devise-uncommon_password-alt 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (12) hide show
  1. checksums.yaml +7 -0
  2. data/MIT-LICENSE +20 -0
  3. data/README.md +75 -0
  4. data/Rakefile +33 -0
  5. data/lib/devise/uncommon_password/locales/en.yml +4 -0
  6. data/lib/devise/uncommon_password/model.rb +40 -0
  7. data/lib/devise/uncommon_password/passwords.txt +999999 -0
  8. data/lib/devise/uncommon_password/passwords_test.txt +100 -0
  9. data/lib/devise/uncommon_password/version.rb +5 -0
  10. data/lib/devise/uncommon_password.rb +15 -0
  11. data/lib/tasks/devise/uncommon_password_tasks.rake +4 -0
  12. metadata +113 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 5bd720834ade5f20fe68dd5c27e7bb3b81c59d5de67cf7693b8b180fbe3e2de1
4
+ data.tar.gz: 9fc4d4f2ec6b299d40dec5849f4eb7c8a66ba7e1a6963656a85d58655b4e2108
5
+ SHA512:
6
+ metadata.gz: 14dedf1ed17934e430d65fc73c42a4986cab043efeaef0b124c249b46bd057ca4b3cf46e31b6e08d8e085064a0231c8bc6bbb5e79bad31f74627df9576dcd4d1
7
+ data.tar.gz: db8fb452e3c31cdda04afa9396c4eedf9f413d27b3747ecc90bdad9fbc1238eb4dcfcb6edc9d3266c545615b9c9a14d32160ad578611c9a7696584750c9c54cc
data/MIT-LICENSE ADDED
@@ -0,0 +1,20 @@
1
+ Copyright 2017 Chris Larsen
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,75 @@
1
+ ## Notice
2
+
3
+ This project is not frequently maintained. Please check the original source: https://github.com/HCLarsen/devise-uncommon_password.
4
+
5
+ # Devise Uncommon Password
6
+
7
+ [![Build Status](https://travis-ci.org/HCLarsen/devise-uncommon_password.svg?branch=master)](https://travis-ci.org/HCLarsen/devise-uncommon_password)
8
+ [![Code Climate](https://codeclimate.com/github/HCLarsen/devise-uncommon_password.svg)](https://codeclimate.com/github/HCLarsen/devise-uncommon_password)
9
+
10
+ Devise::UncommonPassword is an extension for the [devise](https://github.com/heartcombo/devise) gem, which prevents users from signing up using one of the 100 most common passwords. The list is derived from 10-million-password-list-top-1000000.txt found at: https://github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt.
11
+
12
+ ## Usage
13
+
14
+ Add the `:uncommon_password` module to your model:
15
+
16
+ ```ruby
17
+ class AdminUser < ApplicationRecord
18
+ devise :database_authenticatable,
19
+ :recoverable, :rememberable, :trackable, :validatable, :uncommon_password
20
+ end
21
+ ```
22
+
23
+ By default, the password is checked against the 100 most common passwords that fit within the minimum and maximum lengths specified in the /config/initializers/devise.rb file. However, if a developer wants to check against a larger list, they may override this default by adding the following line to that same file:
24
+
25
+ ```ruby
26
+ # Number of common passwords to check entered password against.
27
+ config.password_matches = 1000
28
+ ```
29
+
30
+ ### Additional Enhancements
31
+
32
+ Added support to allow different password files to be loaded depending on environment
33
+
34
+
35
+ ### Internationalization and Customization
36
+
37
+ The default message for users who attempt to use a common password is:
38
+
39
+ ```
40
+ is a very common password. Please choose something harder to guess.
41
+ ```
42
+
43
+ This can be changed by modifying the `devise.en.yml` file, under errors/messages/common_password. Translations can be provided using the devise translation files in the same location.
44
+
45
+ ```yml
46
+ en:
47
+ errors:
48
+ messages:
49
+ common_password: 'is a very common password. Please choose something harder to guess.'
50
+ ```
51
+
52
+ ## Installation
53
+ Add this line to your application's Gemfile:
54
+
55
+ ```ruby
56
+ gem 'devise-uncommon_password'
57
+ ```
58
+
59
+ And then execute:
60
+ ```bash
61
+ $ bundle install
62
+ ```
63
+
64
+ ## Contributing
65
+
66
+ You can contribute by doing the following:
67
+
68
+ * Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
69
+ * Fork it
70
+ * Write your changes
71
+ * Commit
72
+ * Send a pull request
73
+
74
+ ## License
75
+ The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
data/Rakefile ADDED
@@ -0,0 +1,33 @@
1
+ begin
2
+ require 'bundler/setup'
3
+ rescue LoadError
4
+ puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
5
+ end
6
+
7
+ require 'rdoc/task'
8
+
9
+ RDoc::Task.new(:rdoc) do |rdoc|
10
+ rdoc.rdoc_dir = 'rdoc'
11
+ rdoc.title = 'Devise::UncommonPassword'
12
+ rdoc.options << '--line-numbers'
13
+ rdoc.rdoc_files.include('README.md')
14
+ rdoc.rdoc_files.include('lib/**/*.rb')
15
+ end
16
+
17
+
18
+
19
+
20
+
21
+
22
+ require 'bundler/gem_tasks'
23
+
24
+ require 'rake/testtask'
25
+
26
+ Rake::TestTask.new(:test) do |t|
27
+ t.libs << 'test'
28
+ t.pattern = 'test/**/*_test.rb'
29
+ t.verbose = false
30
+ end
31
+
32
+
33
+ task default: :test
data/lib/devise/uncommon_password/locales/en.yml ADDED
@@ -0,0 +1,4 @@
1
+ en:
2
+ errors:
3
+ messages:
4
+ common_password: 'is a very common password. Please choose something harder to guess.'
data/lib/devise/uncommon_password/model.rb ADDED
@@ -0,0 +1,40 @@
1
+ module Devise
2
+ module Models
3
+ # The UncommonPassword module adds a new validation for Devise Models.
4
+ # No modifications to routes or controllers needed.
5
+ # Simply add :uncommon_password to the list of included modules in your
6
+ # devise module, and all new registrations will be blocked if they use
7
+ # a common password.
8
+ module UncommonPassword
9
+ extend ActiveSupport::Concern
10
+ # Returns a list of the 100 most common passwords.
11
+ def self.common_passwords
12
+ passwords_file = File.join(File.dirname(__FILE__), Devise.password_text_file)
13
+
14
+ passwords = []
15
+ File.open(passwords_file, "r") do |file|
16
+ file.each { |password| passwords << password.chomp.downcase }
17
+ end
18
+ passwords.select! {|password| Devise.password_length.include? password.length }
19
+ passwords[0..Devise.password_matches-1]
20
+ end
21
+
22
+ included do
23
+ validate :not_common_password, if: :password_required?
24
+ end
25
+
26
+ module ClassMethods
27
+ Devise::Models.config(self, :password_matches)
28
+ Devise::Models.config(self, :password_text_file)
29
+ end
30
+
31
+ private
32
+
33
+ def not_common_password
34
+ if Devise::Models::UncommonPassword.common_passwords.include? password.downcase
35
+ errors.add(:password, :common_password)
36
+ end
37
+ end
38
+ end
39
+ end
40
+ end