nobspw 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 391e780d690175f0dd19aec4f70506b81c587632
-  data.tar.gz: 164a2ed02a9041eeb5f46c0db2e13f1f7965b832
+  metadata.gz: 48035c919105e867a0aa76612c6dcf13708da443
+  data.tar.gz: ab7cdfe7326b2c6bcf9e4afdf8518a17dd21bec2
 SHA512:
-  metadata.gz: 138e85ae7d22ff15af74e4fcaa646b237d671a5746a9e3b957fc793e3ed99ed1e4e8f752856c34c75dc18b64b3e0f6023c72849c1a6382573f80aeea1f411646
-  data.tar.gz: '09ab32aa868f3afe7505fb378b67375cc0413a87f4600cf37a5f641e88d029911a4d29114245c429b4346a0442fe4e743e2d31837f55a8fc40809b55fa3f505f'
+  metadata.gz: 628ec2cae8c6ea70c2a43027e749bf6f1c3c1f1b4b825ed1e0b24a429cea18d043ee25cbef04a37b73dd49f7ee7343cf468e99a50a21e9f05ee458951f43a5ab
+  data.tar.gz: cd3b210d94da9263eb497577d93fb93bc36d8cd45fd9e58ca0267019c646c426832ed9af2ccc001bb2a94a29e05a8aa02ac0b94c96aaf01fb4cf3aebc9bea428

data/README.md

@@ -1,5 +1,7 @@
 # NOBSPW - No Bullshit Password strength checker
 
+[![Build Status](https://travis-ci.org/cmer/nobspw.svg?branch=master)](https://travis-ci.org/cmer/nobspw)
+
 NOBSPW is simple, no non-sense password strength checker written in Ruby. It does NOT validate against [bullshit password rules](https://twitter.com/codinghorror/status/631238409269309440?ref_src=twsrc%5Etfw) such as:
 
 - must contain uppercase _(bullshit!)_
@@ -73,9 +75,9 @@ validates :password, presence: true, password: true, if: -> { new_record? || cha
 
 PasswordValidator will try to guess the correct field name for each `PasswordChecker` argument as follow:
 
-- `username`: `username user_name user screenname screen_name`
-- `name`: `name full_name first_name+last_name`
-- `email`: `email email_address`
+- `username`: `username` `user_name` `user` `screenname` `screen_name`
+- `name`: `name` `full_name` `first_name+last_name`
+- `email`: `email` `email_address`
 
 If you have field names different than above, you can tell `PasswordValidator` which fields to use for specific attributes:
 
@@ -86,23 +88,61 @@ validates :password, presence: true,
           if: -> { new_record? || changes[:password] }
 ```
 
-# Checks
+## Validations
 
-NOBSPW currently checks for the following, in this order:
+NOBSPW currently validates for the following, in this order:
 
 ```ruby
-:name_included_in_password
-:email_included_in_password
-:domain_included_in_password
-:password_too_short
-:password_too_long
-:not_enough_unique_characters
-:password_blacklisted
-:password_too_common
+name_included_in_password?
+email_included_in_password?
+domain_included_in_password?
+password_too_short?
+password_too_long?
+not_enough_unique_characters?
+password_not_allowed?
+password_too_common?
 ```
-
 If any of these tests fail, they'll be returned by `#reasons`, or with Rails, they'll be added to `errors[:password]`.
 
+
+## Custom Validations
+
+It is possible and easy to add your own validations, or remove default ones.
+
+### Adding a custom validation
+
+```ruby
+module NOBSPW::ValidationMethods
+  def contains_letter_a?
+    # This is obviously a silly validation. Don't do this!
+    # If method returns true, it means that it FAILED validation.
+    # For example, it does contain the letter a and it's not considered acceptable.
+    !!@password.downcase.index('a')
+  end
+end
+
+NOBSPW.configuration.validation_methods << :contains_letter_a?
+
+# if using the Rails validator, you also need to define the error message:
+ActiveModel::Validations::PasswordValidator.error_messages[:contains_letter_a] = \
+  'contains an unacceptable character'
+
+```
+
+### Removing a built-in validation
+
+```ruby
+NOBSPW.configuration.validation_methods.delete(:domain_included_in_password?)
+```
+
+### Localization
+
+You can localize all error messages, including custom ones, using I18n.
+
+See `PasswordValidator#get_message` and `PasswordValidator#DEFAULT_ERROR_MESSAGES` for implementation details.
+
+
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

data/lib/active_model/validations/password_validator.rb

@@ -1,4 +1,16 @@
 class ActiveModel::Validations::PasswordValidator < ActiveModel::EachValidator
+  DEFAULT_ERROR_MESSAGES = {
+    name_included_in_password: 'is too similar to your name',
+    email_included_in_password: 'is too similar to your email',
+    domain_included_in_password: 'is too similar to this domain name',
+    password_too_short: 'is too short',
+    password_too_long: 'is too long',
+    not_enough_unique_characters: 'does not have enough unique characters',
+    password_not_allowed: 'is not allowed',
+    password_too_common: 'is too common',
+    fallback: 'is not valid'
+  }
+
   def validate_each(record, attribute, value)
     pc = NOBSPW::PasswordChecker.new password: record.send(attribute),
                                      email:    email_value(record),
@@ -11,6 +23,14 @@ class ActiveModel::Validations::PasswordValidator < ActiveModel::EachValidator
     pc.strong?
   end
 
+  def error_messages
+    @error_messages ||= DEFAULT_ERROR_MESSAGES
+  end
+
+  def error_messages=(em)
+    @error_messages = em
+  end
+
   private
 
   def email_value(record)
@@ -57,26 +77,7 @@ class ActiveModel::Validations::PasswordValidator < ActiveModel::EachValidator
   end
 
   def get_message(reason)
-    case reason
-    when :name_included_in_password
-      I18n.t 'password_validator.is_too_similar_to_your_name', default: 'is too similar to your name'
-    when :email_included_in_password
-      I18n.t 'password_validator.is_too_similar_to_your_email', default: 'is too similar to your email'
-    when :domain_included_in_password
-      I18n.t 'password_validator.is_too_similar_to_this_domain_name', default: 'is too similar to this domain name'
-    when :password_too_short
-      I18n.t 'password_validator.is_too_short', default: 'is too short'
-    when :password_too_long
-      I18n.t 'password_validator.is_too_long', default: 'is too long'
-    when :password_blacklisted
-      I18n.t 'password_validator.is_not_allowed', default: 'is not allowed'
-    when :password_too_common
-      I18n.t 'password_validator.is_too_common', default: 'is too common'
-    when :not_enough_unique_characters
-      I18n.t 'password_validator.does_not_have_enough_unique_chars', default: 'does not have enough unique characters'
-    else
-      I18n.t 'password_validator.is_not_valid', default: 'is not valid'
-    end
+    I18n.t "password_validator.#{reason}", default: error_messages[reason] ||
+                                                    error_messages[:fallback]
   end
-
 end

data/lib/nobspw.rb

@@ -2,6 +2,7 @@ require "nobspw/version"
 
 module NOBSPW
   autoload :PasswordChecker, 'nobspw/password_checker'
+  autoload :ValidationMethods, 'nobspw/validation_methods'
   autoload :Configuration, 'nobspw/configuration'
 
   if (defined?(::ActiveModel) && ActiveModel::VERSION::MAJOR >= 4) && defined?(I18n)

data/lib/nobspw/configuration.rb

@@ -7,6 +7,7 @@ module NOBSPW
     attr_accessor :grep_path
     attr_accessor :domain_name
     attr_accessor :blacklist
+    attr_accessor :validation_methods
 
     def initialize
       @min_password_length      = 10
@@ -16,6 +17,7 @@ module NOBSPW
       @grep_path                = `which grep`.strip
       @domain_name              = nil
       @blacklist                = nil
+      @validation_methods       = NOBSPW::ValidationMethods::DEFAULT_VALIDATION_METHODS
     end
   end
 end

data/lib/nobspw/password_checker.rb

@@ -1,13 +1,6 @@
 module NOBSPW
   class PasswordChecker
-    CHECKS = %i(name_included_in_password
-                email_included_in_password
-                domain_included_in_password
-                password_too_short
-                password_too_long
-                not_enough_unique_characters
-                password_blacklisted
-                password_too_common)
+    include NOBSPW::ValidationMethods
 
     def initialize(name: nil, username: nil, email: nil, password:)
       @name, @username, @email, @password = \
@@ -36,90 +29,15 @@ module NOBSPW
     def check_password
       @weak_password_reasons = []
 
-      CHECKS.each do |check|
-        @weak_password_reasons << check if send("#{check}?")
+      NOBSPW.configuration.validation_methods.each do |method|
+        @weak_password_reasons << method.to_s.sub(/\?$/, '').to_sym if send("#{method}")
       end
 
       @strong = @weak_password_reasons.empty?
     end
 
-    def name_included_in_password?
-      return nil unless @name
-      words = remove_word_separators(@name).split(' ')
-      words_included_in_password?(words)
-    end
-
-    def email_included_in_password?
-      return nil unless @email
-      words = remove_word_separators(email_without_extension(@email)).split(' ')
-      words_included_in_password?(words)
-    end
-
-    def domain_included_in_password?
-      domain = NOBSPW.configuration.domain_name
-      return nil unless domain
-      domain = strip_extension_from_domain(domain)
-      domain_without_separator = remove_word_separators(domain).gsub(' ', '')
-      words_included_in_password?([domain, domain_without_separator])
-    end
-
-    def password_blacklisted?
-      return nil unless NOBSPW.configuration.blacklist
-      NOBSPW.configuration.blacklist.include?(@password)
-    end
-
-    def password_too_short?
-      @password.length < NOBSPW.configuration.min_password_length
-    end
-
-    def password_too_long?
-      @password.length > NOBSPW.configuration.max_password_length
-    end
-
-    def not_enough_unique_characters?
-      unique  = @password.split(//).uniq.size
-      minimum = NOBSPW.configuration.min_unique_characters
-      !(unique >= minimum)
-    end
-
-    def words_included_in_password?(words)
-      downcased_pw = @password.downcase
-      words.each do |word|
-        return true if word.length > 2 && downcased_pw.index(word.downcase)
-      end; false
-    end
-
-    def password_too_common?
-      `#{grep_command(NOBSPW.configuration.dictionary_path)}`
-
-      case $?.exitstatus
-      when 0
-        true
-      when 1
-        false
-      when 127
-        raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}")
-      else
-        false
-      end
-    end
-
     def grep_command(path)
       "#{NOBSPW.configuration.grep_path} '^#{@password}$' #{path}"
     end
-
-    def email_without_extension(email)
-      name, domain, whatev = email.split("@", 3)
-      "#{name}@#{strip_extension_from_domain(domain)}"
-    end
-
-    def strip_extension_from_domain(domain)
-      domain.split(".").first
-    end
-
-    def remove_word_separators(str)
-      str.gsub(/-|_|\.|\'|\"|\@/, ' ')
-    end
   end
-
 end

data/lib/nobspw/validation_methods.rb

@@ -0,0 +1,91 @@
+module NOBSPW
+  module ValidationMethods
+    DEFAULT_VALIDATION_METHODS = %i(name_included_in_password?
+                                    email_included_in_password?
+                                    domain_included_in_password?
+                                    password_too_short?
+                                    password_too_long?
+                                    not_enough_unique_characters?
+                                    password_not_allowed?
+                                    password_too_common?)
+
+    private
+
+    def name_included_in_password?
+      return nil unless @name
+      words = remove_word_separators(@name).split(' ')
+      words_included_in_password?(words)
+    end
+
+    def email_included_in_password?
+      return nil unless @email
+      words = remove_word_separators(email_without_extension(@email)).split(' ')
+      words_included_in_password?(words)
+    end
+
+    def domain_included_in_password?
+      domain = NOBSPW.configuration.domain_name
+      return nil unless domain
+      domain = strip_extension_from_domain(domain)
+      domain_without_separator = remove_word_separators(domain).gsub(' ', '')
+      words_included_in_password?([domain, domain_without_separator])
+    end
+
+    def password_not_allowed?
+      return nil unless NOBSPW.configuration.blacklist
+      NOBSPW.configuration.blacklist.include?(@password)
+    end
+
+    def password_too_short?
+      @password.length < NOBSPW.configuration.min_password_length
+    end
+
+    def password_too_long?
+      @password.length > NOBSPW.configuration.max_password_length
+    end
+
+    def not_enough_unique_characters?
+      unique  = @password.split(//).uniq.size
+      minimum = NOBSPW.configuration.min_unique_characters
+      !(unique >= minimum)
+    end
+
+    def words_included_in_password?(words)
+      downcased_pw = @password.downcase
+      words.each do |word|
+        return true if word.length > 2 && downcased_pw.index(word.downcase)
+      end; false
+    end
+
+    def password_too_common?
+      `#{grep_command(NOBSPW.configuration.dictionary_path)}`
+
+      case $?.exitstatus
+      when 0
+        true
+      when 1
+        false
+      when 127
+        raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}")
+      else
+        false
+      end
+    end
+
+    # Helper methods
+
+    def email_without_extension(email)
+      name, domain, whatev = email.split("@", 3)
+      "#{name}@#{strip_extension_from_domain(domain)}"
+    end
+
+    def strip_extension_from_domain(domain)
+      domain.split(".").first
+    end
+
+    def remove_word_separators(str)
+      str.gsub(/-|_|\.|\'|\"|\@/, ' ')
+    end
+
+  end
+end

data/lib/nobspw/version.rb

@@ -1,3 +1,3 @@
 module NOBSPW
-  VERSION = '0.2.0'
+  VERSION = '0.3.0'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nobspw
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Carl Mercier
@@ -173,6 +173,7 @@ files:
 - lib/nobspw.rb
 - lib/nobspw/configuration.rb
 - lib/nobspw/password_checker.rb
+- lib/nobspw/validation_methods.rb
 - lib/nobspw/version.rb
 - nobspw.gemspec
 homepage: https://github.com/cmer/nobspw