devise_zxcvbn 1.1.1 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -4
- data/lib/devise_zxcvbn.rb +3 -5
- data/lib/devise_zxcvbn/model.rb +20 -7
- data/lib/devise_zxcvbn/version.rb +1 -1
- metadata +16 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1dae3acba04710e99c8a022e397283d0cd650ec0
|
|
4
|
+
data.tar.gz: 3be3d11c83669c805e1cb89bc454d1e61c370732
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3b16f5142230f80015bf5299ed620931fffff881eadae6e4891e3e80f1658e55b7d07ea3c5014a67b27f242f000cd4bb67d58921a4addeff581e4a8b52f4505b
|
|
7
|
+
data.tar.gz: d012890d4a2325e46ddacf65a69c7c210b7ff596a30fea98d9b5e8c0fbc117a2ff257527378dcf79595027b4a012f81f3e450f4c45b4d0a39f0bde79b867bddf
|
data/README.md
CHANGED
|
@@ -2,10 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
[](http://badge.fury.io/rb/devise_zxcvbn)
|
|
4
4
|
|
|
5
|
-
Plugin for devise to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
|
|
5
|
+
Plugin for [devise](https://github.com/plataformatec/devise) to reject weak passwords, using [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby) which is a ruby port of [zxcvbn: realistic password strength estimation](https://tech.dropbox.com/2012/04/zxcvbn-realistic-password-strength-estimation/).
|
|
6
6
|
The user's password will be rejected if the score is below 4 by default. It also uses the email as user input to zxcvbn, to downscore passwords containing the email.
|
|
7
7
|
|
|
8
|
-
The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than 10**2
|
|
8
|
+
The scores 0, 1, 2, 3 or 4 are given when the estimated crack time (seconds) is less than `10**2`, `10**4`, `10**6`, `10**8`, Infinity.
|
|
9
9
|
|
|
10
10
|
## Installation
|
|
11
11
|
|
|
@@ -24,6 +24,7 @@ Add this line to your application's Gemfile:
|
|
|
24
24
|
|
|
25
25
|
A score of less than 3 is not recommended.
|
|
26
26
|
|
|
27
|
+
# config/initializers/devise.rb
|
|
27
28
|
Devise.setup do |config|
|
|
28
29
|
config.min_password_score = 4
|
|
29
30
|
end
|
|
@@ -32,11 +33,11 @@ A score of less than 3 is not recommended.
|
|
|
32
33
|
|
|
33
34
|
Example error message, the `score` and `min_password_score` variables are also passed through if you need them.
|
|
34
35
|
|
|
35
|
-
# config/
|
|
36
|
+
# config/locales/devise.en.yml
|
|
36
37
|
en:
|
|
37
38
|
errors:
|
|
38
39
|
messages:
|
|
39
|
-
weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger"
|
|
40
|
+
weak_password: "not strong enough. Consider adding a number, symbols or more letters to make it stronger."
|
|
40
41
|
|
|
41
42
|
|
|
42
43
|
## Contributing
|
data/lib/devise_zxcvbn.rb
CHANGED
|
@@ -11,13 +11,11 @@ module Devise
|
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
def self.min_password_score=(score)
|
|
14
|
-
if
|
|
15
|
-
if score
|
|
16
|
-
@@min_password_score = score
|
|
17
|
-
else
|
|
14
|
+
if (0..4).include?(score)
|
|
15
|
+
if score < 3
|
|
18
16
|
::Rails.logger.warn "[devise_zxcvbn] A score of less than 3 is not recommended."
|
|
19
|
-
@@min_password_score = score
|
|
20
17
|
end
|
|
18
|
+
@@min_password_score = score
|
|
21
19
|
else
|
|
22
20
|
raise "The min_password_score must be an integer and between 0..4"
|
|
23
21
|
end
|
data/lib/devise_zxcvbn/model.rb
CHANGED
|
@@ -11,16 +11,13 @@ module Devise
|
|
|
11
11
|
validate :not_weak_password, if: :password_required?
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
+
def password_score
|
|
15
|
+
self.class.password_score(self)
|
|
16
|
+
end
|
|
17
|
+
|
|
14
18
|
private
|
|
15
19
|
|
|
16
20
|
def not_weak_password
|
|
17
|
-
weak_words = if self.email
|
|
18
|
-
[self.email, *DeviseZxcvbn::EmailTokeniser.split(self.email)]
|
|
19
|
-
else
|
|
20
|
-
[]
|
|
21
|
-
end
|
|
22
|
-
|
|
23
|
-
password_score = ::Zxcvbn.test(password, weak_words).score
|
|
24
21
|
if password_score < min_password_score
|
|
25
22
|
self.errors.add :password, :weak_password, score: password_score, min_password_score: min_password_score
|
|
26
23
|
return false
|
|
@@ -29,6 +26,22 @@ module Devise
|
|
|
29
26
|
|
|
30
27
|
module ClassMethods
|
|
31
28
|
Devise::Models.config(self, :min_password_score)
|
|
29
|
+
|
|
30
|
+
def password_score(user, email=nil)
|
|
31
|
+
password = nil
|
|
32
|
+
weak_words = []
|
|
33
|
+
|
|
34
|
+
if user.is_a? String
|
|
35
|
+
password = user
|
|
36
|
+
else
|
|
37
|
+
password = user.password
|
|
38
|
+
email = user.email unless email
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
weak_words = [email, *DeviseZxcvbn::EmailTokeniser.split(email)] if email
|
|
42
|
+
|
|
43
|
+
::Zxcvbn.test(password, weak_words).score
|
|
44
|
+
end
|
|
32
45
|
end
|
|
33
46
|
end
|
|
34
47
|
end
|
metadata
CHANGED
|
@@ -1,83 +1,83 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise_zxcvbn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.1.
|
|
4
|
+
version: 1.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Matthew Ford
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2015-11-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
|
-
- - ~>
|
|
17
|
+
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
19
|
version: '1.3'
|
|
20
20
|
type: :development
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
|
-
- - ~>
|
|
24
|
+
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
26
|
version: '1.3'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rake
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
|
-
- -
|
|
31
|
+
- - ">="
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
33
|
version: '0'
|
|
34
34
|
type: :development
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
|
-
- -
|
|
38
|
+
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
40
|
version: '0'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: rspec
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
44
44
|
requirements:
|
|
45
|
-
- - ~>
|
|
45
|
+
- - "~>"
|
|
46
46
|
- !ruby/object:Gem::Version
|
|
47
47
|
version: '2.14'
|
|
48
48
|
type: :development
|
|
49
49
|
prerelease: false
|
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
|
51
51
|
requirements:
|
|
52
|
-
- - ~>
|
|
52
|
+
- - "~>"
|
|
53
53
|
- !ruby/object:Gem::Version
|
|
54
54
|
version: '2.14'
|
|
55
55
|
- !ruby/object:Gem::Dependency
|
|
56
56
|
name: devise
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- -
|
|
59
|
+
- - ">="
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
61
|
version: '0'
|
|
62
62
|
type: :runtime
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- -
|
|
66
|
+
- - ">="
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
68
|
version: '0'
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: zxcvbn-ruby
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
|
72
72
|
requirements:
|
|
73
|
-
- -
|
|
73
|
+
- - ">="
|
|
74
74
|
- !ruby/object:Gem::Version
|
|
75
75
|
version: 0.0.2
|
|
76
76
|
type: :runtime
|
|
77
77
|
prerelease: false
|
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
|
79
79
|
requirements:
|
|
80
|
-
- -
|
|
80
|
+
- - ">="
|
|
81
81
|
- !ruby/object:Gem::Version
|
|
82
82
|
version: 0.0.2
|
|
83
83
|
description: 'It adds password strength checking via ruby-zxcvbn to reject weak passwords '
|
|
@@ -87,7 +87,7 @@ executables: []
|
|
|
87
87
|
extensions: []
|
|
88
88
|
extra_rdoc_files: []
|
|
89
89
|
files:
|
|
90
|
-
- .gitignore
|
|
90
|
+
- ".gitignore"
|
|
91
91
|
- Gemfile
|
|
92
92
|
- LICENSE.txt
|
|
93
93
|
- README.md
|
|
@@ -108,20 +108,19 @@ require_paths:
|
|
|
108
108
|
- lib
|
|
109
109
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
110
110
|
requirements:
|
|
111
|
-
- -
|
|
111
|
+
- - ">="
|
|
112
112
|
- !ruby/object:Gem::Version
|
|
113
113
|
version: '0'
|
|
114
114
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
115
115
|
requirements:
|
|
116
|
-
- -
|
|
116
|
+
- - ">="
|
|
117
117
|
- !ruby/object:Gem::Version
|
|
118
118
|
version: '0'
|
|
119
119
|
requirements: []
|
|
120
120
|
rubyforge_project:
|
|
121
|
-
rubygems_version: 2.
|
|
121
|
+
rubygems_version: 2.4.5
|
|
122
122
|
signing_key:
|
|
123
123
|
specification_version: 4
|
|
124
124
|
summary: Devise plugin to reject weak passwords
|
|
125
125
|
test_files:
|
|
126
126
|
- spec/devise_zxcvbn/email_tokeniser_spec.rb
|
|
127
|
-
has_rdoc:
|