RubyGems - devise_zxcvbn - Versions diffs - 1.1.1 → 1.1.2 - Mend

devise_zxcvbn 1.1.1 → 1.1.2

Files changed (6) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 54eed67885d449ff837663ea9dcb2bfacd56f1d2
-  data.tar.gz: 11633362838425d32cb6668ba2534d7e44031415
+  metadata.gz: 1dae3acba04710e99c8a022e397283d0cd650ec0
+  data.tar.gz: 3be3d11c83669c805e1cb89bc454d1e61c370732
 SHA512:
-  metadata.gz: 77da9d1957a0452387dad155aeac277b9bc66cfaa592b6a3a339b4992c98bee2ce627e2caa5d3d9adad18f8ba2f473708ffb3c92a27b13db9929e0cbae4c4aa7
-  data.tar.gz: 996e0ad65765cee91cb3ee14f459dd2d0d480a37c13c5ed97b6a987ac4bbe2a192929691c26f0ed042462ee4dc8d330dca69c0c974b860e8ab4a028055781eac
+  metadata.gz: 3b16f5142230f80015bf5299ed620931fffff881eadae6e4891e3e80f1658e55b7d07ea3c5014a67b27f242f000cd4bb67d58921a4addeff581e4a8b52f4505b
+  data.tar.gz: d012890d4a2325e46ddacf65a69c7c210b7ff596a30fea98d9b5e8c0fbc117a2ff257527378dcf79595027b4a012f81f3e450f4c45b4d0a39f0bde79b867bddf

data/README.md CHANGED

@@ -2,10 +2,10 @@
 [![Gem Version](https://badge.fury.io/rb/devise_zxcvbn.png)](http://badge.fury.io/rb/devise_zxcvbn)
-Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
+Plugin for [devise](https://github.com/plataformatec/devise) to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
 The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
-The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2, 10**4, 10**6, 10**8, Infinity.
+The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than `10**2`, `10**4`, `10**6`, `10**8`, Infinity.
 ## Installation
@@ -24,6 +24,7 @@ Add this line to your application's Gemfile:
 A score of less than 3 is not recommended.
+    # config/initializers/devise.rb
     Devise.setup do |config|
       config.min_password_score = 4
     end
@@ -32,11 +33,11 @@ A score of less than 3 is not recommended.
 Example error message, the `score` and `min_password_score` variables are also passed through if you need them.
-    # config/locale/devise.en.yml
+    # config/locales/devise.en.yml
     en:
       errors:
         messages:
-          weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger"
+          weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger."
 ## Contributing

data/lib/devise_zxcvbn.rb CHANGED

@@ -11,13 +11,11 @@ module Devise
   end
   def self.min_password_score=(score)
-    if score.is_a?(Integer) && (score >= 0 && score <=4)
-      if score >= 3
-        @@min_password_score = score
-      else
+    if (0..4).include?(score)
+      if score < 3
         ::Rails.logger.warn "[devise_zxcvbn] A score of less than 3 is not recommended."
-        @@min_password_score = score
       end
+      @@min_password_score = score
     else
       raise "The min_password_score must be an integer and between 0..4"
     end

data/lib/devise_zxcvbn/model.rb CHANGED

@@ -11,16 +11,13 @@ module Devise
         validate :not_weak_password, if: :password_required?
       end
+      def password_score
+        self.class.password_score(self)
+      end
       private
       def not_weak_password
-        weak_words = if self.email
-          [self.email, *DeviseZxcvbn::EmailTokeniser.split(self.email)]
-        else
-          []
-        end
-        password_score = ::Zxcvbn.test(password, weak_words).score
         if password_score < min_password_score
           self.errors.add :password, :weak_password, score: password_score, min_password_score: min_password_score
           return false
@@ -29,6 +26,22 @@ module Devise
       module ClassMethods
         Devise::Models.config(self, :min_password_score)
+        def password_score(user, email=nil)
+          password = nil
+          weak_words = []
+          if user.is_a? String
+            password = user
+          else
+            password = user.password
+            email = user.email unless email
+          end
+          weak_words = [email, *DeviseZxcvbn::EmailTokeniser.split(email)] if email
+          ::Zxcvbn.test(password, weak_words).score
+        end
       end
     end
   end

data/lib/devise_zxcvbn/version.rb CHANGED

@@ -1,3 +1,3 @@
 module DeviseZxcvbn
-  VERSION = "1.1.1"
+  VERSION = "1.1.2"
 end

metadata CHANGED

@@ -1,83 +1,83 @@
 --- !ruby/object:Gem::Specification
 name: devise_zxcvbn
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.2
 platform: ruby
 authors:
 - Matthew Ford
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-03-26 00:00:00.000000000 Z
+date: 2015-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.14'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '2.14'
 - !ruby/object:Gem::Dependency
   name: devise
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: zxcvbn-ruby
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.0.2
 description: 'It adds password strength checking via ruby-zxcvbn to reject weak passwords '
@@ -87,7 +87,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
 - LICENSE.txt
 - README.md
@@ -108,20 +108,19 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.0.3
+rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
 summary: Devise plugin to reject weak passwords
 test_files:
 - spec/devise_zxcvbn/email_tokeniser_spec.rb
-has_rdoc: