devise_zxcvbn 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -2
- data/Rakefile +5 -0
- data/devise_zxcvbn.gemspec +1 -0
- data/lib/devise_zxcvbn/email_tokeniser.rb +7 -0
- data/lib/devise_zxcvbn/model.rb +4 -1
- data/lib/devise_zxcvbn/version.rb +1 -1
- data/spec/devise_zxcvbn/email_tokeniser_spec.rb +16 -0
- metadata +20 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b185143f362c88a8d585d8398420033b0bc99f76
|
4
|
+
data.tar.gz: 130c102edbda7dbabc9523033687cf4b247f5c18
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1c215fa52aeb0f5b6a9a3423568217e5d5cc7b4be20ada3c53aebc5934b85126ca3b5feafc6b6b946ee0ebcc695f4ab032b5042dd473888e302371e7c2efc2df
|
7
|
+
data.tar.gz: a0dd005f8ab6e023158110b91ab240dc01b9eb9f21fd207c021d81e309082e1fbfc7f0a02f76ef4e14b88167288f7397f890e5ba652800b7ad5fc21e97e98c41
|
data/README.md
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
[](http://badge.fury.io/rb/devise_zxcvbn)
|
4
4
|
|
5
|
-
Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
|
5
|
+
Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
|
6
6
|
The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
|
7
7
|
|
8
8
|
The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2, 10**4, 10**6, 10**8, Infinity.
|
@@ -17,7 +17,7 @@ Add this line to your application's Gemfile:
|
|
17
17
|
## Devise Configuration
|
18
18
|
|
19
19
|
class User < ActiveRecord::Base
|
20
|
-
devise :database_authenticatable, :zxcvbnable
|
20
|
+
devise :database_authenticatable, :validatable, :zxcvbnable
|
21
21
|
end
|
22
22
|
|
23
23
|
### Default parameters
|
data/Rakefile
CHANGED
data/devise_zxcvbn.gemspec
CHANGED
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
|
21
21
|
spec.add_development_dependency "bundler", "~> 1.3"
|
22
22
|
spec.add_development_dependency "rake"
|
23
|
+
spec.add_development_dependency "rspec", "~> 2.14"
|
23
24
|
|
24
25
|
spec.add_runtime_dependency "devise"
|
25
26
|
spec.add_runtime_dependency("zxcvbn-ruby", ">= 0.0.2")
|
data/lib/devise_zxcvbn/model.rb
CHANGED
@@ -1,3 +1,5 @@
|
|
1
|
+
require 'devise_zxcvbn/email_tokeniser'
|
2
|
+
|
1
3
|
module Devise
|
2
4
|
module Models
|
3
5
|
module Zxcvbnable
|
@@ -12,7 +14,8 @@ module Devise
|
|
12
14
|
private
|
13
15
|
|
14
16
|
def not_weak_password
|
15
|
-
|
17
|
+
weak_words = [self.email] + DeviseZxcvbn::EmailTokeniser.split(self.email)
|
18
|
+
password_score = ::Zxcvbn.test(password, weak_words).score
|
16
19
|
if password_score < min_password_score
|
17
20
|
self.errors.add :password, :weak_password, score: password_score, min_password_score: min_password_score
|
18
21
|
return false
|
@@ -0,0 +1,16 @@
|
|
1
|
+
# encoding: UTF-8
|
2
|
+
require 'devise_zxcvbn/email_tokeniser'
|
3
|
+
|
4
|
+
describe DeviseZxcvbn::EmailTokeniser do
|
5
|
+
it "should split an email into tokens" do
|
6
|
+
expect(split("joe_bloggs@digital.gov-office.gov.uk")).to eq(%w(joe bloggs digital gov office gov uk))
|
7
|
+
end
|
8
|
+
|
9
|
+
it "should not split non-ascii characters" do
|
10
|
+
expect(split("björn@email.com")).to eq(%w(björn email com))
|
11
|
+
end
|
12
|
+
|
13
|
+
def split(email)
|
14
|
+
DeviseZxcvbn::EmailTokeniser.split(email)
|
15
|
+
end
|
16
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise_zxcvbn
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Matthew Ford
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-01-
|
11
|
+
date: 2014-01-20 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - '>='
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ~>
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.14'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ~>
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '2.14'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: devise
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,8 +94,10 @@ files:
|
|
80
94
|
- Rakefile
|
81
95
|
- devise_zxcvbn.gemspec
|
82
96
|
- lib/devise_zxcvbn.rb
|
97
|
+
- lib/devise_zxcvbn/email_tokeniser.rb
|
83
98
|
- lib/devise_zxcvbn/model.rb
|
84
99
|
- lib/devise_zxcvbn/version.rb
|
100
|
+
- spec/devise_zxcvbn/email_tokeniser_spec.rb
|
85
101
|
homepage: https://github.com/bitzesty/devise_zxcvbn
|
86
102
|
licenses:
|
87
103
|
- MIT
|
@@ -106,4 +122,5 @@ rubygems_version: 2.0.3
|
|
106
122
|
signing_key:
|
107
123
|
specification_version: 4
|
108
124
|
summary: Devise plugin to reject weak passwords
|
109
|
-
test_files:
|
125
|
+
test_files:
|
126
|
+
- spec/devise_zxcvbn/email_tokeniser_spec.rb
|