devise_zxcvbn 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 791b541aa154d0db414fe1bca70493812f8ade6a
4
- data.tar.gz: 6e4b67dcfdb05334fcd0bc7363e39226fd49cec1
3
+ metadata.gz: b185143f362c88a8d585d8398420033b0bc99f76
4
+ data.tar.gz: 130c102edbda7dbabc9523033687cf4b247f5c18
5
5
  SHA512:
6
- metadata.gz: f1d1fe199f8bbd077a31d34ad57c0db6fdef89a71c16082d41f8adea48eaf961ce491c93265f0441a8dace87f5a4bdd2f420e1b6287f7539c3953ad64a427f44
7
- data.tar.gz: c5a5483ade3b0b88bdcabf8925f0af0cc22b9c8c9d414104a203cff65d853fabf0c55221e8eae3a0b33c000d2f4a226a5ba51b5d21cfe046b27829be72f6b710
6
+ metadata.gz: 1c215fa52aeb0f5b6a9a3423568217e5d5cc7b4be20ada3c53aebc5934b85126ca3b5feafc6b6b946ee0ebcc695f4ab032b5042dd473888e302371e7c2efc2df
7
+ data.tar.gz: a0dd005f8ab6e023158110b91ab240dc01b9eb9f21fd207c021d81e309082e1fbfc7f0a02f76ef4e14b88167288f7397f890e5ba652800b7ad5fc21e97e98c41
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  [![Gem Version](https://badge.fury.io/rb/devise_zxcvbn.png)](http://badge.fury.io/rb/devise_zxcvbn)
4
4
 
5
- Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
5
+ Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
6
6
  The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
7
7
 
8
8
  The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2, 10**4, 10**6, 10**8, Infinity.
@@ -17,7 +17,7 @@ Add this line to your application's Gemfile:
17
17
  ## Devise Configuration
18
18
 
19
19
  class User < ActiveRecord::Base
20
- devise :database_authenticatable, :zxcvbnable
20
+ devise :database_authenticatable, :validatable, :zxcvbnable
21
21
  end
22
22
 
23
23
  ### Default parameters
data/Rakefile CHANGED
@@ -1 +1,6 @@
1
1
  require "bundler/gem_tasks"
2
+ require "rspec/core/rake_task"
3
+
4
+ RSpec::Core::RakeTask.new(:spec)
5
+
6
+ task :default => :spec
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
20
20
 
21
21
  spec.add_development_dependency "bundler", "~> 1.3"
22
22
  spec.add_development_dependency "rake"
23
+ spec.add_development_dependency "rspec", "~> 2.14"
23
24
 
24
25
  spec.add_runtime_dependency "devise"
25
26
  spec.add_runtime_dependency("zxcvbn-ruby", ">= 0.0.2")
@@ -0,0 +1,7 @@
1
+ module DeviseZxcvbn
2
+ class EmailTokeniser
3
+ def self.split(email_address)
4
+ email_address.split(/[[:^word:]_]/)
5
+ end
6
+ end
7
+ end
@@ -1,3 +1,5 @@
1
+ require 'devise_zxcvbn/email_tokeniser'
2
+
1
3
  module Devise
2
4
  module Models
3
5
  module Zxcvbnable
@@ -12,7 +14,8 @@ module Devise
12
14
  private
13
15
 
14
16
  def not_weak_password
15
- password_score = ::Zxcvbn.test(password, [self.email]).score
17
+ weak_words = [self.email] + DeviseZxcvbn::EmailTokeniser.split(self.email)
18
+ password_score = ::Zxcvbn.test(password, weak_words).score
16
19
  if password_score < min_password_score
17
20
  self.errors.add :password, :weak_password, score: password_score, min_password_score: min_password_score
18
21
  return false
@@ -1,3 +1,3 @@
1
1
  module DeviseZxcvbn
2
- VERSION = "1.0.0"
2
+ VERSION = "1.1.0"
3
3
  end
@@ -0,0 +1,16 @@
1
+ # encoding: UTF-8
2
+ require 'devise_zxcvbn/email_tokeniser'
3
+
4
+ describe DeviseZxcvbn::EmailTokeniser do
5
+ it "should split an email into tokens" do
6
+ expect(split("joe_bloggs@digital.gov-office.gov.uk")).to eq(%w(joe bloggs digital gov office gov uk))
7
+ end
8
+
9
+ it "should not split non-ascii characters" do
10
+ expect(split("björn@email.com")).to eq(%w(björn email com))
11
+ end
12
+
13
+ def split(email)
14
+ DeviseZxcvbn::EmailTokeniser.split(email)
15
+ end
16
+ end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise_zxcvbn
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Matthew Ford
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-01-13 00:00:00.000000000 Z
11
+ date: 2014-01-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -38,6 +38,20 @@ dependencies:
38
38
  - - '>='
39
39
  - !ruby/object:Gem::Version
40
40
  version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ name: rspec
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - ~>
46
+ - !ruby/object:Gem::Version
47
+ version: '2.14'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ~>
53
+ - !ruby/object:Gem::Version
54
+ version: '2.14'
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: devise
43
57
  requirement: !ruby/object:Gem::Requirement
@@ -80,8 +94,10 @@ files:
80
94
  - Rakefile
81
95
  - devise_zxcvbn.gemspec
82
96
  - lib/devise_zxcvbn.rb
97
+ - lib/devise_zxcvbn/email_tokeniser.rb
83
98
  - lib/devise_zxcvbn/model.rb
84
99
  - lib/devise_zxcvbn/version.rb
100
+ - spec/devise_zxcvbn/email_tokeniser_spec.rb
85
101
  homepage: https://github.com/bitzesty/devise_zxcvbn
86
102
  licenses:
87
103
  - MIT
@@ -106,4 +122,5 @@ rubygems_version: 2.0.3
106
122
  signing_key:
107
123
  specification_version: 4
108
124
  summary: Devise plugin to reject weak passwords
109
- test_files: []
125
+ test_files:
126
+ - spec/devise_zxcvbn/email_tokeniser_spec.rb