Sanitize 12 words input

Question

Sanitize 12 words input

Closed this issue 2 years ago · 4 comments

What we have
The input we use to login to the app isn't very smart. It just sends data the way it is.

Proposal
We should make our input smarter and sanitize the data before trying to sign in.

Why
To make it easier for users. Sometimes they may paste something with extra spaces, or their input might be not formatted perfectly.

How
Probably something like this is enough:

inputValue
  |> String.words
  |> List.join " "

Additional context
https://cambiatus.slack.com/archives/CA83HJAAD/p1660764647207089

Answer 1 · 2022-08-18T01:22:50.000Z

Seems like we already do some validation:

passphraseValidator : Form.Validate.Validator String -> Form.Validate.Validator Passphrase
passphraseValidator =
    let
        has12Words passphrase =
            if List.length (String.words passphrase) >= 12 then
                String.words passphrase
                    |> List.take 12
                    |> String.join " "
                    |> Ok

            else
                Err (\translators_ -> translators_.t "auth.login.wordsMode.input.notPassphraseError")

        wordsHave3Letters passphrase =
            if
                String.words passphrase
                    |> List.all (\word -> String.length word > 2)
            then
                Ok passphrase

            else
                Err (\translators_ -> translators_.t "auth.login.wordsMode.input.atLeastThreeLettersError")
    in
    Form.Validate.custom has12Words
        >> Form.Validate.custom wordsHave3Letters
        >> Form.Validate.map Passphrase

@lucca65 any ideas of what else we could do? I couldn't seem to replicate the issue

Answer 2 · 2022-08-18T14:42:57.000Z

clean up extra whitespaces?

downcase everything, because some phones force capitalization of the first letter

There is also something we could do, we actually have access to the word list. To generate the private key we have a finite number of specific words and we can validate them

Answer 3 · 2022-08-18T14:55:08.000Z

clean up extra whitespaces?

That's already done by String.words

downcase everything, because some phones force capitalization of the first letter

👍

There is also something we could do, we actually have access to the word list. To generate the private key we have a finite number of specific words and we can validate them

Where can I get that list? 👀

Answer 4 · 2022-08-18T18:30:12.000Z

the standard we use is called bip39, you can follow our node modules, or here: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt