(Wallet) Implement new password creation screen

[simoarpe]

Resolves brave/brave-browser#36552

Implements new password creation screen following Figma design.

Main umbrella issue: brave/brave-browser#35294

Screen.Recording.2024-03-06.at.11.26.46.AM.mov

Notable Changes

• Implements responsive layout that adjust continue button position with and without software keyboard.
• Implements stronger checks that prevents multiple tappings on the buttons loading the same fragment twice.
• Moves wallet creation logic into appropriate fragment OnboardingCreatingWalletFragment.
• Implements new UI component PasswordStrengthMeterView following latest Material guidelines.
• Migrate away from deprecated FragmentStatePagerAdapter in favor of newer FragmentStateAdapter and ViewPager2 bringing better perfomance and removing callback duplication.

Light Mode

Dark Mode

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

• Create a new Wallet
• Accept terms of use
• Enter a password in the first edit text
• Re-type the password in the second edit text
• Observe the match sign pops up and the button becomes enabled
• Modify the password in the first edit text
• Observe the button becames disabled
• Increase password length
• Observe weak, medium, and strong match the logic of Desktop
• Try to tap on continue button multiple times
• Observe the button can be tapped only when the passwords match and only a single time

[github-actions]

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

[thypon]

@simoarpe is this Android only?

[github-actions]

[puLL-Merge] - brave/brave-core@22459

Description

The pull request introduces multiple new features and changes mainly centered around improving the user experience for setting up a crypto wallet in the Brave Android application. The primary focus of these changes is to implement a new password setup process for the crypto wallet, including a password strength meter and retype password validation. Additionally, various UI components involved in the crypto wallet setup process have been updated or added to support these new features.

Changes

Changes

General

• Migration from ViewPager to ViewPager2 in crypto wallet onboarding flows for improved performance and support for modern UI features.
• Addition of password strength meter functionality to guide the user in creating a strong password for their crypto wallet.
• Introduction of UI components to indicate password strength (weak, medium, strong) and ensure password match upon re-entry.
• Implementation of various UI and UX improvements, including more descriptive text and error messages, to enhance the clarity of the wallet setup process.

Affected Files

• android/brave_java_resources.gni and android/brave_java_sources.gni: Added references to new drawable resources and Java source files related to the password strength meter and password validation.
• android/java/org/chromium/chrome/browser/crypto_wallet/activities/BraveWalletActivity.java: Refactored to support ViewPager2 and added annotations to suppress lint warnings.
• android/java/org/chromium/chrome/browser/crypto_wallet/adapters/CryptoWalletOnboardingPagerAdapter.java: Adapted to support ViewPager2 by extending FragmentStateAdapter.
• android/java/org/chromium/chrome/browser/crypto_wallet/fragments/onboarding/*: Modified and added new fragments to implement the updated password setup process, including UI logic for displaying password strength and matching validation.
• android/java/org/chromium/chrome/browser/custom_layout/PasswordStrengthMeterView.java: New custom view implementation for the password strength meter.
• android/java/res/drawable/*: Added new drawable resources for password strength indicators and warning icons.
• android/java/res/layout/*: Updated and added layout files to accommodate the new password setup UI components.
• android/java/res/values/brave_styles.xml: Added new styles for password input layout.
• browser/ui/android/strings/android_brave_strings.grd: Added new string resources for the labels, hints, and error messages related to the password setup process.

Security Hotspots

1. Password Strength Validation Logic (High Risk): While the UI changes to guide users in creating a strong password are positive, the underlying logic that validates the password strength must be scrutinized to ensure it encourages the creation of genuinely secure passwords. Vulnerabilities in this area could lead to users setting weak passwords, compromising wallet security.
2. Password Handling and Storage (High Risk): The changes involve handling user passwords, which is a sensitive operation. It is crucial to ensure that passwords are properly handled in memory and not exposed to logging or vulnerable storage practices.
3. Biometric Authentication Flow (Medium Risk): The introduction of biometric authentication for the wallet access presents a potential security risk if not correctly implemented. Specifically, the fallback mechanisms in place when biometrics fail or when handling exceptions need careful review to prevent unauthorized access.
4. UI Redirections and Input Handling (Low Risk): With the adjustments and additions to the crypto wallet setup UI, ensuring that input validation is thorough and redirections do not expose unintended functionalities is important for maintaining overall application security.

[simoarpe]

@thypon Yes! Android only.

[simoarpe]

Migrated away from deprecated FragmentStatePagerAdapter.

[simoarpe]

With the new ViwePager2 this class is not needed anymore as it would suffice calling mCryptoWalletOnboardingViewPager.setUserInputEnabled(false); to disable user interaction.

[SergeyZhukovsky]

++

[mkarolin]

strings++

[diracdeltas]

Tagging @stoletheminerals for security review since this is a security-related change.