fix: Add password policy (#231)

src/commands/generate.rs

@@ -2,10 +2,10 @@ use crate::{
     lib::{get_account_id, key_encryption_params, mnemonic_to_key, AnyhowResult},
     read_file,
 };
-use anyhow::{anyhow, bail, Context};
+use anyhow::{anyhow, bail, ensure, Context};
 use bip39::{Language, Mnemonic};
 use clap::{Parser, ValueEnum};
-use dialoguer::Password;
+use dialoguer::{Password, PasswordValidator};
 use ic_agent::{identity::Secp256k1Identity, Identity};
 use pkcs8::{EncodePrivateKey, EncryptedPrivateKeyInfo, PrivateKeyInfo};
 use rand::{rngs::OsRng, thread_rng, RngCore};
@@ -115,11 +115,14 @@ Copy this onto a piece of paper or external media and store it in a safe place."
         StorageMode::Plaintext => key.to_sec1_pem(LineEnding::default())?,
         StorageMode::PasswordProtected => {
             let password = if let Some(password_file) = opts.password_file {
-                read_file(password_file, "password")?
+                let content = read_file(password_file, "password")?;
+                QuillPasswordPolicy.validate(&content)?;
+                content
             } else {
                 Password::new()
                     .with_prompt("PEM encryption password")
                     .with_confirmation("Re-enter password", "Passwords did not match")
+                    .validate_with(QuillPasswordPolicy)
                     .interact()?
             };
             let key_der = key.to_pkcs8_der()?;
@@ -144,3 +147,16 @@ Copy this onto a piece of paper or external media and store it in a safe place."
     println!("Legacy account id: {account_id}");
     Ok(())
 }
+
+struct QuillPasswordPolicy;
+
+impl PasswordValidator for QuillPasswordPolicy {
+    type Err = anyhow::Error;
+    fn validate(&self, input: &String) -> Result<(), Self::Err> {
+        ensure!(
+            input.chars().count() >= 8,
+            "Password must be at least 8 characters"
+        );
+        Ok(())
+    }
+}

tests/output/default/base_command/bad_password.txt

@@ -0,0 +1 @@
+Error: Password must be at least 8 characters

tests/output/root.rs

@@ -80,19 +80,29 @@ fn generate() {
 Principal id: beckf-r6bg7-t6ju6-s7k45-b5jtj-mcm57-zjaie-svgrr-7ekzs-55v75-sae
 Legacy account id: ffc463646a2c92dce58d1179d26c64d4ccbaf1079a6edc5628cedc0d4b3b1866",
     );
-    let mut password = NamedTempFile::new().unwrap();
-    password.write_all(b"pass").unwrap();
     quill(&format!(
         "generate --pem-file {pem} --overwrite-pem-file",
         pem = escape_p(&pem)
     ))
     .diff_err("generate/no_password.txt");
+    let mut good_password = NamedTempFile::new().unwrap();
+    good_password
+        .write_all(b"correct horse battery staple")
+        .unwrap();
+    let mut bad_password = NamedTempFile::new().unwrap();
+    bad_password.write_all(b"hunter2").unwrap();
     quill(&format!(
-        "generate --pem-file {pem} --overwrite-pem-file --password-file {password}",
+        "generate --pem-file {pem} --overwrite-pem-file --password-file {good_password}",
         pem = escape_p(&pem),
-        password = escape_p(&password)
+        good_password = escape_p(&good_password)
     ))
     .assert_success();
+    quill(&format!(
+        "generate --pem-file {pem} --overwrite-pem-file --password-file {bad_password}",
+        pem = escape_p(&pem),
+        bad_password = escape_p(&bad_password)
+    ))
+    .diff_err("base_command/bad_password.txt");
     quill(&format!(
         "public-ids --pem-file {pem}",
         pem = escape_p(&pem)
@@ -106,7 +116,7 @@ Legacy account id: ffc463646a2c92dce58d1179d26c64d4ccbaf1079a6edc5628cedc0d4b3b1
     quill(&format!(
         "public-ids --pem-file {pem} --password-file {pass}",
         pem = escape_p(&pem),
-        pass = escape_p(&password)
+        pass = escape_p(&good_password)
     ))
     .assert_success();
 }