[feature] Include password strength in error message when password strength is too low (#550)

* When password validation fails, return how close to enough entropy it has. * Shorter version of low-strength password error message
2025-10-29 23:12:26 -05:00 · 2022-05-09 01:31:46 -07:00 · 2022-05-09 01:31:46 -07:00 · b24b71c0a4
commit b24b71c0a4
parent 5004e0a9da
4 changed files with 18 additions and 8 deletions
--- a/internal/processing/user/changepassword_test.go
+++ b/internal/processing/user/changepassword_test.go
@ -64,9 +64,9 @@ func (suite *ChangePasswordTestSuite) TestChangePasswordWeakNew() {
 	user := suite.testUsers["local_account_1"]

 	errWithCode := suite.user.ChangePassword(context.Background(), user, "password", "1234")
-	suite.EqualError(errWithCode, "insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
+	suite.EqualError(errWithCode, "password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password")
 	suite.Equal(http.StatusBadRequest, errWithCode.Code())
-	suite.Equal("bad request: insecure password, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
+	suite.Equal("bad request: password is 11% strength, try including more special characters, using lowercase letters, using uppercase letters or using a longer password", errWithCode.Safe())
 }

 func TestChangePasswordTestSuite(t *testing.T) {