From f2492ca574448fe4bd44604316da322720e70040 Mon Sep 17 00:00:00 2001
From: Daniel Girtler <blackrabbit256@gmail.com>
Date: Mon, 6 Jun 2022 21:04:50 +1000
Subject: Fix #1304 - Make password validation less intrusive (#1308)

* Make password validation less intrusive

* Update

Co-authored-by: Daniel Girtler <girtler.daniel@gmail.com>
---
 archinstall/lib/models/password_strength.py | 85 +++++++++++++++++++++++++++++
 archinstall/lib/models/users.py             |  7 ++-
 archinstall/lib/user_interaction/utils.py   | 32 +++--------
 3 files changed, 97 insertions(+), 27 deletions(-)
 create mode 100644 archinstall/lib/models/password_strength.py

(limited to 'archinstall/lib')

diff --git a/archinstall/lib/models/password_strength.py b/archinstall/lib/models/password_strength.py
new file mode 100644
index 00000000..61986bf0
--- /dev/null
+++ b/archinstall/lib/models/password_strength.py
@@ -0,0 +1,85 @@
+from enum import Enum
+
+
+class PasswordStrength(Enum):
+	VERY_WEAK = 'very weak'
+	WEAK = 'weak'
+	MODERATE = 'moderate'
+	STRONG = 'strong'
+
+	@property
+	def value(self):
+		match self:
+			case PasswordStrength.VERY_WEAK: return str(_('very weak'))
+			case PasswordStrength.WEAK: return str(_('weak'))
+			case PasswordStrength.MODERATE: return str(_('moderate'))
+			case PasswordStrength.STRONG: return str(_('strong'))
+
+	def color(self):
+		match self:
+			case PasswordStrength.VERY_WEAK: return 'red'
+			case PasswordStrength.WEAK: return 'red'
+			case PasswordStrength.MODERATE: return 'yellow'
+			case PasswordStrength.STRONG: return 'green'
+
+	@classmethod
+	def strength(cls, password: str) -> 'PasswordStrength':
+		digit = any(character.isdigit() for character in password)
+		upper = any(character.isupper() for character in password)
+		lower = any(character.islower() for character in password)
+		symbol = any(not character.isalnum() for character in password)
+		return cls._check_password_strength(digit, upper, lower, symbol, len(password))
+
+	@classmethod
+	def _check_password_strength(
+		cls,
+		digit: bool,
+		upper: bool,
+		lower: bool,
+		symbol: bool,
+		length: int
+	) -> 'PasswordStrength':
+		# suggested evaluation
+		# https://github.com/archlinux/archinstall/issues/1304#issuecomment-1146768163
+		if digit and upper and lower and symbol:
+			match length:
+				case num if 13 <= num:
+					return PasswordStrength.STRONG
+				case num if 11 <= num <= 12:
+					return PasswordStrength.MODERATE
+				case num if 7 <= num <= 10:
+					return PasswordStrength.WEAK
+				case num if num <= 6:
+					return PasswordStrength.VERY_WEAK
+		elif digit and upper and lower:
+			match length:
+				case num if 14 <= num:
+					return PasswordStrength.STRONG
+				case num if 11 <= num <= 13:
+					return PasswordStrength.MODERATE
+				case num if 7 <= num <= 10:
+					return PasswordStrength.WEAK
+				case num if num <= 6:
+					return PasswordStrength.VERY_WEAK
+		elif upper and lower:
+			match length:
+				case num if 15 <= num:
+					return PasswordStrength.STRONG
+				case num if 12 <= num <= 14:
+					return PasswordStrength.MODERATE
+				case num if 7 <= num <= 11:
+					return PasswordStrength.WEAK
+				case num if num <= 6:
+					return PasswordStrength.VERY_WEAK
+		elif lower or upper:
+			match length:
+				case num if 18 <= num:
+					return PasswordStrength.STRONG
+				case num if 14 <= num <= 17:
+					return PasswordStrength.MODERATE
+				case num if 9 <= num <= 13:
+					return PasswordStrength.WEAK
+				case num if num <= 8:
+					return PasswordStrength.VERY_WEAK
+
+		return PasswordStrength.VERY_WEAK
diff --git a/archinstall/lib/models/users.py b/archinstall/lib/models/users.py
index a3057291..f72cabde 100644
--- a/archinstall/lib/models/users.py
+++ b/archinstall/lib/models/users.py
@@ -1,6 +1,8 @@
 from dataclasses import dataclass
 from typing import Dict, List, Union, Any, TYPE_CHECKING
 
+from .password_strength import PasswordStrength
+
 if TYPE_CHECKING:
 	_: Any
 
@@ -25,8 +27,9 @@ class User:
 		}
 
 	def display(self) -> str:
-		password = '*' * len(self.password)
-		return f'{_("Username")}: {self.username:16} {_("Password")}: {password:16} sudo: {str(self.sudo)}'
+		strength = PasswordStrength.strength(self.password)
+		password = '*' * len(self.password) + f' ({strength.value})'
+		return f'{_("Username")}: {self.username:16} {_("Password")}: {password:20} sudo: {str(self.sudo)}'
 
 	@classmethod
 	def _parse(cls, config_users: List[Dict[str, Any]]) -> List['User']:
diff --git a/archinstall/lib/user_interaction/utils.py b/archinstall/lib/user_interaction/utils.py
index fa079bc2..7ee6fc07 100644
--- a/archinstall/lib/user_interaction/utils.py
+++ b/archinstall/lib/user_interaction/utils.py
@@ -7,6 +7,7 @@ import time
 from typing import Any, Optional, TYPE_CHECKING
 
 from ..menu import Menu
+from ..models.password_strength import PasswordStrength
 from ..output import log
 
 if TYPE_CHECKING:
@@ -16,42 +17,23 @@ if TYPE_CHECKING:
 SIG_TRIGGER = None
 
 
-def check_password_strong(passwd: str) -> bool:
-	symbol_count = 0
-	if any(character.isdigit() for character in passwd):
-		symbol_count += 10
-	if any(character.isupper() for character in passwd):
-		symbol_count += 26
-	if any(character.islower() for character in passwd):
-		symbol_count += 26
-	if any(not character.isalnum() for character in passwd):
-		symbol_count += 40
-
-	if symbol_count**len(passwd) < 10e20:
-		prompt = str(_("The password you are using seems to be weak, are you sure you want to use it?"))
-		choice = Menu(prompt, Menu.yes_no(), default_option=Menu.yes()).run()
-		return choice.value == Menu.yes()
-
-	return True
-
-
 def get_password(prompt: str = '') -> Optional[str]:
 	if not prompt:
 		prompt = _("Enter a password: ")
 
-	while passwd := getpass.getpass(prompt):
-		if len(passwd.strip()) <= 0:
+	while password := getpass.getpass(prompt):
+		if len(password.strip()) <= 0:
 			break
 
-		if not check_password_strong(passwd):
-			continue
+		strength = PasswordStrength.strength(password)
+		log(f'Password strength: {strength.value}', fg=strength.color())
 
 		passwd_verification = getpass.getpass(prompt=_('And one more time for verification: '))
-		if passwd != passwd_verification:
+		if password != passwd_verification:
 			log(' * Passwords did not match * ', fg='red')
 			continue
 
-		return passwd
+		return password
 
 	return None
 
-- 
cgit v1.2.3-54-g00ecf