nobspw_rails7 0.6.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +13 -0
  3. data/.rspec +3 -0
  4. data/.travis.yml +7 -0
  5. data/Gemfile +4 -0
  6. data/Guardfile +26 -0
  7. data/LICENSE.txt +21 -0
  8. data/README.md +150 -0
  9. data/Rakefile +6 -0
  10. data/bin/console +14 -0
  11. data/bin/setup +8 -0
  12. data/lib/active_model/validations/password_validator.rb +84 -0
  13. data/lib/db/dictionary.txt +100000 -0
  14. data/lib/nobspw_rails7/configuration.rb +27 -0
  15. data/lib/nobspw_rails7/password_checker.rb +41 -0
  16. data/lib/nobspw_rails7/validation_methods.rb +127 -0
  17. data/lib/nobspw_rails7/version.rb +3 -0
  18. data/lib/nobspw_rails7.rb +24 -0
  19. data/misc/grep_benchmark.rb +73 -0
  20. data/nobspw_rails7.gemspec +39 -0
  21. metadata +206 -0
data/lib/nobspw_rails7/configuration.rb ADDED
@@ -0,0 +1,27 @@
1
+ module NOBSPW_RAILS7
2
+ class Configuration
3
+ attr_accessor :min_password_length
4
+ attr_accessor :max_password_length
5
+ attr_accessor :min_unique_characters
6
+ attr_accessor :dictionary_path
7
+ attr_accessor :grep_path
8
+ attr_accessor :use_ruby_grep
9
+ attr_accessor :domain_name
10
+ attr_accessor :blacklist
11
+ attr_accessor :validation_methods
12
+ attr_accessor :interrupt_validation_for
13
+
14
+ def initialize
15
+ @min_password_length = 10
16
+ @max_password_length = 256
17
+ @min_unique_characters = 5
18
+ @dictionary_path = File.join(File.dirname(__FILE__), "..", "db", "dictionary.txt")
19
+ @grep_path = `which grep`.strip
20
+ @use_ruby_grep = @grep_path.empty?
21
+ @domain_name = nil
22
+ @blacklist = nil
23
+ @validation_methods = NOBSPW_RAILS7::ValidationMethods::DEFAULT_VALIDATION_METHODS
24
+ @interrupt_validation_for = NOBSPW_RAILS7::ValidationMethods::INTERRUPT_VALIDATION_FOR
25
+ end
26
+ end
27
+ end
data/lib/nobspw_rails7/password_checker.rb ADDED
@@ -0,0 +1,41 @@
1
+ require 'shellwords'
2
+
3
+ module NOBSPW_RAILS7
4
+ class PasswordChecker
5
+ include NOBSPW_RAILS7::ValidationMethods
6
+
7
+ def initialize(name: nil, username: nil, email: nil, password:)
8
+ @name, @username, @email, @password = \
9
+ name&.strip, username&.strip, email&.strip, (password || '').strip
10
+ end
11
+
12
+ def strong?
13
+ check_password if @strong.nil?
14
+ @strong
15
+ end
16
+
17
+ def weak?
18
+ !strong?
19
+ end
20
+
21
+ def weak_password_reasons
22
+ check_password if @weak_password_reasons.nil?
23
+ @weak_password_reasons
24
+ end
25
+ alias_method :reasons, :weak_password_reasons
26
+
27
+ private
28
+
29
+ def check_password
30
+ @weak_password_reasons = []
31
+ NOBSPW_RAILS7.configuration.validation_methods.each do |method|
32
+ if send("#{method}")
33
+ @weak_password_reasons << method.to_s.sub(/\?$/, '').to_sym
34
+ break if NOBSPW_RAILS7.configuration.interrupt_validation_for.include?(method)
35
+ end
36
+ end
37
+
38
+ @strong = @weak_password_reasons.empty?
39
+ end
40
+ end
41
+ end
data/lib/nobspw_rails7/validation_methods.rb ADDED
@@ -0,0 +1,127 @@
1
+ require 'shellwords'
2
+ require 'open3'
3
+
4
+ module NOBSPW_RAILS7
5
+ module ValidationMethods
6
+ DEFAULT_VALIDATION_METHODS = %i(password_empty?
7
+ name_included_in_password?
8
+ username_included_in_password?
9
+ email_included_in_password?
10
+ domain_included_in_password?
11
+ password_too_short?
12
+ password_too_long?
13
+ not_enough_unique_characters?
14
+ password_not_allowed?
15
+ password_too_common?)
16
+
17
+ INTERRUPT_VALIDATION_FOR = %i(password_empty?)
18
+ STDIN_GREP_COMMAND = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin',
19
+ NOBSPW_RAILS7.configuration.dictionary_path]
20
+
21
+ private
22
+
23
+ def password_empty?
24
+ @password.nil? || @password.strip == ''
25
+ end
26
+
27
+ def name_included_in_password?
28
+ return nil unless @name
29
+ words = remove_word_separators(@name).split(' ')
30
+ words_included_in_password?(words)
31
+ end
32
+
33
+ def username_included_in_password?
34
+ return nil unless @username
35
+ words = remove_word_separators(@username).split(' ')
36
+ words_included_in_password?(words)
37
+ end
38
+
39
+ def email_included_in_password?
40
+ return nil unless @email
41
+ words = remove_word_separators(email_without_extension(@email)).split(' ')
42
+ words_included_in_password?(words)
43
+ end
44
+
45
+ def domain_included_in_password?
46
+ domain = NOBSPW_RAILS7.configuration.domain_name
47
+ return nil unless domain
48
+ domain = strip_extension_from_domain(domain)
49
+ domain_without_separator = remove_word_separators(domain).gsub(' ', '')
50
+ words_included_in_password?([domain, domain_without_separator])
51
+ end
52
+
53
+ def password_not_allowed?
54
+ return nil unless NOBSPW_RAILS7.configuration.blacklist
55
+
56
+ NOBSPW_RAILS7.configuration.blacklist.each do |expression|
57
+ if expression.is_a?(Regexp)
58
+ return true if @password.match?(expression)
59
+ else
60
+ return true if expression.to_s == @password
61
+ end
62
+ end
63
+
64
+ false
65
+ end
66
+
67
+ def password_too_short?
68
+ @password.length < NOBSPW_RAILS7.configuration.min_password_length
69
+ end
70
+
71
+ def password_too_long?
72
+ @password.length > NOBSPW_RAILS7.configuration.max_password_length
73
+ end
74
+
75
+ def not_enough_unique_characters?
76
+ unique = @password.split(//).uniq.size
77
+ minimum = NOBSPW_RAILS7.configuration.min_unique_characters
78
+ !(unique >= minimum)
79
+ end
80
+
81
+ def words_included_in_password?(words)
82
+ downcased_pw = @password.downcase
83
+ words.each do |word|
84
+ return true if word.length > 2 && downcased_pw.index(word.downcase)
85
+ end; false
86
+ end
87
+
88
+ def password_too_common?
89
+ NOBSPW_RAILS7.configuration.use_ruby_grep ? ruby_grep : shell_grep
90
+ end
91
+
92
+ # Helper methods
93
+
94
+ def shell_grep
95
+ raise StandardError.new("Grep not found at: #{NOBSPW_RAILS7.configuration.grep_path}") \
96
+ if !File.exist?(NOBSPW_RAILS7.configuration.grep_path)
97
+
98
+ output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
99
+ stdin.puts "^#{escaped_password}$"
100
+ stdin.close
101
+ wait_thr.value
102
+ }
103
+ output.success?
104
+ end
105
+
106
+ def ruby_grep
107
+ File.open(NOBSPW_RAILS7.configuration.dictionary_path).grep(/^#{escaped_password}$/).any?
108
+ end
109
+
110
+ def email_without_extension(email)
111
+ name, domain, whatev = email&.split("@", 3)
112
+ "#{name}@#{strip_extension_from_domain(domain)}"
113
+ end
114
+
115
+ def strip_extension_from_domain(domain)
116
+ domain&.split(".")&.first
117
+ end
118
+
119
+ def remove_word_separators(str)
120
+ str&.gsub(/-|_|\.|\'|\"|\@/, ' ')
121
+ end
122
+
123
+ def escaped_password(password = @password)
124
+ Shellwords.escape(password)
125
+ end
126
+ end
127
+ end
data/lib/nobspw_rails7/version.rb ADDED
@@ -0,0 +1,3 @@
1
+ module NOBSPW_RAILS7
2
+ VERSION = '0.6.5'
3
+ end
data/lib/nobspw_rails7.rb ADDED
@@ -0,0 +1,24 @@
1
+ require "nobspw_rails7/version"
2
+
3
+ module NOBSPW_RAILS7
4
+ autoload :PasswordChecker, 'nobspw_rails7/password_checker'
5
+ autoload :ValidationMethods, 'nobspw_rails7/validation_methods'
6
+ autoload :Configuration, 'nobspw_rails7/configuration'
7
+
8
+ if (defined?(::ActiveModel) && ActiveModel::VERSION::MAJOR >= 4) && defined?(I18n)
9
+ require_relative 'active_model/validations/password_validator'
10
+ end
11
+
12
+ class << self
13
+ attr_writer :configuration
14
+ end
15
+
16
+ def self.configure
17
+ self.configuration ||= Configuration.new
18
+ yield(configuration)
19
+ end
20
+
21
+ def self.configuration
22
+ @configuration ||= Configuration.new
23
+ end
24
+ end
data/misc/grep_benchmark.rb ADDED
@@ -0,0 +1,73 @@
1
+ #! /usr/bin/env ruby
2
+
3
+ require 'benchmark'
4
+ require 'shellwords'
5
+ require 'open3'
6
+ require 'subprocess'
7
+
8
+ ITERATIONS = 100
9
+ DICTIONARY_PATH = File.join(File.dirname(__FILE__), '..', 'lib/db/dictionary.txt')
10
+ STDIN_GREP_COMMAND = ['/usr/bin/grep', '-m 1', '-f', '/dev/stdin', DICTIONARY_PATH]
11
+
12
+ password = 'swordfish'
13
+
14
+ def shell_grep(password)
15
+ password = Shellwords.escape(password)
16
+ `/usr/bin/grep -m 1 '^#{password}$' #{DICTIONARY_PATH}`
17
+ $?.exitstatus == 0
18
+ end
19
+
20
+ def shell_grep_open3(password)
21
+ password = Shellwords.escape(password)
22
+
23
+ output = Open3.popen3(STDIN_GREP_COMMAND.join(" "), out: '/dev/null') { |stdin, stdout, stderr, wait_thr|
24
+ stdin.puts "^#{password}$"
25
+ stdin.close
26
+ wait_thr.value
27
+ }
28
+ output.success?
29
+ end
30
+
31
+ def shell_grep_subprocess(password)
32
+ password = Shellwords.escape(password)
33
+
34
+ Subprocess.check_call(STDIN_GREP_COMMAND, stdin: Subprocess::PIPE, stdout: '/dev/null') do |p|
35
+ p.communicate("^#{password}$")
36
+ end
37
+ true
38
+ rescue Subprocess::NonZeroExit
39
+ false
40
+ end
41
+
42
+ def ruby_grep(password)
43
+ File.open(DICTIONARY_PATH).grep(/^#{password}$/)
44
+ end
45
+
46
+ def ruby_loop(password)
47
+ File.open(DICTIONARY_PATH).read_line do |l|
48
+ return true if l.match?(/^#{password}$/)
49
+ end
50
+ false
51
+ end
52
+
53
+ Benchmark.bm(17) do |benchmark|
54
+ benchmark.report("Shell") do
55
+ ITERATIONS.times { shell_grep(password) }
56
+ end
57
+
58
+ benchmark.report("Ruby Grep") do
59
+ ITERATIONS.times { ruby_grep(password) }
60
+ end
61
+
62
+ benchmark.report("Ruby Loop") do
63
+ ITERATIONS.times { ruby_grep(password) }
64
+ end
65
+
66
+ benchmark.report("Open3 stdin") do
67
+ ITERATIONS.times { shell_grep_open3(password) }
68
+ end
69
+
70
+ benchmark.report("Subprocess stdin") do
71
+ ITERATIONS.times { shell_grep_subprocess(password) }
72
+ end
73
+ end
data/nobspw_rails7.gemspec ADDED
@@ -0,0 +1,39 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'nobspw_rails7/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "nobspw_rails7"
8
+ spec.version = NOBSPW_RAILS7::VERSION
9
+ spec.authors = ["Carl Mercier", "Nao"]
10
+ spec.email = ["foss@carlmercier.com", "nao@naomie.digital"]
11
+
12
+ spec.summary = %q{No Bullshit Password strength checker}
13
+ spec.description = %q{No Bullshit Password strength checker. Inspired by "Password Rules are Bullshit" by Jeff Atwood. https://blog.codinghorror.com/password-rules-are-bullshit/ (Fixed to work with Rails 7)}
14
+ spec.homepage = "https://github.com/nomadnaomie/nobspw"
15
+ spec.license = "MIT"
16
+
17
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
18
+ f.match(%r{^(test|spec|features)/})
19
+ end
20
+ spec.bindir = "exe"
21
+ spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
22
+ spec.require_paths = ["lib"]
23
+
24
+ spec.add_development_dependency "bundler"
25
+ spec.add_development_dependency "rake", "~> 12.3.3"
26
+ spec.add_development_dependency "rspec", "~> 3.0"
27
+ spec.add_development_dependency "simplecov", "~> 0.13"
28
+ spec.add_development_dependency "guard", "~> 2.14"
29
+ spec.add_development_dependency "guard-rspec", "~> 4.7.3"
30
+ spec.add_development_dependency "activemodel", "~> 5.0"
31
+ spec.add_development_dependency "i18n", "~> 0.8.1"
32
+ spec.add_development_dependency "subprocess"
33
+ spec.add_development_dependency "byebug"
34
+
35
+ if RUBY_PLATFORM =~ /darwin/
36
+ spec.add_development_dependency 'ruby_gntp', "~> 0.3.4"
37
+ spec.add_development_dependency 'terminal-notifier-guard', '~> 1.6.1'
38
+ end
39
+ end
metadata ADDED
@@ -0,0 +1,206 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: nobspw_rails7
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.6.5
5
+ platform: ruby
6
+ authors:
7
+ - Carl Mercier
8
+ - Nao
9
+ autorequire:
10
+ bindir: exe
11
+ cert_chain: []
12
+ date: 2023-02-25 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: bundler
16
+ requirement: !ruby/object:Gem::Requirement
17
+ requirements:
18
+ - - ">="
19
+ - !ruby/object:Gem::Version
20
+ version: '0'
21
+ type: :development
22
+ prerelease: false
23
+ version_requirements: !ruby/object:Gem::Requirement
24
+ requirements:
25
+ - - ">="
26
+ - !ruby/object:Gem::Version
27
+ version: '0'
28
+ - !ruby/object:Gem::Dependency
29
+ name: rake
30
+ requirement: !ruby/object:Gem::Requirement
31
+ requirements:
32
+ - - "~>"
33
+ - !ruby/object:Gem::Version
34
+ version: 12.3.3
35
+ type: :development
36
+ prerelease: false
37
+ version_requirements: !ruby/object:Gem::Requirement
38
+ requirements:
39
+ - - "~>"
40
+ - !ruby/object:Gem::Version
41
+ version: 12.3.3
42
+ - !ruby/object:Gem::Dependency
43
+ name: rspec
44
+ requirement: !ruby/object:Gem::Requirement
45
+ requirements:
46
+ - - "~>"
47
+ - !ruby/object:Gem::Version
48
+ version: '3.0'
49
+ type: :development
50
+ prerelease: false
51
+ version_requirements: !ruby/object:Gem::Requirement
52
+ requirements:
53
+ - - "~>"
54
+ - !ruby/object:Gem::Version
55
+ version: '3.0'
56
+ - !ruby/object:Gem::Dependency
57
+ name: simplecov
58
+ requirement: !ruby/object:Gem::Requirement
59
+ requirements:
60
+ - - "~>"
61
+ - !ruby/object:Gem::Version
62
+ version: '0.13'
63
+ type: :development
64
+ prerelease: false
65
+ version_requirements: !ruby/object:Gem::Requirement
66
+ requirements:
67
+ - - "~>"
68
+ - !ruby/object:Gem::Version
69
+ version: '0.13'
70
+ - !ruby/object:Gem::Dependency
71
+ name: guard
72
+ requirement: !ruby/object:Gem::Requirement
73
+ requirements:
74
+ - - "~>"
75
+ - !ruby/object:Gem::Version
76
+ version: '2.14'
77
+ type: :development
78
+ prerelease: false
79
+ version_requirements: !ruby/object:Gem::Requirement
80
+ requirements:
81
+ - - "~>"
82
+ - !ruby/object:Gem::Version
83
+ version: '2.14'
84
+ - !ruby/object:Gem::Dependency
85
+ name: guard-rspec
86
+ requirement: !ruby/object:Gem::Requirement
87
+ requirements:
88
+ - - "~>"
89
+ - !ruby/object:Gem::Version
90
+ version: 4.7.3
91
+ type: :development
92
+ prerelease: false
93
+ version_requirements: !ruby/object:Gem::Requirement
94
+ requirements:
95
+ - - "~>"
96
+ - !ruby/object:Gem::Version
97
+ version: 4.7.3
98
+ - !ruby/object:Gem::Dependency
99
+ name: activemodel
100
+ requirement: !ruby/object:Gem::Requirement
101
+ requirements:
102
+ - - "~>"
103
+ - !ruby/object:Gem::Version
104
+ version: '5.0'
105
+ type: :development
106
+ prerelease: false
107
+ version_requirements: !ruby/object:Gem::Requirement
108
+ requirements:
109
+ - - "~>"
110
+ - !ruby/object:Gem::Version
111
+ version: '5.0'
112
+ - !ruby/object:Gem::Dependency
113
+ name: i18n
114
+ requirement: !ruby/object:Gem::Requirement
115
+ requirements:
116
+ - - "~>"
117
+ - !ruby/object:Gem::Version
118
+ version: 0.8.1
119
+ type: :development
120
+ prerelease: false
121
+ version_requirements: !ruby/object:Gem::Requirement
122
+ requirements:
123
+ - - "~>"
124
+ - !ruby/object:Gem::Version
125
+ version: 0.8.1
126
+ - !ruby/object:Gem::Dependency
127
+ name: subprocess
128
+ requirement: !ruby/object:Gem::Requirement
129
+ requirements:
130
+ - - ">="
131
+ - !ruby/object:Gem::Version
132
+ version: '0'
133
+ type: :development
134
+ prerelease: false
135
+ version_requirements: !ruby/object:Gem::Requirement
136
+ requirements:
137
+ - - ">="
138
+ - !ruby/object:Gem::Version
139
+ version: '0'
140
+ - !ruby/object:Gem::Dependency
141
+ name: byebug
142
+ requirement: !ruby/object:Gem::Requirement
143
+ requirements:
144
+ - - ">="
145
+ - !ruby/object:Gem::Version
146
+ version: '0'
147
+ type: :development
148
+ prerelease: false
149
+ version_requirements: !ruby/object:Gem::Requirement
150
+ requirements:
151
+ - - ">="
152
+ - !ruby/object:Gem::Version
153
+ version: '0'
154
+ description: No Bullshit Password strength checker. Inspired by "Password Rules are
155
+ Bullshit" by Jeff Atwood. https://blog.codinghorror.com/password-rules-are-bullshit/
156
+ (Fixed to work with Rails 7)
157
+ email:
158
+ - foss@carlmercier.com
159
+ - nao@naomie.digital
160
+ executables: []
161
+ extensions: []
162
+ extra_rdoc_files: []
163
+ files:
164
+ - ".gitignore"
165
+ - ".rspec"
166
+ - ".travis.yml"
167
+ - Gemfile
168
+ - Guardfile
169
+ - LICENSE.txt
170
+ - README.md
171
+ - Rakefile
172
+ - bin/console
173
+ - bin/setup
174
+ - lib/active_model/validations/password_validator.rb
175
+ - lib/db/dictionary.txt
176
+ - lib/nobspw_rails7.rb
177
+ - lib/nobspw_rails7/configuration.rb
178
+ - lib/nobspw_rails7/password_checker.rb
179
+ - lib/nobspw_rails7/validation_methods.rb
180
+ - lib/nobspw_rails7/version.rb
181
+ - misc/grep_benchmark.rb
182
+ - nobspw_rails7.gemspec
183
+ homepage: https://github.com/nomadnaomie/nobspw
184
+ licenses:
185
+ - MIT
186
+ metadata: {}
187
+ post_install_message:
188
+ rdoc_options: []
189
+ require_paths:
190
+ - lib
191
+ required_ruby_version: !ruby/object:Gem::Requirement
192
+ requirements:
193
+ - - ">="
194
+ - !ruby/object:Gem::Version
195
+ version: '0'
196
+ required_rubygems_version: !ruby/object:Gem::Requirement
197
+ requirements:
198
+ - - ">="
199
+ - !ruby/object:Gem::Version
200
+ version: '0'
201
+ requirements: []
202
+ rubygems_version: 3.3.7
203
+ signing_key:
204
+ specification_version: 4
205
+ summary: No Bullshit Password strength checker
206
+ test_files: []