normalize passwords

src/Android/Resources/Resource.Designer.cs

@@ -6478,17 +6478,17 @@ namespace Bit.Android
 			// aapt resource value: 0x7f090051
 			public const int ApplicationName = 2131296337;
 			
-			// aapt resource value: 0x7f0900b2
+			// aapt resource value: 0x7f0900ab
-			public const int AutoFillServiceDescription = 2131296434;
+			public const int AutoFillServiceDescription = 2131296427;
 			
-			// aapt resource value: 0x7f0900b1
+			// aapt resource value: 0x7f0900aa
-			public const int AutoFillServiceSummary = 2131296433;
+			public const int AutoFillServiceSummary = 2131296426;
 			
 			// aapt resource value: 0x7f090050
 			public const int Hello = 2131296336;
 			
-			// aapt resource value: 0x7f0900b3
+			// aapt resource value: 0x7f0900ac
-			public const int MyVault = 2131296435;
+			public const int MyVault = 2131296428;
 			
 			// aapt resource value: 0x7f090027
 			public const int abc_action_bar_home_description = 2131296295;
@@ -6643,27 +6643,6 @@ namespace Bit.Android
 			// aapt resource value: 0x7f09000f
 			public const int common_signin_button_text_long = 2131296271;
 			
-			// aapt resource value: 0x7f0900ac
-			public const int default_web_client_id = 2131296428;
-			
-			// aapt resource value: 0x7f0900ad
-			public const int firebase_database_url = 2131296429;
-			
-			// aapt resource value: 0x7f0900aa
-			public const int gcm_defaultSenderId = 2131296426;
-			
-			// aapt resource value: 0x7f0900ae
-			public const int google_api_key = 2131296430;
-			
-			// aapt resource value: 0x7f0900ab
-			public const int google_app_id = 2131296427;
-			
-			// aapt resource value: 0x7f0900af
-			public const int google_crash_reporting_api_key = 2131296431;
-			
-			// aapt resource value: 0x7f0900b0
-			public const int google_storage_bucket = 2131296432;
-			
 			// aapt resource value: 0x7f090052
 			public const int hockeyapp_crash_dialog_app_name_fallback = 2131296338;
 			

src/App/Services/CryptoService.cs

@@ -424,7 +424,7 @@ namespace Bit.App.Services
                 throw new ArgumentNullException(nameof(salt));
             }
 
-            var passwordBytes = Encoding.UTF8.GetBytes(password);
+            var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password));
             var saltBytes = Encoding.UTF8.GetBytes(salt);
 
             var keyBytes = _keyDerivationService.DeriveKey(passwordBytes, saltBytes, 5000);
@@ -449,7 +449,7 @@ namespace Bit.App.Services
                 throw new ArgumentNullException(nameof(password));
             }
 
-            var passwordBytes = Encoding.UTF8.GetBytes(password);
+            var passwordBytes = Encoding.UTF8.GetBytes(NormalizePassword(password));
             var hash = _keyDerivationService.DeriveKey(key.Key, passwordBytes, 1);
             return hash;
         }
@@ -465,5 +465,17 @@ namespace Bit.App.Services
             var bytes = Crypto.RandomBytes(512 / 8);
             return Encrypt(bytes, key);
         }
+
+        // Some users like to copy/paste passwords from external files. Sometimes this can lead to two different
+        // values on mobiles apps vs the web. For example, on Android an EditText will accept a new line character
+        // (\n), whereas whenever you paste a new line character on the web in a HTML input box it is converted
+        // to a space ( ). Normalize those values so that they are the same on all platforms.
+        private string NormalizePassword(string password)
+        {
+            return password
+                .Replace("\r\n", " ") // Windows-style new line => space
+                .Replace("\n", " ") // New line => space
+                .Replace(" ", " "); // No-break space (00A0) => space
+        }
     }
 }