From 9aab94b8de163adc6fca394ca07fa004ec89f5ad Mon Sep 17 00:00:00 2001
From: kyranjamie <kyran.burraston@gmail.com>
Date: Sat, 9 Jan 2021 18:55:47 +0100
Subject: [PATCH] feat: don't allow Secret Key as password

---
 app/crypto/validate-password.ts                       | 7 ++++++-
 app/pages/onboarding/07-set-password/set-password.tsx | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/app/crypto/validate-password.ts b/app/crypto/validate-password.ts
index 30b01ff5a..0412b1f13 100644
--- a/app/crypto/validate-password.ts
+++ b/app/crypto/validate-password.ts
@@ -1,3 +1,4 @@
+import { validateMnemonic } from 'bip39';
 import zxcvbn, { ZXCVBNResult, ZXCVBNScore } from 'zxcvbn';
 
 const truncateCpuDemandingPassword = (input: string) => input.substr(0, 100);
@@ -18,17 +19,21 @@ export interface ValidatedPassword extends ZXCVBNResult {
   meetsLengthRequirement: boolean;
   meetsScoreRequirement: boolean;
   meetsAllStrengthRequirements: boolean;
+  isMnemonicPhrase: boolean;
 }
 
 export function validatePassword(input: string): ValidatedPassword {
+  const isMnemonicPhrase = validateMnemonic(input);
   const password = input.length > 100 ? truncateCpuDemandingPassword(input) : input;
   const result = zxcvbn(password);
   const meetsScoreRequirement = hasHighestPasswordScore(result.score);
   const meetsLengthRequirement = hasSufficientLength(input);
-  const meetsAllStrengthRequirements = meetsScoreRequirement && meetsLengthRequirement;
+  const meetsAllStrengthRequirements =
+    meetsScoreRequirement && meetsLengthRequirement && !isMnemonicPhrase;
 
   return Object.freeze({
     ...result,
+    isMnemonicPhrase,
     meetsScoreRequirement,
     meetsLengthRequirement,
     meetsAllStrengthRequirements,
diff --git a/app/pages/onboarding/07-set-password/set-password.tsx b/app/pages/onboarding/07-set-password/set-password.tsx
index e6c460d38..bab6b3e60 100644
--- a/app/pages/onboarding/07-set-password/set-password.tsx
+++ b/app/pages/onboarding/07-set-password/set-password.tsx
@@ -19,6 +19,9 @@ import {
 } from '@crypto/validate-password';
 
 const weakPasswordWarningMessage = (result: ValidatedPassword) => {
+  if (result.isMnemonicPhrase) {
+    return `Don't use your mnemonic Secret Key as your wallet password. This password is used to encrypt your Secret Key.`;
+  }
   if (result.feedback.suggestions.length > 0) {
     return `${result.feedback.suggestions.join(' ')}`;
   }
@@ -48,6 +51,7 @@ export const SetPassword: React.FC = () => {
     const pass = e.currentTarget.value;
     setPassword(pass);
     const result = validatePassword(pass);
+    if (result.isMnemonicPhrase) setHasSubmitted(true);
     setStrengthResult(result);
   };