nobspw_rails7 0.6.5

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 2ca5d47ab1262a8a04bece3bbcac0936b803458df38c09b94461f163815b206f
+  data.tar.gz: e33e55cdd6068f454c2ad46a1e8864809399f780f594726bb3623ed13314a5cb
+SHA512:
+  metadata.gz: 924d72215ed541b7f74f5fb7675d893df4dfa30b0e45b3e13b4d63e55f5b778987441f9b8f1d30d2797fe487889d5f11a4b64ed1cd6b754923fe8a51104c14fd
+  data.tar.gz: 8e6878728ca1b2592db6b5dd4e8d9d6299c0073c040dc7912e7f41bcbc861832a5e93e28a8f5a450c36ab8d09b2eb8b7181022230b1134a3565a070e013405f8

data/.gitignore

@@ -0,0 +1,13 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/coverage/
+/spec/examples.txt
+*.gem
+.byebug_history

data/.rspec

@@ -0,0 +1,3 @@
+--color
+--require spec_helper
+--format documentation

data/.travis.yml

@@ -0,0 +1,7 @@
+sudo: false
+language: ruby
+rvm:
+  - 2.5.0
+  - 2.6.2
+  - 2.7.1
+before_install: gem install bundler

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nobspw_rails7.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,26 @@
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+end
+
+if `uname` =~ /Darwin/
+  if !!system("lsof -i:23053", out: '/dev/null')
+    puts "Growl notifications enabled"
+    notification :gntp, app_name: "", activate: 'com.googlecode.iTerm2'
+  else
+    puts "Native macOS notifications enabled"
+    notification :terminal_notifier, app_name: "", activate: 'com.googlecode.iTerm2' if `uname` =~ /Darwin/
+  end
+end

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2017 Carl Mercier
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,150 @@
+# NOBSPW_RAILS7 - No Bullshit Password strength checker
+
+[![Build Status](https://travis-ci.org/cmer/nobspw_rails7.svg?branch=master)](https://travis-ci.org/cmer/nobspw_rails7)
+
+NOBSPW_RAILS7 is simple, no non-sense password strength checker written in Ruby. It does NOT validate against [bullshit password rules](https://twitter.com/codinghorror/status/631238409269309440?ref_src=twsrc%5Etfw) such as:
+
+- must contain uppercase _(bullshit!)_
+- must contain lowercase _(bullshit!)_
+- must contain a number _(bullshit!)_
+- must contain a special character _(bullshit!)_
+
+Instead, it validates your user's password against a few important criteria. This ensures strong passwords without the hassle generally associated with complex (and useless) password rules.
+
+The criteria currently are:
+
+- enforce minimum (and maximum) length. 10 characters is the recommended minimum and is the default value
+- reject common passwords from a dictionary of the 100,000 most common passwords (or your own dictionary)
+- requires basic entropy (not too many of the same character)
+- reject special case passwords such as the user's name, email, domain of the site/app
+
+This software was inspired by [Password Rules are Bullshit](https://blog.codinghorror.com/password-rules-are-bullshit/) by Jeff Atwood.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'nobspw_rails7'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nobspw_rails7
+
+## Usage
+
+### Vanilla Ruby
+
+```ruby
+  pwc = NOBSPW_RAILS7::PasswordChecker.new password: 'mystrongpassword',
+                                    name: 'John Smith',           # optional but recommended
+                                    username: 'bigjohn43',        # optional but recommended
+                                    email: 'john@example.org'     # optional but recommended
+  pwc.strong?
+  pwc.weak?
+  pwd.weak_password_reasons  # returns an array of Symbols with reasons why password is weak
+  pwd.reasons                # short alias of weak_password_reasons
+```
+
+Optionally, you can configure some options:
+
+```ruby
+  NOBSPW_RAILS7.configure do |config|
+    config.min_password_length = 10
+    config.max_password_length = 256
+    config.min_unique_characters = 5
+    config.dictionary_path = 'path/to/dictionary.txt'
+    config.grep_path = '/usr/bin/grep'
+    config.use_ruby_grep = false # Defaults to false; slower when true. Uses Ruby's internal Grep method instead of shelling out.
+    config.domain_name = 'mywebsitedomain.com' # it is recommended you configure this
+    config.blacklist = ['this_password_is_not_allowed', /password/]
+  end
+```
+
+### Ruby on Rails
+
+I included `PasswordValidator` for Rails. Validating passwords in your model couldn't be easier:
+
+```ruby
+validates :password, presence: true, password: true, if: -> { new_record? || changes[:password] || changes[:password_digest] }
+```
+
+PasswordValidator will try to guess the correct field name for each `PasswordChecker` argument as follow:
+
+- `username`: `username` `user_name` `user` `screenname` `screen_name`
+- `name`: `name` `full_name` `first_name+last_name`
+- `email`: `email` `email_address`
+
+If you have field names different than above, you can tell `PasswordValidator` which fields to use for specific attributes:
+
+```ruby
+validates :password, password: { :name => :customer_name,
+                                 :email => :electronic_address },
+          if: -> { new_record? || changes[:password] || changes[:password_digest] }
+```
+
+## Validations
+
+NOBSPW_RAILS7 currently validates for the following, in this order:
+
+```ruby
+password_empty?
+name_included_in_password?
+email_included_in_password?
+domain_included_in_password?
+password_too_short?
+password_too_long?
+not_enough_unique_characters?
+password_not_allowed?
+password_too_common?
+```
+If any of these tests fail, they'll be returned by `#reasons`, or with Rails, they'll be added to `errors[:password]`.
+
+
+## Custom Validations
+
+It is possible and easy to add your own validations, or remove default ones.
+
+### Adding a custom validation
+
+```ruby
+module NOBSPW_RAILS7::ValidationMethods
+  def contains_letter_a?
+    # This is obviously a silly validation. Don't do this!
+    # If method returns true, it means that it FAILED validation.
+    # For example, it does contain the letter a and it's not considered acceptable.
+    !!@password.downcase.index('a')
+  end
+end
+
+NOBSPW_RAILS7.configuration.validation_methods << :contains_letter_a?
+
+# if using the Rails validator, you also need to define the error message:
+ActiveModel::Validations::PasswordValidator.error_messages[:contains_letter_a] = \
+  'contains an unacceptable character'
+
+```
+
+### Removing a built-in validation
+
+```ruby
+NOBSPW_RAILS7.configuration.validation_methods.delete(:domain_included_in_password?)
+```
+
+### Localization
+
+You can localize all error messages, including custom ones, using I18n.
+
+See `PasswordValidator#get_message` and `PasswordValidator#DEFAULT_ERROR_MESSAGES` for implementation details.
+
+
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+

data/Rakefile

@@ -0,0 +1,6 @@
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "nobspw_rails7"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/active_model/validations/password_validator.rb

@@ -0,0 +1,84 @@
+class ActiveModel::Validations::PasswordValidator < ActiveModel::EachValidator
+  DEFAULT_ERROR_MESSAGES = {
+    name_included_in_password: 'is too similar to your name',
+    username_included_in_password: 'is too similar to your username',
+    email_included_in_password: 'is too similar to your email',
+    domain_included_in_password: 'is too similar to this domain name',
+    password_too_short: 'is too short',
+    password_too_long: 'is too long',
+    not_enough_unique_characters: 'does not have enough unique characters',
+    password_not_allowed: 'is not allowed',
+    password_too_common: 'is too common',
+    fallback: 'is not valid'
+  }
+
+  def validate_each(record, attribute, value)
+    pc = NOBSPW_RAILS7::PasswordChecker.new password: record.send(attribute),
+                                     email:    email_value(record),
+                                     name:     name_value(record),
+                                     username: username_value(record)
+
+    pc.weak_password_reasons.each do |reason|
+      record.errors.add(attribute, get_message(reason))
+    end
+    pc.strong?
+  end
+
+  def error_messages
+    @error_messages ||= DEFAULT_ERROR_MESSAGES
+  end
+
+  def error_messages=(em)
+    @error_messages = em
+  end
+
+  private
+
+  def email_value(record)
+    if options.keys.include?(:email)
+      return nil if options[:email].nil?
+      return record.send(options[:email])
+    end
+
+    %i(email email_address).each do |f|
+      return record.send(f) if record.respond_to?(f)
+    end
+
+    nil
+  end
+
+  def username_value(record)
+    if options.keys.include?(:username)
+      return nil if options[:username].nil?
+      return record.send(options[:username])
+    end
+
+    %i(username user_name user screenname screen_name).each do |f|
+      return record.send(f) if record.respond_to?(f)
+    end
+
+    nil
+  end
+
+  def name_value(record)
+    if options.keys.include?(:name)
+      return nil if options[:name].nil?
+      return record.send(options[:name])
+    end
+
+    %i(name full_name).each do |f|
+      return record.send(f) if record.respond_to?(f)
+    end
+
+    if record.respond_to?(:first_name) && record.respond_to?(:last_name)
+      return "#{record.send(:first_name)} #{record.send(:last_name)}"
+    end
+
+    nil
+  end
+
+  def get_message(reason)
+    I18n.t "password_validator.#{reason}", default: error_messages[reason] ||
+                                                    error_messages[:fallback]
+  end
+end