dancroak-strong_password 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.gitignore +5 -0
- data/LICENSE +20 -0
- data/README.rdoc +42 -0
- data/Rakefile +56 -0
- data/VERSION +1 -0
- data/lib/strong_password.rb +5 -0
- data/lib/strong_password/length.rb +17 -0
- data/lib/strong_password/non_alphanumeric.rb +20 -0
- data/test/factories.rb +14 -0
- data/test/length_test.rb +46 -0
- data/test/non_alphanumeric_test.rb +61 -0
- data/test/test_helper.rb +25 -0
- metadata +69 -0
data/.document
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 Dan Croak
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,42 @@
|
|
1
|
+
= Strong Password
|
2
|
+
|
3
|
+
This is an extension to Clearance, an authentication gem from thoughtbot. It is a collection of modules which add restrictions to passwords on your User ActiveRecord model.
|
4
|
+
|
5
|
+
These are common things that public companies in the United States include in their security audits of systems:
|
6
|
+
|
7
|
+
* password minimum length
|
8
|
+
* password minimum number of non-alphanumeric characters
|
9
|
+
* password duplicate consecutive characters
|
10
|
+
* password history
|
11
|
+
* password automatic change period of days
|
12
|
+
* password bad attempts
|
13
|
+
|
14
|
+
None of these will ever be in Clearance, as it focuses on the bare minimum for email/password authentication and does not try to be super security-aware. We (myself and thoughtbot) are not security professionals and don't pretend to be.
|
15
|
+
|
16
|
+
These requirements are those I've personally been informed are commonly part of security audits. I make no claims that by using this gem you will pass any US laws.
|
17
|
+
|
18
|
+
However, if you find yourself in the situation where a public company requests these items before they'll use your software, Strong Password will help you save some time.
|
19
|
+
|
20
|
+
== Usage
|
21
|
+
|
22
|
+
Length:
|
23
|
+
|
24
|
+
class User < ActiveRecord::Base
|
25
|
+
include Clearance::User
|
26
|
+
include StrongPassword::MinimumLength
|
27
|
+
|
28
|
+
validates_password_length_minimum_is 8
|
29
|
+
end
|
30
|
+
|
31
|
+
Non-alphanumeric characters:
|
32
|
+
|
33
|
+
class User < ActiveRecord::Base
|
34
|
+
include Clearance::User
|
35
|
+
include StrongPassword::NonAlphanumeric
|
36
|
+
|
37
|
+
validates_password_non_alphanumeric_minimum_is 2
|
38
|
+
end
|
39
|
+
|
40
|
+
== Copyright
|
41
|
+
|
42
|
+
Copyright (c) 2009 Dan Croak. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
begin
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
gem.name = "strong_password"
|
8
|
+
gem.summary = "Clearance extension for when your app needs to pass a public US company's security audit."
|
9
|
+
gem.email = "dcroak@thoughtbot.com"
|
10
|
+
gem.homepage = "http://github.com/dancroak/strong_password"
|
11
|
+
gem.authors = ["Dan Croak"]
|
12
|
+
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
13
|
+
end
|
14
|
+
|
15
|
+
rescue LoadError
|
16
|
+
puts "Jeweler (or a dependency) not available. Install it with: sudo gem install jeweler"
|
17
|
+
end
|
18
|
+
|
19
|
+
require 'rake/testtask'
|
20
|
+
Rake::TestTask.new(:test) do |test|
|
21
|
+
test.libs << 'lib' << 'test'
|
22
|
+
test.pattern = 'test/**/*_test.rb'
|
23
|
+
test.verbose = true
|
24
|
+
end
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'rcov/rcovtask'
|
28
|
+
Rcov::RcovTask.new do |test|
|
29
|
+
test.libs << 'test'
|
30
|
+
test.pattern = 'test/**/*_test.rb'
|
31
|
+
test.verbose = true
|
32
|
+
end
|
33
|
+
rescue LoadError
|
34
|
+
task :rcov do
|
35
|
+
abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
39
|
+
|
40
|
+
task :default => :test
|
41
|
+
|
42
|
+
require 'rake/rdoctask'
|
43
|
+
Rake::RDocTask.new do |rdoc|
|
44
|
+
if File.exist?('VERSION.yml')
|
45
|
+
config = YAML.load(File.read('VERSION.yml'))
|
46
|
+
version = "#{config[:major]}.#{config[:minor]}.#{config[:patch]}"
|
47
|
+
else
|
48
|
+
version = ""
|
49
|
+
end
|
50
|
+
|
51
|
+
rdoc.rdoc_dir = 'rdoc'
|
52
|
+
rdoc.title = "strong_password #{version}"
|
53
|
+
rdoc.rdoc_files.include('README*')
|
54
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
55
|
+
end
|
56
|
+
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.0.1
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module StrongPassword
|
2
|
+
module MinimumLength
|
3
|
+
|
4
|
+
def self.included(model)
|
5
|
+
model.extend(ClassMethods)
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
def validates_password_length_minimum_is(minimum)
|
10
|
+
validates_length_of :password,
|
11
|
+
:minimum => minimum,
|
12
|
+
:message => "Password should be at least #{minimum} characters"
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
end
|
17
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module StrongPassword
|
2
|
+
module NonAlphanumeric
|
3
|
+
|
4
|
+
def self.included(model)
|
5
|
+
model.extend(ClassMethods)
|
6
|
+
end
|
7
|
+
|
8
|
+
module ClassMethods
|
9
|
+
def validates_password_non_alphanumeric_minimum_is(minimum)
|
10
|
+
min_non_alnums = ""
|
11
|
+
minimum.times { min_non_alnums += "\W+.*" }
|
12
|
+
validates_format_of :password,
|
13
|
+
:with => /#{min_non_alnums}/,
|
14
|
+
:message => "Password should contain at least #{minimum} non-alphanumeric characters"
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
data/test/factories.rb
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
Factory.sequence :email do |n|
|
2
|
+
"user#{n}@example.com"
|
3
|
+
end
|
4
|
+
|
5
|
+
Factory.define :user do |user|
|
6
|
+
user.email { Factory.next :email }
|
7
|
+
user.password { "password" }
|
8
|
+
user.password_confirmation { "password" }
|
9
|
+
end
|
10
|
+
|
11
|
+
Factory.define :email_confirmed_user, :parent => :user do |user|
|
12
|
+
user.email_confirmed { true }
|
13
|
+
end
|
14
|
+
|
data/test/length_test.rb
ADDED
@@ -0,0 +1,46 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class LengthTest < Test::Unit::TestCase
|
4
|
+
context "given a minimum password length restriction of 8" do
|
5
|
+
setup do
|
6
|
+
build_model :users do
|
7
|
+
string :email
|
8
|
+
string :password
|
9
|
+
string :password_confirmation
|
10
|
+
string :encrypted_password
|
11
|
+
|
12
|
+
include Clearance::User
|
13
|
+
include StrongPassword::MinimumLength
|
14
|
+
|
15
|
+
validates_password_length_minimum_is 8
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when a User tries to create a password with 7 characters" do
|
20
|
+
setup do
|
21
|
+
@user = Factory.build(:user, :password => "1234567",
|
22
|
+
:password_confirmation => "1234567")
|
23
|
+
end
|
24
|
+
|
25
|
+
should "validate length of password" do
|
26
|
+
matcher = ensure_length_of(:password).
|
27
|
+
is_at_least(8).
|
28
|
+
with_short_message("Password should be at least 8 characters")
|
29
|
+
|
30
|
+
assert_accepts matcher, @user
|
31
|
+
end
|
32
|
+
end
|
33
|
+
|
34
|
+
context "when a User tries to create a password with 8 characters" do
|
35
|
+
setup do
|
36
|
+
@user = Factory.build(:user, :password => "12345678",
|
37
|
+
:password_confirmation => "12345678")
|
38
|
+
end
|
39
|
+
|
40
|
+
should "be valid" do
|
41
|
+
assert_valid @user
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
@@ -0,0 +1,61 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class NonAlphanumericTest < Test::Unit::TestCase
|
4
|
+
|
5
|
+
def self.should_validate_password_non_alphanumeric_minimum_with(value)
|
6
|
+
should "validate password non alphanumeric minimum" do
|
7
|
+
matcher = validate_format_of(:password).
|
8
|
+
with(value).
|
9
|
+
with_message("Password should contain at least 2 non-alphanumeric characters")
|
10
|
+
|
11
|
+
assert_accepts matcher, @user
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
context "given a minimum number of non-alphanumeric characters for password" do
|
16
|
+
setup do
|
17
|
+
build_model :users do
|
18
|
+
string :email
|
19
|
+
string :password
|
20
|
+
string :password_confirmation
|
21
|
+
string :encrypted_password
|
22
|
+
|
23
|
+
include Clearance::User
|
24
|
+
include StrongPassword::NonAlphanumeric
|
25
|
+
|
26
|
+
validates_password_non_alphanumeric_minimum_is 2
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
context "a password with all numeric characters" do
|
31
|
+
setup do
|
32
|
+
@user = Factory.build(:user, :password => "123",
|
33
|
+
:password_confirmation => "123")
|
34
|
+
end
|
35
|
+
|
36
|
+
should_validate_password_non_alphanumeric_minimum_with("123")
|
37
|
+
end
|
38
|
+
|
39
|
+
context "a password with one alphanumeric characters" do
|
40
|
+
setup do
|
41
|
+
@user = Factory.build(:user, :password => "123$",
|
42
|
+
:password_confirmation => "123$")
|
43
|
+
end
|
44
|
+
|
45
|
+
should_validate_password_non_alphanumeric_minimum_with("123$")
|
46
|
+
end
|
47
|
+
|
48
|
+
context "a password with two alphanumeric characters" do
|
49
|
+
setup do
|
50
|
+
@user = Factory.build(:user, :password => "12#45*78",
|
51
|
+
:password_confirmation => "12#45*78")
|
52
|
+
end
|
53
|
+
|
54
|
+
should "be valid" do
|
55
|
+
assert_valid @user
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
|
data/test/test_helper.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'test/unit'
|
3
|
+
require 'shoulda'
|
4
|
+
require 'shoulda/active_record'
|
5
|
+
require 'clearance'
|
6
|
+
require 'acts_as_fu'
|
7
|
+
require 'factory_girl'
|
8
|
+
|
9
|
+
begin
|
10
|
+
require 'redgreen'
|
11
|
+
require 'quietbacktrace'
|
12
|
+
require 'ruby-debug'
|
13
|
+
rescue LoadError
|
14
|
+
end
|
15
|
+
|
16
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
17
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
18
|
+
|
19
|
+
require 'strong_password'
|
20
|
+
|
21
|
+
class Test::Unit::TestCase
|
22
|
+
include ActsAsFu
|
23
|
+
include Shoulda::ActiveRecord::Matchers
|
24
|
+
end
|
25
|
+
|
metadata
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: dancroak-strong_password
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Dan Croak
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-06-24 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description:
|
17
|
+
email: dcroak@thoughtbot.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files:
|
23
|
+
- LICENSE
|
24
|
+
- README.rdoc
|
25
|
+
files:
|
26
|
+
- .document
|
27
|
+
- .gitignore
|
28
|
+
- LICENSE
|
29
|
+
- README.rdoc
|
30
|
+
- Rakefile
|
31
|
+
- VERSION
|
32
|
+
- lib/strong_password.rb
|
33
|
+
- lib/strong_password/length.rb
|
34
|
+
- lib/strong_password/non_alphanumeric.rb
|
35
|
+
- test/factories.rb
|
36
|
+
- test/length_test.rb
|
37
|
+
- test/non_alphanumeric_test.rb
|
38
|
+
- test/test_helper.rb
|
39
|
+
has_rdoc: false
|
40
|
+
homepage: http://github.com/dancroak/strong_password
|
41
|
+
post_install_message:
|
42
|
+
rdoc_options:
|
43
|
+
- --charset=UTF-8
|
44
|
+
require_paths:
|
45
|
+
- lib
|
46
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
47
|
+
requirements:
|
48
|
+
- - ">="
|
49
|
+
- !ruby/object:Gem::Version
|
50
|
+
version: "0"
|
51
|
+
version:
|
52
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - ">="
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: "0"
|
57
|
+
version:
|
58
|
+
requirements: []
|
59
|
+
|
60
|
+
rubyforge_project:
|
61
|
+
rubygems_version: 1.2.0
|
62
|
+
signing_key:
|
63
|
+
specification_version: 3
|
64
|
+
summary: Clearance extension for when your app needs to pass a public US company's security audit.
|
65
|
+
test_files:
|
66
|
+
- test/factories.rb
|
67
|
+
- test/length_test.rb
|
68
|
+
- test/non_alphanumeric_test.rb
|
69
|
+
- test/test_helper.rb
|