password_strength 0.3.2 → 0.4.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: eb271520f8e1e9f75c210e2619ce81c63982b014
+  data.tar.gz: a7b360fded5d8808dc8eb7f910375b01e952cda5
+SHA512:
+  metadata.gz: 6973d5426f558cdb89a9e57e2cee7579a3b1413d3a3f1f8b874ba25ec1fd5934c7dd9ccc3fb9806129850f521402e3f2cdf12d6bcbdd55f441abeacc6b3160a0
+  data.tar.gz: 8683f5d04cc022c6f0c1b49345ebc626d130a88ce6d83385abaf75ace78b8b41fcb7a3c90ce650d09afa8ecd77e8ffb9536c223ba6c066a7f13ea85ff9e2fd24

data/.gitignore

@@ -0,0 +1,4 @@
+pkg
+coverage
+doc
+/gemfiles/*.lock

data/.travis.yml

@@ -0,0 +1,15 @@
+language: ruby
+script: "bundle exec rake test"
+
+rvm:
+  - 2.1.1
+  - 2.0.0
+
+gemfile:
+  - gemfiles/ar_3_2.gemfile
+  - gemfiles/ar_4_0.gemfile
+  - gemfiles/ar_4_1.gemfile
+
+notifications:
+  email:
+    - fnando.vieira@gmail.com

data/Gemfile

@@ -0,0 +1,2 @@
+source "http://rubygems.org"
+gemspec

data/Gemfile.lock

@@ -0,0 +1,82 @@
+PATH
+  remote: .
+  specs:
+    password_strength (0.4.0)
+      activerecord
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    activemodel (4.0.4)
+      activesupport (= 4.0.4)
+      builder (~> 3.1.0)
+    activerecord (4.0.4)
+      activemodel (= 4.0.4)
+      activerecord-deprecated_finders (~> 1.0.2)
+      activesupport (= 4.0.4)
+      arel (~> 4.0.0)
+    activerecord-deprecated_finders (1.0.3)
+    activesupport (4.0.4)
+      i18n (~> 0.6, >= 0.6.9)
+      minitest (~> 4.2)
+      multi_json (~> 1.3)
+      thread_safe (~> 0.1)
+      tzinfo (~> 0.3.37)
+    arel (4.0.2)
+    atomic (1.1.16)
+    awesome_print (1.2.0)
+    builder (3.1.4)
+    coderay (1.1.0)
+    columnize (0.3.6)
+    debugger (1.6.6)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.2.0)
+      debugger-ruby_core_source (~> 1.3.2)
+    debugger-linecache (1.2.0)
+    debugger-ruby_core_source (1.3.2)
+    diff-lcs (1.2.5)
+    i18n (0.6.9)
+    method_source (0.8.2)
+    minitest (4.7.5)
+    multi_json (1.9.2)
+    pry (0.9.12.6)
+      coderay (~> 1.0)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    pry-debugger (0.2.2)
+      debugger (~> 1.3)
+      pry (~> 0.9.10)
+    pry-meta (0.0.6)
+      awesome_print
+      pry
+      pry-debugger
+      pry-remote
+    pry-remote (0.1.8)
+      pry (~> 0.9)
+      slop (~> 3.0)
+    rake (10.2.2)
+    rspec (2.14.1)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
+    rspec-core (2.14.8)
+    rspec-expectations (2.14.5)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.6)
+    slop (3.5.0)
+    sqlite3 (1.3.9)
+    test-unit (2.5.5)
+    thread_safe (0.3.1)
+      atomic (>= 1.1.7, < 2)
+    tzinfo (0.3.39)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  password_strength!
+  pry-meta
+  rake
+  rspec
+  sqlite3
+  test-unit

data/README.rdoc

@@ -1,5 +1,7 @@
 = Introduction
 
+{<img src="https://travis-ci.org/fnando/password_strength.svg" alt="Build Status" />}[https://travis-ci.org/fnando/password_strength]
+
 Validates the strength of a password according to several rules:
 
 * size
@@ -10,6 +12,7 @@ Validates the strength of a password according to several rules:
 * password contains username
 * sequences (123, abc, aaa)
 * repetitions
+* can't be a common password (view list at support/common.txt)
 
 Some results:
 
@@ -21,7 +24,11 @@ Some results:
 
 = Install
 
-  sudo gem install password_strength
+  gem install password_strength
+
+or put this in your Gemfile:
+
+  gem "password_strength"
 
 If you want the source go to http://github.com/fnando/password_strength
 
@@ -50,7 +57,7 @@ If you want the source go to http://github.com/fnando/password_strength
 
 = ActiveRecord
 
-The PasswordStrength library comes with ActiveRecord support (tested on AR 2.3.5 and 3.0.0-beta).
+The PasswordStrength library comes with ActiveRecord support.
 
   class Person < ActiveRecord::Base
     validates_strength_of :password
@@ -130,18 +137,22 @@ If you just want to overwrite the callback, you can simple do
 
 Get the files:
 
-* http://github.com/fnando/password_strength/raw/master/javascripts/password_strength.js
-* http://github.com/fnando/password_strength/raw/master/javascripts/jquery.strength.js
+* http://github.com/fnando/password_strength/raw/master/app/assets/javascripts/password_strength.js
+* http://github.com/fnando/password_strength/raw/master/app/assets/javascripts/jquery.strength.js
 
-= TO-DO
+If you're using asset pipeline, just add the following lines to your `application.js`.
 
-* Rake task to get the latest JavaScript file
+```javascript
+//= require jquery
+//= require password_strength
+//= require jquery_strength
+```
 
 = License
 
 (The MIT License)
 
-Copyright © 2010:
+Copyright © 2010-2014:
 
 * Nando Vieira (http://simplesideias.com.br)
 

data/Rakefile

@@ -0,0 +1,21 @@
+require "bundler"
+Bundler::GemHelper.install_tasks
+
+require "rake/testtask"
+require "rdoc/task"
+
+Rake::TestTask.new do |t|
+  t.libs += %w[test lib]
+  t.ruby_opts = %w[-rubygems]
+  t.test_files = FileList["test/**/*_test.rb"]
+  t.verbose = true
+end
+
+Rake::RDocTask.new do |rdoc|
+  rdoc.main = "README.rdoc"
+  rdoc.rdoc_dir = "doc"
+  rdoc.title = "Password Strength"
+  rdoc.options += %w[ --line-numbers --inline-source --charset utf-8 ]
+  rdoc.rdoc_files.include("README.rdoc", "CHANGELOG.rdoc")
+  rdoc.rdoc_files.include("lib/**/*.rb")
+end

data/app/assets/javascripts/jquery_strength.js

@@ -0,0 +1,62 @@
+(function($){
+  $.strength = function(username, password, options, callback) {
+    if (typeof(options) == "function") {
+      callback = options;
+      options = {};
+    } else if (!options) {
+      options = {};
+    }
+
+    var usernameField = $(username);
+    var passwordField = $(password);
+    var strength = new PasswordStrength();
+
+    strength.exclude = options["exclude"];
+
+    callback = callback || $.strength.callback;
+
+    var handler = function(){
+      strength.username = $(usernameField).val();
+
+      if ($(usernameField).length == 0) {
+        strength.username = username;
+      }
+
+      strength.password = $(passwordField).val();
+
+      if ($(passwordField).length == 0) {
+        strength.password = password;
+      }
+
+      strength.test();
+      callback(usernameField, passwordField, strength);
+    };
+
+    $(usernameField).keydown(handler);
+    $(usernameField).keyup(handler);
+
+    $(passwordField).keydown(handler);
+    $(passwordField).keyup(handler);
+  };
+
+  $.extend($.strength, {
+    callback: function(username, password, strength){
+      var img = $(password).next("img.strength");
+
+      if (!img.length) {
+        $(password).after("<img class='strength'>");
+        img = $("img.strength");
+      }
+
+      $(img)
+        .removeClass("weak")
+        .removeClass("good")
+        .removeClass("strong")
+        .addClass(strength.status)
+        .attr("src", $.strength[strength.status + "Image"]);
+    },
+    weakImage: "/images/weak.png",
+    goodImage: "/images/good.png",
+    strongImage: "/images/strong.png"
+  });
+})(jQuery);

data/app/assets/javascripts/password_strength.js

@@ -0,0 +1,270 @@
+var PasswordStrength = (function(){
+  var MULTIPLE_NUMBERS_RE = /\d.*?\d.*?\d/;
+  var MULTIPLE_SYMBOLS_RE = /[!@#$%^&*?_~].*?[!@#$%^&*?_~]/;
+  var UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/;
+  var SYMBOL_RE = /[!@#\$%^&*?_~]/;
+
+  function PasswordStrength() {
+    this.username = null;
+    this.password = null;
+    this.score = 0;
+    this.status = null;
+  }
+
+  PasswordStrength.fn = PasswordStrength.prototype;
+
+  PasswordStrength.fn.test = function() {
+    var score;
+    this.score = score = 0;
+
+    if (this.containInvalidMatches()) {
+      this.status = "invalid";
+    } else if (this.usesCommonWord()) {
+      this.status = "invalid";
+    } else {
+      score += this.scoreFor("password_size");
+      score += this.scoreFor("numbers");
+      score += this.scoreFor("symbols");
+      score += this.scoreFor("uppercase_lowercase");
+      score += this.scoreFor("numbers_chars");
+      score += this.scoreFor("numbers_symbols");
+      score += this.scoreFor("symbols_chars");
+      score += this.scoreFor("only_chars");
+      score += this.scoreFor("only_numbers");
+      score += this.scoreFor("username");
+      score += this.scoreFor("sequences");
+      score += this.scoreFor("repetitions");
+
+      if (score < 0) {
+        score = 0;
+      }
+
+      if (score > 100) {
+        score = 100;
+      }
+
+      if (score < 35) {
+        this.status = "weak";
+      }
+
+      if (score >= 35 && score < 70) {
+        this.status = "good";
+      }
+
+      if (score >= 70) {
+        this.status = "strong";
+      }
+    }
+
+    this.score = score;
+    return this.score;
+  };
+
+  PasswordStrength.fn.scoreFor = function(name) {
+    score = 0;
+
+    switch (name) {
+      case "password_size":
+        if (this.password.length < 4) {
+          score = -100;
+        } else {
+          score = this.password.length * 4;
+        }
+        break;
+
+      case "numbers":
+        if (this.password.match(MULTIPLE_NUMBERS_RE)) {
+          score = 5;
+        }
+        break;
+
+      case "symbols":
+        if (this.password.match(MULTIPLE_SYMBOLS_RE)) {
+          score = 5;
+        }
+        break;
+
+      case "uppercase_lowercase":
+        if (this.password.match(UPPERCASE_LOWERCASE_RE)) {
+          score = 10;
+        }
+        break;
+
+      case "numbers_chars":
+        if (this.password.match(/[a-z]/i) && this.password.match(/[0-9]/)) {
+          score = 15;
+        }
+        break;
+
+      case "numbers_symbols":
+        if (this.password.match(/[0-9]/) && this.password.match(SYMBOL_RE)) {
+          score = 15;
+        }
+        break;
+
+      case "symbols_chars":
+        if (this.password.match(/[a-z]/i) && this.password.match(SYMBOL_RE)) {
+          score = 15;
+        }
+        break;
+
+      case "only_chars":
+        if (this.password.match(/^[a-z]+$/i)) {
+          score = -15;
+        }
+        break;
+
+      case "only_numbers":
+        if (this.password.match(/^\d+$/i)) {
+          score = -15;
+        }
+        break;
+
+      case "username":
+        if (this.password == this.username) {
+          score = -100;
+        } else if (this.password.indexOf(this.username) != -1) {
+          score = -15;
+        }
+        break;
+
+      case "sequences":
+        score += -15 * this.sequences(this.password);
+        score += -15 * this.sequences(this.reversed(this.password));
+        break;
+
+      case "repetitions":
+        score += -(this.repetitions(this.password, 2) * 4);
+        score += -(this.repetitions(this.password, 3) * 3);
+        score += -(this.repetitions(this.password, 4) * 2);
+        break;
+    };
+
+    return score;
+  };
+
+  PasswordStrength.fn.isGood = function() {
+    return this.status == "good";
+  };
+
+  PasswordStrength.fn.isWeak = function() {
+    return this.status == "weak";
+  };
+
+  PasswordStrength.fn.isStrong = function() {
+    return this.status == "strong";
+  };
+
+  PasswordStrength.fn.isInvalid = function() {
+    return this.status == "invalid";
+  };
+
+  PasswordStrength.fn.isValid = function(level) {
+    if(level == "strong") {
+      return this.isStrong();
+    } else if (level == "good") {
+      return this.isStrong() || this.isGood();
+    } else {
+      return !this.containInvalidMatches();
+    }
+  };
+
+  PasswordStrength.fn.containInvalidMatches = function() {
+    if (!this.exclude) {
+      return false;
+    }
+
+    if (!this.exclude.test) {
+      return false;
+    }
+
+    return this.exclude.test(this.password.toString());
+  };
+
+  PasswordStrength.fn.usesCommonWord = function() {
+    return PasswordStrength.commonWords.indexOf(this.password.toLowerCase()) >= 0;
+  };
+
+  PasswordStrength.fn.sequences = function(text) {
+    var matches = 0;
+    var sequenceSize = 0;
+    var codes = [];
+    var len = text.length;
+    var previousCode, currentCode;
+
+    for (var i = 0; i < len; i++) {
+      currentCode = text.charCodeAt(i);
+      previousCode = codes[codes.length - 1];
+      codes.push(currentCode);
+
+      if (previousCode) {
+        if (currentCode == previousCode + 1 || previousCode == currentCode) {
+          sequenceSize += 1;
+        } else {
+          sequenceSize = 0;
+        }
+      }
+
+      if (sequenceSize == 2) {
+        matches += 1;
+      }
+    }
+
+    return matches;
+  };
+
+  PasswordStrength.fn.repetitions = function(text, size) {
+    var count = 0;
+    var matches = {};
+    var len = text.length;
+    var substring;
+    var occurrences;
+    var tmpText;
+
+    for (var i = 0; i < len; i++) {
+      substring = text.substr(i, size);
+      occurrences = 0;
+      tmpText = text;
+
+      if (matches[substring] || substring.length < size) {
+        continue;
+      }
+
+      matches[substring] = true;
+
+      while ((i = tmpText.indexOf(substring)) != -1) {
+        occurrences += 1;
+        tmpText = tmpText.substr(i + 1);
+      };
+
+      if (occurrences > 1) {
+        count += 1;
+      }
+    }
+
+    return count;
+  };
+
+  PasswordStrength.fn.reversed = function(text) {
+    var newText = "";
+    var len = text.length;
+
+    for (var i = len -1; i >= 0; i--) {
+      newText += text.charAt(i);
+    }
+
+    return newText;
+  };
+
+  PasswordStrength.test = function(username, password) {
+    strength = new PasswordStrength();
+    strength.username = username;
+    strength.password = password;
+    strength.test();
+    return strength;
+  };
+
+  PasswordStrength.commonWords = ["000000", "010203", "1111", "11111", "111111", "11111111", "112233", "1212", "121212", "123123", "1234", "12345", "123456", "1234567", "12345678", "123456789", "1234567890", "1313", "131313", "2000", "2112", "2222", "232323", "3333", "4128", "4321", "4444", "5150", "5555", "555555", "654321", "6666", "666666", "6969", "696969", "7777", "777777", "7777777", "8675309", "987654", "aaaa", "aaaaaa", "abc123", "abcdef", "abgrtyu", "access", "access14", "action", "admin", "adobe123", "albert", "alex", "alexis", "amanda", "amateur", "andrea", "andrew", "angel", "angela", "angels", "animal", "anthony", "apollo", "apple", "apples", "arsenal", "arthur", "asdf", "asdfgh", "ashley", "asshole", "august", "austin", "azerty", "baby", "badboy", "bailey", "banana", "barney", "baseball", "batman", "beach", "bear", "beaver", "beavis", "beer", "bigcock", "bigdaddy", "bigdick", "bigdog", "bigtits", "bill", "billy", "birdie", "bitch", "bitches", "biteme", "black", "blazer", "blonde", "blondes", "blowjob", "blowme", "blue", "bond007", "bonnie", "booboo", "boobs", "booger", "boomer", "booty", "boston", "brandon", "brandy", "braves", "brazil", "brian", "bronco", "broncos", "bubba", "buddy", "bulldog", "buster", "butter", "butthead", "calvin", "camaro", "cameron", "canada", "captain", "carlos", "carter", "casper", "charles", "charlie", "cheese", "chelsea", "chester", "chevy", "chicago", "chicken", "chris", "cocacola", "cock", "coffee", "college", "compaq", "computer", "cookie", "cool", "cooper", "corvette", "cowboy", "cowboys", "cream", "crystal", "cumming", "cumshot", "cunt", "dakota", "dallas", "daniel", "danielle", "dave", "david", "debbie", "dennis", "deuseamor", "diablo", "diamond", "dick", "dirty", "doctor", "doggie", "dolphin", "dolphins", "donald", "dragon", "dreams", "driver", "eagle", "eagle1", "eagles", "edward", "einstein", "enjoy", "enter", "eric", "erotic", "extreme", "falcon", "FaMiLia", "fender", "ferrari", "fire", "firebird", "fish", "fishing", "florida", "flower", "flyers", "football", "ford", "forever", "frank", "fred", "freddy", "freedom", "fuck", "fucked", "fucker", "fucking", "fuckme", "fuckyou", "gandalf", "gateway", "gators", "gemini", "george", "giants", "ginger", "girl", "girls", "golden", "golf", "golfer", "gordon", "great", "green", "gregory", "guitar", "gunner", "hammer", "hannah", "happy", "hardcore", "harley", "heather", "hello", "helpme", "hentai", "hockey", "hooters", "horney", "horny", "hotdog", "house", "hunter", "hunting", "iceman", "iloveyou", "internet", "iwantu", "jack", "jackie", "jackson", "jaguar", "jake", "james", "japan", "jasmine", "jason", "jasper", "jennifer", "jeremy", "jessica", "jesus", "jesuscristo", "john", "johnny", "johnson", "jordan", "joseph", "joshua", "juice", "junior", "justin", "kelly", "kevin", "killer", "king", "kitty", "knight", "ladies", "lakers", "lauren", "leather", "legend", "letmein", "little", "london", "love", "lover", "lovers", "lucky", "maddog", "madison", "maggie", "magic", "magnum", "MARCELO", "marine", "mark", "marlboro", "martin", "marvin", "master", "matrix", "matt", "matthew", "maverick", "maxwell", "melissa", "member", "mercedes", "merlin", "michael", "michelle", "mickey", "midnight", "mike", "miller", "mine", "mistress", "money", "monica", "monkey", "monster", "morgan", "mother", "mountain", "movie", "muffin", "murphy", "music", "mustang", "naked", "nascar", "nathan", "naughty", "ncc1701", "newyork", "nicholas", "nicole", "ninja", "nipple", "nipples", "oliver", "orange", "ou812", "packers", "panther", "panties", "paris", "parker", "pass", "passw0rd", "password", "password1", "password12", "password123", "patrick", "paul", "peaches", "peanut", "penis", "pepper", "peter", "phantom", "phoenix", "photoshop", "player", "please", "pookie", "porn", "porno", "porsche", "power", "prince", "princess", "private", "purple", "pussies", "pussy", "qazwsx", "qwert", "qwerty", "qwertyui", "rabbit", "rachel", "racing", "raiders", "rainbow", "ranger", "rangers", "rebecca", "redskins", "redsox", "redwings", "richard", "robert", "rock", "rocket", "rosebud", "runner", "rush2112", "russia", "samantha", "sammy", "samson", "sandra", "saturn", "scooby", "scooter", "scorpio", "scorpion", "scott", "secret", "sexsex", "sexy", "shadow", "shannon", "shaved", "shit", "sierra", "silver", "skippy", "slayer", "slut", "smith", "smokey", "snoopy", "soccer", "sophie", "spanky", "sparky", "spider", "squirt", "srinivas", "star", "stars", "startrek", "starwars", "steelers", "steve", "steven", "sticky", "stupid", "success", "suckit", "summer", "sunshine", "super", "superman", "surfer", "swimming", "sydney", "taylor", "teens", "tennis", "teresa", "test", "tester", "testing", "theman", "thomas", "thunder", "thx1138", "tiffany", "tiger", "tigers", "tigger", "time", "tits", "tomcat", "topgun", "toyota", "travis", "trouble", "trustno1", "tucker", "turtle", "twitter", "united", "vagina", "victor", "victoria", "video", "viking", "viper", "voodoo", "voyager", "walter", "warrior", "welcome", "whatever", "white", "william", "willie", "wilson", "winner", "winston", "winter", "wizard", "wolf", "women", "xavier", "xxxx", "xxxxx", "xxxxxx", "xxxxxxxx", "yamaha", "yankee", "yankees", "yellow", "young", "zxcvbn", "zxcvbnm", "zzzzzz"];
+
+  return PasswordStrength;
+})();