFlexItem>
+        )}
+        <EuiSpacer size="s" />
+      </EuiFlexGroup>
+    )
+  );
+};
diff --git a/public/apps/configuration/utils/test/__snapshots__/password-strength-bar.test.tsx.snap b/public/apps/configuration/utils/test/__snapshots__/password-strength-bar.test.tsx.snap
new file mode 100644
index 000000000..6644cc5fe
--- /dev/null
+++ b/public/apps/configuration/utils/test/__snapshots__/password-strength-bar.test.tsx.snap
@@ -0,0 +1,31 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Password strength bar tests renders 1`] = `
+<EuiFlexGroup
+  direction="column"
+  gutterSize="xs"
+>
+  <EuiFlexItem>
+    <EuiProgress
+      color="danger"
+      data-test-subj="password-strength-progress"
+      label="Password strength"
+      max={4}
+      size="m"
+      value={0}
+      valueText="Very weak"
+    />
+  </EuiFlexItem>
+  <EuiFlexItem>
+    <EuiText
+      data-test-subj="password-strength-feedback-suggestions"
+      size="xs"
+    >
+      Add another word or two. Uncommon words are better.
+    </EuiText>
+  </EuiFlexItem>
+  <EuiSpacer
+    size="s"
+  />
+</EuiFlexGroup>
+`;
diff --git a/public/apps/configuration/utils/test/password-strength-bar.test.tsx b/public/apps/configuration/utils/test/password-strength-bar.test.tsx
new file mode 100644
index 000000000..30fd37b9f
--- /dev/null
+++ b/public/apps/configuration/utils/test/password-strength-bar.test.tsx
@@ -0,0 +1,79 @@
+/*
+ *   Copyright OpenSearch Contributors
+ *
+ *   Licensed under the Apache License, Version 2.0 (the "License").
+ *   You may not use this file except in compliance with the License.
+ *   A copy of the License is located at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *   or in the "license" file accompanying this file. This file is distributed
+ *   on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ *   express or implied. See the License for the specific language governing
+ *   permissions and limitations under the License.
+ */
+
+import { render, shallow } from 'enzyme';
+import React from 'react';
+import { PasswordStrengthBar } from '../password-strength-bar';
+
+describe('Password strength bar tests', () => {
+  afterEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('renders', () => {
+    const component = shallow(<PasswordStrengthBar password="test" />);
+    expect(component).toMatchSnapshot();
+  });
+
+  it('verifies feedback, warning for very weak password', () => {
+    const component = render(<PasswordStrengthBar password="test" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('0'); // test is considered very weak
+  });
+
+  it('verifies feedback, warning for weak password', () => {
+    const component = render(<PasswordStrengthBar password="test12" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('1'); // test12 is considered weak
+  });
+
+  it('verifies feedback, warning for an ok password', () => {
+    const component = render(<PasswordStrengthBar password="test124My" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('Add another word or two. Uncommon words are better.');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('2'); // test124My is considered ok
+  });
+
+  it('verifies feedback, warning for a strong password', () => {
+    const component = render(<PasswordStrengthBar password="test124MyTable" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('3'); // test124MyTable is considered strong
+  });
+
+  it('verifies feedback, warning for very strong password', () => {
+    const component = render(<PasswordStrengthBar password="myStrongPassword123!" />);
+
+    const suggestions = component.find('[data-test-subj="password-strength-feedback-suggestions"]');
+    expect(suggestions.text()).toBe('');
+
+    const score = component.find('[data-test-subj="password-strength-progress"]');
+    expect(score.prop('value')).toBe('4'); // myStrongPassword123! is considered very strong
+  });
+});
diff --git a/yarn.lock b/yarn.lock
index 5650f081a..56cd2a0fa 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -5161,3 +5161,8 @@ yauzl@^2.10.0:
   dependencies:
     buffer-crc32 "~0.2.3"
     fd-slicer "~1.1.0"
+
+zxcvbn@^4.4.2:
+  version "4.4.2"
+  resolved "https://registry.yarnpkg.com/zxcvbn/-/zxcvbn-4.4.2.tgz#28ec17cf09743edcab056ddd8b1b06262cc73c30"
+  integrity sha512-Bq0B+ixT/DMyG8kgX2xWcI5jUvCwqrMxSFam7m0lAf78nf04hv6lNCsyLYdyYTrCVMqNDY/206K7eExYCeSyUQ==