Comments (7)
I thought about a config parameter too but this is a bit tricky so first let's get rid of the major issue and than make it better 👍
from zxcvbn.
@RossCurry what do you except what should happen? I would simply return false for the matcher in case of an network error.
from zxcvbn.
Not sure about @RossCurry (on holiday atm), but I'd expect the promise to be rejected. Are there any considerations for not propagating errors like that?
from zxcvbn.
The problem is that if an error is thrown inside zxcvbn-ts it will not be further executed. Which means a user won't get a scoring for the password.
I would assume in most cases the Form has a validation for the password strength.
For example this would mean the user can not register anymore and will be pretty annoyed. An error like "Our password scoring is currently not working" is not something that the user will understand.
from zxcvbn.
That's a fair point, and I agree it's a sensible default for most usecases. For other usecases it's a dangerous default though as we'd fail silently. If we'd apply zxcvbn on a server with incorrect network policies (e.g. whitelisting domains that the server is allowed to access, where the pwnd domain is not whitelisten), then a sysadmin would never detect this misconfiguration.
That being said, I'm not sure how to best cater to all usecases though. Possibly a configuration function handleNetworkError: (error:Err) => boolean | Error
(where the default is false
)?
from zxcvbn.
@LaurensRietveld i published a new version for the pwned matcher
from zxcvbn.
Thanks a lot!
from zxcvbn.
Related Issues (20)
- A UUID is categorised as a weak password HOT 1
- Tree shaking doesn't seem to work properly HOT 7
- [3.0.0 regression] error TS7016: Could not find a declaration file for module './adjacencyGraphs.json' HOT 1
- MatchSeparator.getSeparatorRegex uses unsupported negative lookbehind in safari HOT 1
- One to many l33t substitutions aren't supported HOT 2
- Guesses value is higher than it should be when the l33t matcher uses a replacement of multiple symbols to one HOT 1
- L33t scoring is incorrect for multisymbol substitutions HOT 2
- Regex matcher returns only first match HOT 1
- For randomly generated inputs, the value of guessesLog10 is incorrectly equal to the length of the string. HOT 2
- Make time estimate and scoring thresholds configurable HOT 2
- Separator scoring isn't used
- One of the directions gets less turns and guesses in spatial matcher HOT 1
- Consider adding base to output HOT 1
- @zxcvbn-ts/matcher-pwned crypto error HOT 6
- Typing issue HOT 2
- Performance drop because of the new l33t matcher
- Small error in documentation
- Language sources not working anymore
- Not recognizing dictionary words when multiple dictionaries are used HOT 1
- repeat matcher is causing repeat characters to be tested in other matchers HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zxcvbn.