search

trichards57 / zxcvbn-cs

C#/.NET port of Dan Wheeler/DropBox's Zxcvbn JS password strength estimation library
MIT License
59 stars 18 forks source link

result score not initialized before calling getfeedback #31

Closed tmijieux closed 2 years ago

tmijieux commented 3 years ago

In the original coffee version the score is assigned into the result object Before GetFeedback is called:

  attack_times = time_estimates.estimate_attack_times result.guesses
  for prop, val of attack_times
    result[prop] = val  # <-- score assigned into result with this line
  result.feedback = feedback.get_feedback result.score, result.sequence

but in here you pass the result.Score with its default initial value of 0 every time:

https://github.com/trichards57/zxcvbn-cs/blob/8e0ace4be47fc241766acb742fe977a6c666abde/zxcvbn-core/Core.cs#L26-L37

(I just added a System.Diagnostics.Debug.WriteLine($"score={result.Score}"); before call to getfeedback to be sure about this)

expected behaviour:

the evaluatepassword does not return warnings / suggestions if the score is greater or equal to 3

actual behaviour :

the evaluatepassword still return warnings and suggestions even if the score is equal to 3 or 4.