Define implementation of internal password policy class (#7447)

ch5zzy · web-flow · commit ca662bd32251 · 2023-07-12T13:58:08.000-07:00
* Define PasswordPolicyImpl

* Add PasswordPolicyCustomStrengthOptions internal typing
diff --git a/common/api-review/auth.api.md b/common/api-review/auth.api.md
@@ -564,7 +564,7 @@ export interface ParsedToken {
 
 // @public
 export interface PasswordPolicy {
-    readonly allowedNonAlphanumericCharacters: string[];
+    readonly allowedNonAlphanumericCharacters?: string[];
     readonly customStrengthOptions: {
         readonly minPasswordLength?: number;
         readonly maxPasswordLength?: number;
diff --git a/packages/auth/src/api/password_policy/get_password_policy.ts b/packages/auth/src/api/password_policy/get_password_policy.ts
@@ -37,8 +37,8 @@ export interface GetPasswordPolicyResponse {
   customStrengthOptions: {
     minPasswordLength?: number;
     maxPasswordLength?: number;
-    containsLowercaseLetter?: boolean;
-    containsUppercaseLetter?: boolean;
+    containsLowercaseCharacter?: boolean;
+    containsUppercaseCharacter?: boolean;
     containsNumericCharacter?: boolean;
     containsNonAlphanumericCharacter?: boolean;
   };
diff --git a/packages/auth/src/core/auth/password_policy_impl.test.ts b/packages/auth/src/core/auth/password_policy_impl.test.ts
@@ -0,0 +1,112 @@
+/**
+ * @license
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { expect, use } from 'chai';
+import chaiAsPromised from 'chai-as-promised';
+import sinonChai from 'sinon-chai';
+import { PasswordPolicy } from '../../model/public_types';
+import { PasswordPolicyImpl } from './password_policy_impl';
+import { GetPasswordPolicyResponse } from '../../api/password_policy/get_password_policy';
+
+use(sinonChai);
+use(chaiAsPromised);
+
+describe('core/auth/password_policy_impl', () => {
+  const TEST_MIN_PASSWORD_LENGTH = 6;
+  const TEST_MAX_PASSWORD_LENGTH = 30;
+  const TEST_CONTAINS_LOWERCASE = true;
+  const TEST_CONTAINS_UPPERCASE = true;
+  const TEST_CONTAINS_NUMERIC = true;
+  const TEST_CONTAINS_NON_ALPHANUMERIC = true;
+  const TEST_ALLOWED_NON_ALPHANUMERIC_CHARS = ['!', '(', ')'];
+  const TEST_SCHEMA_VERSION = 1;
+  const PASSWORD_POLICY_RESPONSE_REQUIRE_ALL: GetPasswordPolicyResponse = {
+    customStrengthOptions: {
+      minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
+      maxPasswordLength: TEST_MAX_PASSWORD_LENGTH,
+      containsLowercaseCharacter: TEST_CONTAINS_LOWERCASE,
+      containsUppercaseCharacter: TEST_CONTAINS_UPPERCASE,
+      containsNumericCharacter: TEST_CONTAINS_NUMERIC,
+      containsNonAlphanumericCharacter: TEST_CONTAINS_NON_ALPHANUMERIC
+    },
+    allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_CHARS,
+    schemaVersion: TEST_SCHEMA_VERSION
+  };
+  const PASSWORD_POLICY_RESPONSE_REQUIRE_LENGTH: GetPasswordPolicyResponse = {
+    customStrengthOptions: {
+      minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
+      maxPasswordLength: TEST_MAX_PASSWORD_LENGTH
+    },
+    allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_CHARS,
+    schemaVersion: TEST_SCHEMA_VERSION
+  };
+  const PASSWORD_POLICY_REQUIRE_ALL: PasswordPolicy = {
+    customStrengthOptions: {
+      minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
+      maxPasswordLength: TEST_MAX_PASSWORD_LENGTH,
+      containsLowercaseLetter: TEST_CONTAINS_LOWERCASE,
+      containsUppercaseLetter: TEST_CONTAINS_UPPERCASE,
+      containsNumericCharacter: TEST_CONTAINS_NUMERIC,
+      containsNonAlphanumericCharacter: TEST_CONTAINS_UPPERCASE
+    },
+    allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_CHARS
+  };
+  const PASSWORD_POLICY_REQUIRE_LENGTH: PasswordPolicy = {
+    customStrengthOptions: {
+      minPasswordLength: TEST_MIN_PASSWORD_LENGTH,
+      maxPasswordLength: TEST_MAX_PASSWORD_LENGTH
+    },
+    allowedNonAlphanumericCharacters: TEST_ALLOWED_NON_ALPHANUMERIC_CHARS
+  };
+
+  context('#PasswordPolicyImpl', () => {
+    it('can construct the password policy from the backend response', () => {
+      const policy: PasswordPolicy = new PasswordPolicyImpl(
+        PASSWORD_POLICY_RESPONSE_REQUIRE_ALL
+      );
+      // The password policy contains the schema version internally, but the public typing does not.
+      // Only check the fields that are publicly exposed.
+      expect(policy.customStrengthOptions).to.eql(
+        PASSWORD_POLICY_REQUIRE_ALL.customStrengthOptions
+      );
+      expect(policy.allowedNonAlphanumericCharacters).to.eql(
+        PASSWORD_POLICY_REQUIRE_ALL.allowedNonAlphanumericCharacters
+      );
+    });
+
+    it('only includes requirements defined in the response', () => {
+      const policy: PasswordPolicy = new PasswordPolicyImpl(
+        PASSWORD_POLICY_RESPONSE_REQUIRE_LENGTH
+      );
+      expect(policy.customStrengthOptions).to.eql(
+        PASSWORD_POLICY_REQUIRE_LENGTH.customStrengthOptions
+      );
+      expect(policy.allowedNonAlphanumericCharacters).to.eql(
+        PASSWORD_POLICY_REQUIRE_LENGTH.allowedNonAlphanumericCharacters
+      );
+      // Requirements that are not in the response should be undefined.
+      expect(policy.customStrengthOptions.containsLowercaseLetter).to.be
+        .undefined;
+      expect(policy.customStrengthOptions.containsUppercaseLetter).to.be
+        .undefined;
+      expect(policy.customStrengthOptions.containsNumericCharacter).to.be
+        .undefined;
+      expect(policy.customStrengthOptions.containsNonAlphanumericCharacter).to
+        .be.undefined;
+    });
+  });
+});
diff --git a/packages/auth/src/core/auth/password_policy_impl.ts b/packages/auth/src/core/auth/password_policy_impl.ts
@@ -0,0 +1,84 @@
+/**
+ * @license
+ * Copyright 2023 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+import { GetPasswordPolicyResponse } from '../../api/password_policy/get_password_policy';
+import {
+  PasswordPolicyCustomStrengthOptions,
+  PasswordPolicyInternal,
+  PasswordValidationStatusInternal
+} from '../../model/password_policy';
+import { PasswordValidationStatus } from '../../model/public_types';
+
+/**
+ * Stores password policy requirements and provides password validation against the policy.
+ *
+ * @internal
+ */
+export class PasswordPolicyImpl implements PasswordPolicyInternal {
+  readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;
+  readonly allowedNonAlphanumericCharacters: string[];
+  readonly schemaVersion: number;
+
+  constructor(response: GetPasswordPolicyResponse) {
+    // Only include custom strength options defined in the response.
+    const responseOptions = response.customStrengthOptions;
+    this.customStrengthOptions = {};
+    if (responseOptions.minPasswordLength) {
+      this.customStrengthOptions.minPasswordLength =
+        responseOptions.minPasswordLength;
+    }
+    if (responseOptions.maxPasswordLength) {
+      this.customStrengthOptions.maxPasswordLength =
+        responseOptions.maxPasswordLength;
+    }
+    if (responseOptions.containsLowercaseCharacter !== undefined) {
+      this.customStrengthOptions.containsLowercaseLetter =
+        responseOptions.containsLowercaseCharacter;
+    }
+    if (responseOptions.containsUppercaseCharacter !== undefined) {
+      this.customStrengthOptions.containsUppercaseLetter =
+        responseOptions.containsUppercaseCharacter;
+    }
+    if (responseOptions.containsNumericCharacter !== undefined) {
+      this.customStrengthOptions.containsNumericCharacter =
+        responseOptions.containsNumericCharacter;
+    }
+    if (responseOptions.containsNonAlphanumericCharacter !== undefined) {
+      this.customStrengthOptions.containsNonAlphanumericCharacter =
+        responseOptions.containsNonAlphanumericCharacter;
+    }
+
+    this.allowedNonAlphanumericCharacters =
+      response.allowedNonAlphanumericCharacters;
+    this.schemaVersion = response.schemaVersion;
+  }
+
+  validatePassword(password: string): PasswordValidationStatus {
+    const status: PasswordValidationStatusInternal = {
+      isValid: false,
+      passwordPolicy: this
+    };
+
+    // TODO: Implement private helper methods for checking length and character options.
+    // Call these here to populate the status object.
+    if (password) {
+      status.isValid = true;
+    }
+
+    return status;
+  }
+}
diff --git a/packages/auth/src/model/password_policy.ts b/packages/auth/src/model/password_policy.ts
@@ -25,6 +25,10 @@ import { PasswordPolicy, PasswordValidationStatus } from './public_types';
  * @internal
  */
 export interface PasswordPolicyInternal extends PasswordPolicy {
+  /**
+   * Requirements enforced by the password policy.
+   */
+  readonly customStrengthOptions: PasswordPolicyCustomStrengthOptions;
   /**
    * Schema version of the password policy.
    */
@@ -36,6 +40,39 @@ export interface PasswordPolicyInternal extends PasswordPolicy {
   validatePassword(password: string): PasswordValidationStatus;
 }
 
+/**
+ * Internal typing of the password policy custom strength options that is modifiable. This
+ * allows us to construct the strength options before storing them in the policy.
+ *
+ * @internal
+ */
+export interface PasswordPolicyCustomStrengthOptions {
+  /**
+   * Minimum password length.
+   */
+  minPasswordLength?: number;
+  /**
+   * Maximum password length.
+   */
+  maxPasswordLength?: number;
+  /**
+   * Whether the password should contain a lowercase letter.
+   */
+  containsLowercaseLetter?: boolean;
+  /**
+   * Whether the password should contain an uppercase letter.
+   */
+  containsUppercaseLetter?: boolean;
+  /**
+   * Whether the password should contain a numeric character.
+   */
+  containsNumericCharacter?: boolean;
+  /**
+   * Whether the password should contain a non-alphanumeric character.
+   */
+  containsNonAlphanumericCharacter?: boolean;
+}
+
 /**
  * Internal typing of password validation status that is modifiable. This allows us to
  * construct the validation status before returning it.
