devise_zxcvbn 1.0.0 → 1.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 791b541aa154d0db414fe1bca70493812f8ade6a
-  data.tar.gz: 6e4b67dcfdb05334fcd0bc7363e39226fd49cec1
+  metadata.gz: b185143f362c88a8d585d8398420033b0bc99f76
+  data.tar.gz: 130c102edbda7dbabc9523033687cf4b247f5c18
 SHA512:
-  metadata.gz: f1d1fe199f8bbd077a31d34ad57c0db6fdef89a71c16082d41f8adea48eaf961ce491c93265f0441a8dace87f5a4bdd2f420e1b6287f7539c3953ad64a427f44
-  data.tar.gz: c5a5483ade3b0b88bdcabf8925f0af0cc22b9c8c9d414104a203cff65d853fabf0c55221e8eae3a0b33c000d2f4a226a5ba51b5d21cfe046b27829be72f6b710
+  metadata.gz: 1c215fa52aeb0f5b6a9a3423568217e5d5cc7b4be20ada3c53aebc5934b85126ca3b5feafc6b6b946ee0ebcc695f4ab032b5042dd473888e302371e7c2efc2df
+  data.tar.gz: a0dd005f8ab6e023158110b91ab240dc01b9eb9f21fd207c021d81e309082e1fbfc7f0a02f76ef4e14b88167288f7397f890e5ba652800b7ad5fc21e97e98c41

data/README.md

@@ -2,7 +2,7 @@
 
 [![Gem Version](https://badge.fury.io/rb/devise_zxcvbn.png)](http://badge.fury.io/rb/devise_zxcvbn)
 
-Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/). 
+Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
 The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
 
 The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2, 10**4, 10**6, 10**8, Infinity.
@@ -17,7 +17,7 @@ Add this line to your application's Gemfile:
 ## Devise Configuration
 
     class User < ActiveRecord::Base
-      devise :database_authenticatable, :zxcvbnable
+      devise :database_authenticatable, :validatable, :zxcvbnable
     end
 
 ### Default parameters

data/Rakefile

@@ -1 +1,6 @@
 require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/devise_zxcvbn.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency "bundler", "~> 1.3"
   spec.add_development_dependency "rake"
+  spec.add_development_dependency "rspec", "~> 2.14"
 
   spec.add_runtime_dependency "devise"
   spec.add_runtime_dependency("zxcvbn-ruby", ">= 0.0.2")

data/lib/devise_zxcvbn/email_tokeniser.rb

@@ -0,0 +1,7 @@
+module DeviseZxcvbn
+  class EmailTokeniser
+    def self.split(email_address)
+      email_address.split(/[[:^word:]_]/)
+    end
+  end
+end

data/lib/devise_zxcvbn/model.rb

@@ -1,3 +1,5 @@
+require 'devise_zxcvbn/email_tokeniser'
+
 module Devise
   module Models
     module Zxcvbnable
@@ -12,7 +14,8 @@ module Devise
       private
 
       def not_weak_password
-        password_score = ::Zxcvbn.test(password, [self.email]).score
+        weak_words = [self.email] + DeviseZxcvbn::EmailTokeniser.split(self.email)
+        password_score = ::Zxcvbn.test(password, weak_words).score
         if password_score < min_password_score
           self.errors.add :password, :weak_password, score: password_score, min_password_score: min_password_score
           return false

data/lib/devise_zxcvbn/version.rb

@@ -1,3 +1,3 @@
 module DeviseZxcvbn
-  VERSION = "1.0.0"
+  VERSION = "1.1.0"
 end

data/spec/devise_zxcvbn/email_tokeniser_spec.rb

@@ -0,0 +1,16 @@
+# encoding: UTF-8
+require 'devise_zxcvbn/email_tokeniser'
+
+describe DeviseZxcvbn::EmailTokeniser do
+  it "should split an email into tokens" do
+    expect(split("joe_bloggs@digital.gov-office.gov.uk")).to eq(%w(joe bloggs digital gov office gov uk))
+  end
+
+  it "should not split non-ascii characters" do
+    expect(split("björn@email.com")).to eq(%w(björn email com))
+  end
+
+  def split(email)
+    DeviseZxcvbn::EmailTokeniser.split(email)
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: devise_zxcvbn
 version: !ruby/object:Gem::Version
-  version: 1.0.0
+  version: 1.1.0
 platform: ruby
 authors:
 - Matthew Ford
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-13 00:00:00.000000000 Z
+date: 2014-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,20 @@ dependencies:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.14'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
@@ -80,8 +94,10 @@ files:
 - Rakefile
 - devise_zxcvbn.gemspec
 - lib/devise_zxcvbn.rb
+- lib/devise_zxcvbn/email_tokeniser.rb
 - lib/devise_zxcvbn/model.rb
 - lib/devise_zxcvbn/version.rb
+- spec/devise_zxcvbn/email_tokeniser_spec.rb
 homepage: https://github.com/bitzesty/devise_zxcvbn
 licenses:
 - MIT
@@ -106,4 +122,5 @@ rubygems_version: 2.0.3
 signing_key: 
 specification_version: 4
 summary: Devise plugin to reject weak passwords
-test_files: []
+test_files:
+- spec/devise_zxcvbn/email_tokeniser_spec.rb