playbook_ui 9.8.0 → 9.9.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/pb_kits/playbook/pb_passphrase/_passphrase.jsx +12 -9
- data/app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.html.erb +1 -0
- data/app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.jsx +24 -0
- data/app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.md +3 -0
- data/app/pb_kits/playbook/pb_passphrase/docs/_passphrase_default.jsx +1 -0
- data/app/pb_kits/playbook/pb_passphrase/docs/example.yml +2 -0
- data/app/pb_kits/playbook/pb_passphrase/docs/index.js +1 -0
- data/app/pb_kits/playbook/pb_passphrase/passphrase.rb +2 -0
- data/app/pb_kits/playbook/pb_passphrase/passphrase.test.jsx +12 -0
- data/app/pb_kits/playbook/pb_passphrase/useHaveIBeenPwned.js +52 -0
- data/app/pb_kits/playbook/pb_passphrase/useZxcvbn.js +58 -0
- data/lib/playbook/version.rb +1 -1
- metadata +8 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: cc6cf85248c6d0e0b9c74d63c9d1dffa2a99d8e5b8d1010a8b4622829fa77d66
|
|
4
|
+
data.tar.gz: dae909122997e3eea81a47c6b5b9260bb84d87316c82cc70b351bec7a75d4ad7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 596e69c28e26d8ddcafc2d1006e8f72f56458a9a8eacc4811a918e0124ddffed05c75e61a8834630d041d742e1dd66d8cd97870b5b1d4ef74e7ce2b9b8f30d09
|
|
7
|
+
data.tar.gz: 9a71dd4b52c1da10cd03a288accf3c76e18dd8bc71aebe3e2818c7f27763cd65e0b069d9103c95c5d8cad56ec96411340419a3f729b139758c172d8628e6c8a9
|
|
@@ -5,12 +5,14 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react'
|
|
|
5
5
|
import classnames from 'classnames'
|
|
6
6
|
import { buildAriaProps, buildCss, buildDataProps } from '../utilities/props'
|
|
7
7
|
import { globalProps } from '../utilities/globalProps.js'
|
|
8
|
-
import
|
|
8
|
+
import useZxcvbn from './useZxcvbn'
|
|
9
|
+
import useHaveIBeenPwned from './useHaveIBeenPwned'
|
|
9
10
|
import { Body, Caption, Flex, Icon, PbReactPopover, ProgressSimple, TextInput } from '../'
|
|
10
11
|
|
|
11
12
|
type PassphraseProps = {
|
|
12
13
|
aria?: object,
|
|
13
14
|
averageThreshold?: number,
|
|
15
|
+
checkPwned?: boolean,
|
|
14
16
|
common?: boolean,
|
|
15
17
|
confirmation?: boolean,
|
|
16
18
|
className?: string,
|
|
@@ -33,6 +35,7 @@ const Passphrase = (props: PassphraseProps) => {
|
|
|
33
35
|
const {
|
|
34
36
|
aria = {},
|
|
35
37
|
averageThreshold = 2,
|
|
38
|
+
checkPwned = false,
|
|
36
39
|
className,
|
|
37
40
|
common = false,
|
|
38
41
|
confirmation = false,
|
|
@@ -41,7 +44,7 @@ const Passphrase = (props: PassphraseProps) => {
|
|
|
41
44
|
id,
|
|
42
45
|
inputProps = {},
|
|
43
46
|
label = confirmation ? 'Confirm Passphrase' : 'Passphrase',
|
|
44
|
-
minLength,
|
|
47
|
+
minLength = 12,
|
|
45
48
|
onChange = () => {},
|
|
46
49
|
showTipsBelow = 'always',
|
|
47
50
|
onStrengthChange,
|
|
@@ -50,6 +53,7 @@ const Passphrase = (props: PassphraseProps) => {
|
|
|
50
53
|
uncontrolled = false,
|
|
51
54
|
value = '',
|
|
52
55
|
} = props
|
|
56
|
+
const ariaProps = buildAriaProps(aria)
|
|
53
57
|
|
|
54
58
|
const [uncontrolledValue, setUncontrolledValue] = useState('')
|
|
55
59
|
|
|
@@ -68,16 +72,11 @@ const Passphrase = (props: PassphraseProps) => {
|
|
|
68
72
|
const [showPassphrase, setShowPassphrase] = useState(false)
|
|
69
73
|
const toggleShowPassphrase = () => setShowPassphrase(!showPassphrase)
|
|
70
74
|
|
|
71
|
-
const ariaProps = buildAriaProps(aria)
|
|
72
|
-
const dataProps = buildDataProps(data)
|
|
73
75
|
const classes = classnames(buildCss('pb_passphrase'), globalProps(props), className)
|
|
74
76
|
|
|
75
|
-
const
|
|
76
|
-
() => confirmation ? { test: () => ({}) } : zxcvbnPasswordScore({ averageThreshold, strongThreshold, minLength }),
|
|
77
|
-
[averageThreshold, confirmation, strongThreshold, minLength]
|
|
78
|
-
)
|
|
77
|
+
const isPwned = checkPwned ? useHaveIBeenPwned(displayValue, minLength) : false
|
|
79
78
|
|
|
80
|
-
const { percent: progressPercent, variant: progressVariant, text: strengthLabel, strength } =
|
|
79
|
+
const { percent: progressPercent, variant: progressVariant, text: strengthLabel, strength } = useZxcvbn({ passphrase: displayValue, common, isPwned, confirmation, averageThreshold, minLength, strongThreshold })
|
|
81
80
|
|
|
82
81
|
useEffect(() => {
|
|
83
82
|
if (typeof onStrengthChange === 'function') {
|
|
@@ -89,6 +88,10 @@ const Passphrase = (props: PassphraseProps) => {
|
|
|
89
88
|
(dark ? 'dark' : null),
|
|
90
89
|
(showTipsBelow === 'always' ? null : `show-below-${showTipsBelow}`),
|
|
91
90
|
)
|
|
91
|
+
const dataProps = useMemo(
|
|
92
|
+
() => (buildDataProps(Object.assign({}, data, { strength }))),
|
|
93
|
+
[data, strength]
|
|
94
|
+
)
|
|
92
95
|
|
|
93
96
|
const popoverReference = (
|
|
94
97
|
<a
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
<%= pb_rails("passphrase", props: { check_pwned: true }) %>
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
import React, { useState } from 'react'
|
|
2
|
+
import { Passphrase } from '../../'
|
|
3
|
+
|
|
4
|
+
const PassphraseBreached = (props) => {
|
|
5
|
+
const [input, setInput] = useState('')
|
|
6
|
+
|
|
7
|
+
const handleChange = (e) => setInput(e.target.value)
|
|
8
|
+
|
|
9
|
+
return (
|
|
10
|
+
<>
|
|
11
|
+
<div>
|
|
12
|
+
<br />
|
|
13
|
+
<Passphrase
|
|
14
|
+
checkPwned
|
|
15
|
+
onChange={handleChange}
|
|
16
|
+
value={input}
|
|
17
|
+
{...props}
|
|
18
|
+
/>
|
|
19
|
+
</div>
|
|
20
|
+
</>
|
|
21
|
+
)
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export default PassphraseBreached
|
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
Use `checkPwned | checked_pwned` prop to enable checking against <a href='https://haveibeenpwned.com/Passwords'>HaveIBeenPwned's</a> API. As the passphrase is typed, it is checked against more than half a billion breached passwords, to help ensure its not compromised.
|
|
2
|
+
Should it fail, the feedback will express the passphrase is too common, prompting the user to change.
|
|
3
|
+
This uses their k-Anonymity model, so only the first 5 characters of a hashed copy of the passphrase are sent.
|
|
@@ -5,6 +5,7 @@ examples:
|
|
|
5
5
|
- passphrase_meter_settings: Meter Settings
|
|
6
6
|
- passphrase_input_props: Input Props
|
|
7
7
|
- passphrase_tips: Tips
|
|
8
|
+
- passphrase_breached: Breached Passphrases
|
|
8
9
|
|
|
9
10
|
react:
|
|
10
11
|
- passphrase_default: Default
|
|
@@ -13,3 +14,4 @@ examples:
|
|
|
13
14
|
- passphrase_tips: Tips
|
|
14
15
|
- passphrase_strength_change: Strength Change
|
|
15
16
|
- passphrase_common: Common Passphrases
|
|
17
|
+
- passphrase_breached: Breached Passphrases
|
|
@@ -4,3 +4,4 @@ export { default as PassphraseInputProps } from './_passphrase_input_props'
|
|
|
4
4
|
export { default as PassphraseTips } from './_passphrase_tips'
|
|
5
5
|
export { default as PassphraseStrengthChange } from './_passphrase_strength_change'
|
|
6
6
|
export { default as PassphraseCommon } from './_passphrase_common'
|
|
7
|
+
export { default as PassphraseBreached } from './_passphrase_breached'
|
|
@@ -4,6 +4,7 @@ module Playbook
|
|
|
4
4
|
module PbPassphrase
|
|
5
5
|
class Passphrase < Playbook::KitBase
|
|
6
6
|
prop :average_threshold
|
|
7
|
+
prop :check_pwned
|
|
7
8
|
prop :confirmation, type: Playbook::Props::Boolean, default: false
|
|
8
9
|
prop :input_props, type: Playbook::Props::Hash, default: {}
|
|
9
10
|
prop :label
|
|
@@ -18,6 +19,7 @@ module Playbook
|
|
|
18
19
|
|
|
19
20
|
def passphrase_options
|
|
20
21
|
{
|
|
22
|
+
checkPwned: check_pwned,
|
|
21
23
|
dark: dark,
|
|
22
24
|
id: id,
|
|
23
25
|
averageThreshold: average_threshold,
|
|
@@ -121,3 +121,15 @@ test('popover target does not show when tips are not given', () => {
|
|
|
121
121
|
const kit = screen.getByTestId(testId)
|
|
122
122
|
expect(kit.querySelector('[class^=pb_popover_reference_wrapper]')).toBeNull()
|
|
123
123
|
})
|
|
124
|
+
|
|
125
|
+
test('data-strength attribute exposes strength of password', () => {
|
|
126
|
+
render(
|
|
127
|
+
<Passphrase
|
|
128
|
+
data={{ testid: testId }}
|
|
129
|
+
value="correct horse battery staple"
|
|
130
|
+
/>
|
|
131
|
+
)
|
|
132
|
+
|
|
133
|
+
const kit = screen.getByTestId(testId)
|
|
134
|
+
expect(parseInt(kit.getAttribute('data-strength'))).toBeGreaterThan(0)
|
|
135
|
+
})
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
|
|
2
|
+
import { useEffect, useState } from 'react'
|
|
3
|
+
|
|
4
|
+
const checkHaveIBeenPwned = async function (passphrase) {
|
|
5
|
+
const buffer = new TextEncoder('utf-8').encode(passphrase)
|
|
6
|
+
const digest = await crypto.subtle.digest('SHA-1', buffer)
|
|
7
|
+
const hashArray = Array.from(new Uint8Array(digest))
|
|
8
|
+
const hashHex = hashArray.map((b) => b.toString(16).padStart(2, '0')).join('')
|
|
9
|
+
|
|
10
|
+
const firstFive = hashHex.slice(0, 5)
|
|
11
|
+
const endOfHash = hashHex.slice(5)
|
|
12
|
+
|
|
13
|
+
const resp = await fetch(`https://api.pwnedpasswords.com/range/${firstFive}`)
|
|
14
|
+
const text = await resp.text()
|
|
15
|
+
|
|
16
|
+
const match = text.split('\n').some((line) => {
|
|
17
|
+
//Each line is <sha-1-hash-suffix>:<count of incidents>
|
|
18
|
+
return line.split(':')[0] === endOfHash.toUpperCase()
|
|
19
|
+
})
|
|
20
|
+
return match
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
/**
|
|
24
|
+
* If the input hasn't changed in <delay> ms,
|
|
25
|
+
* hit the haveibeenpwned api and check if the given passphrase is compromised
|
|
26
|
+
*/
|
|
27
|
+
export default function useHaveIBeenPwned(passphrase, minLength, delay = 400) {
|
|
28
|
+
const [isPwned, setIsPwned] = useState(false)
|
|
29
|
+
|
|
30
|
+
useEffect(
|
|
31
|
+
() => {
|
|
32
|
+
// only check the API for passphrases above the minimum size
|
|
33
|
+
if (passphrase.length < minLength) {
|
|
34
|
+
setIsPwned(false)
|
|
35
|
+
return
|
|
36
|
+
}
|
|
37
|
+
|
|
38
|
+
const handler = setTimeout(() => {
|
|
39
|
+
checkHaveIBeenPwned(passphrase)
|
|
40
|
+
.then((pwned) => setIsPwned(pwned))
|
|
41
|
+
.catch(() => setIsPwned(false))
|
|
42
|
+
}, delay)
|
|
43
|
+
|
|
44
|
+
return () => {
|
|
45
|
+
clearTimeout(handler)
|
|
46
|
+
}
|
|
47
|
+
},
|
|
48
|
+
[passphrase, minLength, delay]
|
|
49
|
+
)
|
|
50
|
+
|
|
51
|
+
return isPwned
|
|
52
|
+
}
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
import { useEffect, useMemo, useState } from 'react'
|
|
2
|
+
import zxcvbn from 'zxcvbn'
|
|
3
|
+
|
|
4
|
+
export default function useZxcvbn(options) {
|
|
5
|
+
const { passphrase = '', common, isPwned, confirmation, averageThreshold, minLength, strongThreshold } = options
|
|
6
|
+
const calculator = useMemo(
|
|
7
|
+
() => confirmation ? () => ({ score: 0 }) : zxcvbn,
|
|
8
|
+
[confirmation]
|
|
9
|
+
)
|
|
10
|
+
|
|
11
|
+
const [percent, setPercent] = useState('0')
|
|
12
|
+
const [variant, setVariant] = useState('negative')
|
|
13
|
+
const [text, setText] = useState('\u00A0') //nbsp to keep height constant
|
|
14
|
+
const [result, setResult] = useState({})
|
|
15
|
+
|
|
16
|
+
useEffect(() => {
|
|
17
|
+
if (confirmation) return
|
|
18
|
+
|
|
19
|
+
setResult(calculator(passphrase))
|
|
20
|
+
const str = result.score
|
|
21
|
+
|
|
22
|
+
const noPassphrase = passphrase.length <= 0
|
|
23
|
+
const commonPassphrase = common || isPwned
|
|
24
|
+
const weakPassphrase = passphrase.length < minLength || str < averageThreshold
|
|
25
|
+
const averagePassphrase = str < strongThreshold
|
|
26
|
+
const strongPassphrase = str >= strongThreshold
|
|
27
|
+
|
|
28
|
+
if (noPassphrase) {
|
|
29
|
+
setPercent('0')
|
|
30
|
+
setVariant('negative')
|
|
31
|
+
setText('\u00A0') //nbsp to keep height constant
|
|
32
|
+
} else if (commonPassphrase) {
|
|
33
|
+
setPercent('25')
|
|
34
|
+
setVariant('negative')
|
|
35
|
+
setText('This passphrase is too common')
|
|
36
|
+
} else if (weakPassphrase) {
|
|
37
|
+
setPercent('25')
|
|
38
|
+
setVariant('negative')
|
|
39
|
+
setText('Too weak')
|
|
40
|
+
} else if (averagePassphrase){
|
|
41
|
+
setPercent('50')
|
|
42
|
+
setVariant('warning')
|
|
43
|
+
setText('Almost there, keep going!')
|
|
44
|
+
} else if (strongPassphrase) {
|
|
45
|
+
setPercent('100')
|
|
46
|
+
setVariant('positive')
|
|
47
|
+
setText('Success! Strong passphrase')
|
|
48
|
+
}
|
|
49
|
+
}, [passphrase, common, isPwned, averageThreshold, minLength, strongThreshold]
|
|
50
|
+
)
|
|
51
|
+
|
|
52
|
+
return {
|
|
53
|
+
strength: common || isPwned ? 0 : result.score,
|
|
54
|
+
percent,
|
|
55
|
+
variant,
|
|
56
|
+
text,
|
|
57
|
+
}
|
|
58
|
+
}
|
data/lib/playbook/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: playbook_ui
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 9.
|
|
4
|
+
version: 9.9.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Power UX
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2021-04-
|
|
12
|
+
date: 2021-04-22 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: actionpack
|
|
@@ -1383,6 +1383,9 @@ files:
|
|
|
1383
1383
|
- app/pb_kits/playbook/pb_online_status/online_status.rb
|
|
1384
1384
|
- app/pb_kits/playbook/pb_passphrase/_passphrase.jsx
|
|
1385
1385
|
- app/pb_kits/playbook/pb_passphrase/_passphrase.scss
|
|
1386
|
+
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.html.erb
|
|
1387
|
+
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.jsx
|
|
1388
|
+
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_breached.md
|
|
1386
1389
|
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_common.jsx
|
|
1387
1390
|
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_default.html.erb
|
|
1388
1391
|
- app/pb_kits/playbook/pb_passphrase/docs/_passphrase_default.jsx
|
|
@@ -1404,6 +1407,8 @@ files:
|
|
|
1404
1407
|
- app/pb_kits/playbook/pb_passphrase/passphrase.rb
|
|
1405
1408
|
- app/pb_kits/playbook/pb_passphrase/passphrase.test.jsx
|
|
1406
1409
|
- app/pb_kits/playbook/pb_passphrase/passwordStrength.js
|
|
1410
|
+
- app/pb_kits/playbook/pb_passphrase/useHaveIBeenPwned.js
|
|
1411
|
+
- app/pb_kits/playbook/pb_passphrase/useZxcvbn.js
|
|
1407
1412
|
- app/pb_kits/playbook/pb_person/_person.jsx
|
|
1408
1413
|
- app/pb_kits/playbook/pb_person/_person.scss
|
|
1409
1414
|
- app/pb_kits/playbook/pb_person/docs/_description.md
|
|
@@ -2133,8 +2138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
2133
2138
|
- !ruby/object:Gem::Version
|
|
2134
2139
|
version: '0'
|
|
2135
2140
|
requirements: []
|
|
2136
|
-
|
|
2137
|
-
rubygems_version: 2.7.3
|
|
2141
|
+
rubygems_version: 3.1.4
|
|
2138
2142
|
signing_key:
|
|
2139
2143
|
specification_version: 4
|
|
2140
2144
|
summary: Playbook Design System
|