nobspw 0.4.0 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2822386df873b457c238d992dc10557886e06852ff13d3d82ff83aa678d399d5
-  data.tar.gz: 514207c17b7aa170f7e037953ff48dde07c884a86fbba822277e317506d9738f
+  metadata.gz: d81c15016a1b06dc3d38fc995120b526574a65cd5fd13ed98bc05e614f189b5b
+  data.tar.gz: a7303590e8fa254ad9718fda4444a2c3d5faabb77cc528d5a5284e52792742be
 SHA512:
-  metadata.gz: 3c22655a227cddafed368bf1fe64ae30825106ebf50f3c5833868a4cfec9ec077c784d2c62bc78860d6d30be0a169e0dab209920e7424e87e4ee6ad854bcdff6
-  data.tar.gz: ee59f029dc465da9adf867c939c96d62a03a888f54256a6c22256efc666a1bc5b54acdc20a2f9b9746af6a777c305d8eac901a6a46ea087e89468b2399af1cf5
+  metadata.gz: 2e8b250a5a326593bab9f576cdc7ec15da4e03573c273bacc62b74f46c4977df5e323b079aa43f613d17f458f1417b1f569e2f7dd19f190be16af5b0b68e7a13
+  data.tar.gz: 6ab6462e6c32b58a1f79cd01ffa0a540fab446f22db43b43c52366821a3a185f7c5a1c5b78cd938f4a5be94c2f93ba1cc094f9a456c8d957c68cfa079c7a2cba

data/.gitignore

@@ -10,3 +10,4 @@
 /coverage/
 /spec/examples.txt
 *.gem
+.byebug_history

data/.travis.yml

@@ -1,7 +1,7 @@
 sudo: false
 language: ruby
 rvm:
-  - 2.3.3
-  - 2.4.0
   - 2.5.0
-before_install: gem install bundler -v 1.14.2
+  - 2.6.2
+  - 2.7.1
+before_install: gem install bundler

data/README.md

@@ -60,8 +60,9 @@ Optionally, you can configure some options:
     config.min_unique_characters = 5
     config.dictionary_path = 'path/to/dictionary.txt'
     config.grep_path = '/usr/bin/grep'
+    config.use_ruby_grep = false # Defaults to false; slower when true. Uses Ruby's internal Grep method instead of shelling out.
     config.domain_name = 'mywebsitedomain.com' # it is recommended you configure this
-    config.blacklist = ['this_password_is_not_allowed']
+    config.blacklist = ['this_password_is_not_allowed', /password/]
   end
 ```
 
@@ -70,7 +71,7 @@ Optionally, you can configure some options:
 I included `PasswordValidator` for Rails. Validating passwords in your model couldn't be easier:
 
 ```ruby
-validates :password, presence: true, password: true, if: -> { new_record? || changes[:password] }
+validates :password, presence: true, password: true, if: -> { new_record? || changes[:password] || changes[:password_digest] }
 ```
 
 PasswordValidator will try to guess the correct field name for each `PasswordChecker` argument as follow:
@@ -84,7 +85,7 @@ If you have field names different than above, you can tell `PasswordValidator` w
 ```ruby
 validates :password, password: { :name => :customer_name,
                                  :email => :electronic_address },
-          if: -> { new_record? || changes[:password] }
+          if: -> { new_record? || changes[:password] || changes[:password_digest] }
 ```
 
 ## Validations

data/lib/active_model/validations/password_validator.rb

@@ -1,6 +1,7 @@
 class ActiveModel::Validations::PasswordValidator < ActiveModel::EachValidator
   DEFAULT_ERROR_MESSAGES = {
     name_included_in_password: 'is too similar to your name',
+    username_included_in_password: 'is too similar to your username',
     email_included_in_password: 'is too similar to your email',
     domain_included_in_password: 'is too similar to this domain name',
     password_too_short: 'is too short',

data/lib/nobspw/configuration.rb

@@ -5,6 +5,7 @@ module NOBSPW
     attr_accessor :min_unique_characters
     attr_accessor :dictionary_path
     attr_accessor :grep_path
+    attr_accessor :use_ruby_grep
     attr_accessor :domain_name
     attr_accessor :blacklist
     attr_accessor :validation_methods
@@ -16,6 +17,7 @@ module NOBSPW
       @min_unique_characters    = 5
       @dictionary_path          = File.join(File.dirname(__FILE__), "..", "db", "dictionary.txt")
       @grep_path                = `which grep`.strip
+      @use_ruby_grep            = @grep_path.empty?
       @domain_name              = nil
       @blacklist                = nil
       @validation_methods       = NOBSPW::ValidationMethods::DEFAULT_VALIDATION_METHODS

data/lib/nobspw/password_checker.rb

@@ -1,3 +1,5 @@
+require 'shellwords'
+
 module NOBSPW
   class PasswordChecker
     include NOBSPW::ValidationMethods
@@ -26,7 +28,6 @@ module NOBSPW
 
     def check_password
       @weak_password_reasons = []
-
       NOBSPW.configuration.validation_methods.each do |method|
         if send("#{method}")
           @weak_password_reasons << method.to_s.sub(/\?$/, '').to_sym
@@ -36,9 +37,5 @@ module NOBSPW
 
       @strong = @weak_password_reasons.empty?
     end
-
-    def grep_command(path)
-      "#{NOBSPW.configuration.grep_path} '^#{@password}$' #{path}"
-    end
   end
 end

data/lib/nobspw/validation_methods.rb

@@ -1,7 +1,11 @@
+require 'shellwords'
+require 'open3'
+
 module NOBSPW
   module ValidationMethods
     DEFAULT_VALIDATION_METHODS = %i(password_empty?
                                     name_included_in_password?
+                                    username_included_in_password?
                                     email_included_in_password?
                                     domain_included_in_password?
                                     password_too_short?
@@ -11,6 +15,8 @@ module NOBSPW
                                     password_too_common?)
 
     INTERRUPT_VALIDATION_FOR   = %i(password_empty?)
+    STDIN_GREP_COMMAND         = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin',
+                                  NOBSPW.configuration.dictionary_path]
 
     private
 
@@ -24,6 +30,12 @@ module NOBSPW
       words_included_in_password?(words)
     end
 
+    def username_included_in_password?
+      return nil unless @username
+      words = remove_word_separators(@username).split(' ')
+      words_included_in_password?(words)
+    end
+
     def email_included_in_password?
       return nil unless @email
       words = remove_word_separators(email_without_extension(@email)).split(' ')
@@ -40,7 +52,16 @@ module NOBSPW
 
     def password_not_allowed?
       return nil unless NOBSPW.configuration.blacklist
-      NOBSPW.configuration.blacklist.include?(@password)
+
+      NOBSPW.configuration.blacklist.each do |expression|
+        if expression.is_a?(Regexp)
+          return true if @password.match?(expression)
+        else
+          return true if expression.to_s == @password
+        end
+      end
+
+      false
     end
 
     def password_too_short?
@@ -65,22 +86,27 @@ module NOBSPW
     end
 
     def password_too_common?
-      `#{grep_command(NOBSPW.configuration.dictionary_path)}`
-
-      case $?.exitstatus
-      when 0
-        true
-      when 1
-        false
-      when 127
-        raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}")
-      else
-        false
-      end
+      NOBSPW.configuration.use_ruby_grep ? ruby_grep : shell_grep
     end
 
     # Helper methods
 
+    def shell_grep
+      raise StandardError.new("Grep not found at: #{NOBSPW.configuration.grep_path}") \
+        if !File.exist?(NOBSPW.configuration.grep_path)
+
+      output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
+        stdin.puts "^#{escaped_password}$"
+        stdin.close
+        wait_thr.value
+      }
+      output.success?
+    end
+
+    def ruby_grep
+      File.open(NOBSPW.configuration.dictionary_path).grep(/^#{escaped_password}$/).any?
+    end
+
     def email_without_extension(email)
       name, domain, whatev = email&.split("@", 3)
       "#{name}@#{strip_extension_from_domain(domain)}"
@@ -94,5 +120,8 @@ module NOBSPW
       str&.gsub(/-|_|\.|\'|\"|\@/, ' ')
     end
 
+    def escaped_password(password = @password)
+      Shellwords.escape(password)
+    end
   end
 end

data/lib/nobspw/version.rb

@@ -1,3 +1,3 @@
 module NOBSPW
-  VERSION = '0.4.0'
+  VERSION = '0.6.2'
 end

data/misc/grep_benchmark.rb

@@ -0,0 +1,73 @@
+#! /usr/bin/env ruby
+
+require 'benchmark'
+require 'shellwords'
+require 'open3'
+require 'subprocess'
+
+ITERATIONS         = 100
+DICTIONARY_PATH    = File.join(File.dirname(__FILE__), '..', 'lib/db/dictionary.txt')
+STDIN_GREP_COMMAND = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin', DICTIONARY_PATH]
+
+password = 'swordfish'
+
+def shell_grep(password)
+  password = Shellwords.escape(password)
+  `/usr/bin/grep -m 1 '^#{password}$' #{DICTIONARY_PATH}`
+  $?.exitstatus == 0
+end
+
+def shell_grep_open3(password)
+  password = Shellwords.escape(password)
+
+  output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
+    stdin.puts "^#{password}$"
+    stdin.close
+    wait_thr.value
+  }
+  output.success?
+end
+
+def shell_grep_subprocess(password)
+  password = Shellwords.escape(password)
+
+  Subprocess.check_call(STDIN_GREP_COMMAND, stdin: Subprocess::PIPE, stdout: '/dev/null') do |p|
+    p.communicate("^#{password}$")
+  end
+  true
+rescue Subprocess::NonZeroExit
+  false
+end
+
+def ruby_grep(password)
+  File.open(DICTIONARY_PATH).grep(/^#{password}$/)
+end
+
+def ruby_loop(password)
+  File.open(DICTIONARY_PATH).read_line do |l|
+    return true if l.match?(/^#{password}$/)
+  end
+  false
+end
+
+Benchmark.bm(17) do |benchmark|
+  benchmark.report("Shell") do
+    ITERATIONS.times { shell_grep(password) }
+  end
+
+  benchmark.report("Ruby Grep") do
+    ITERATIONS.times { ruby_grep(password) }
+  end
+
+  benchmark.report("Ruby Loop") do
+    ITERATIONS.times { ruby_grep(password) }
+  end
+
+  benchmark.report("Open3 stdin") do
+    ITERATIONS.times { shell_grep_open3(password) }
+  end
+
+  benchmark.report("Subprocess stdin") do
+    ITERATIONS.times { shell_grep_subprocess(password) }
+  end
+end

data/nobspw.gemspec

@@ -21,14 +21,16 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  spec.add_development_dependency "bundler", "~> 1.14"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler"
+  spec.add_development_dependency "rake", "~> 12.3.3"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "simplecov", "~> 0.13"
   spec.add_development_dependency "guard", "~> 2.14"
   spec.add_development_dependency "guard-rspec", "~> 4.7.3"
   spec.add_development_dependency "activemodel", "~> 5.0"
   spec.add_development_dependency "i18n", "~> 0.8.1"
+  spec.add_development_dependency "subprocess"
+  spec.add_development_dependency "byebug"
 
   if RUBY_PLATFORM =~ /darwin/
     spec.add_development_dependency 'ruby_gntp', "~> 0.3.4"

metadata

@@ -1,43 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: nobspw
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.2
 platform: ruby
 authors:
 - Carl Mercier
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2018-03-27 00:00:00.000000000 Z
+date: 2020-06-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.14'
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: 12.3.3
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -122,6 +122,34 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 0.8.1
+- !ruby/object:Gem::Dependency
+  name: subprocess
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: ruby_gntp
   requirement: !ruby/object:Gem::Requirement
@@ -175,6 +203,7 @@ files:
 - lib/nobspw/password_checker.rb
 - lib/nobspw/validation_methods.rb
 - lib/nobspw/version.rb
+- misc/grep_benchmark.rb
 - nobspw.gemspec
 homepage: https://github.com/cmer/nobspw
 licenses:
@@ -195,8 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.3
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: No Bullshit Password strength checker