strong_password 0.0.3 → 0.0.9

data/lib/strong_password/entropy_calculator.rb

@@ -8,7 +8,7 @@ module StrongPassword
         bits(password)
       end
     end
-    
+
     # The basic NIST entropy calculation is based solely
     # on the length of the password in question.
     def self.bits(password)
@@ -24,7 +24,7 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-    
+
     # A modified version of the basic entropy calculation
     # which lowers the amount of entropy gained for each
     # repeated character in the password
@@ -36,9 +36,9 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-  
+
   private
-    
+
     def self.bit_value_at_position(position, base = 1)
       if position > 19
         return base
@@ -50,17 +50,17 @@ module StrongPassword
         return 4
       end
     end
-  
+
     class EntropyResolver
       BASE_VALUE = 1
       REPEAT_WEAKENING_FACTOR = 0.75
-      
+
       attr_reader :char_multiplier
-      
+
       def initialize
         @char_multiplier = {}
       end
-      
+
       # Returns the current entropy value for a character and weakens the entropy
       # for future calls for the same character.
       def entropy_for(char)
@@ -73,4 +73,4 @@ module StrongPassword
       end
     end
   end
-end
+end

data/lib/strong_password/locale/en.yml

@@ -2,4 +2,4 @@ en:
   errors:
     messages:
       password:
-        password_strength: "%{attribute} is too weak"
+        password_strength: "is too weak"

data/lib/strong_password/nist_bonus_bits.rb

@@ -1,26 +1,26 @@
 module StrongPassword
   module NistBonusBits
     @@bonus_bits_for_password = {}
-    
+
     # NIST password strength rules allow up to 6 bonus bits for mixed case and non-alphabetic
     def self.bonus_bits(password)
       @@bonus_bits_for_password[password] ||= begin
         calculate_bonus_bits_for(password)
   	  end
     end
-    
+
     # This smells bad as it's only used for testing...
     def self.reset_bonus_cache!
       @@bonus_bits_for_password = {}
     end
-    
+
     def self.calculate_bonus_bits_for(password)
       upper   = !!(password =~ /[[:upper:]]/)
   		lower   = !!(password =~ /[[:lower:]]/)
   		numeric = !!(password =~ /[[:digit:]]/)
   		other   = !!(password =~ /[^a-zA-Z0-9 ]/)
   		space   = !!(password =~ / /)
-  		
+
   		# I had this condensed to nested ternaries but that shit was ugly
   		bonus_bits = if upper && lower && other && numeric
   		  6
@@ -42,4 +42,4 @@ module StrongPassword
   	  bonus_bits
 	  end
   end
-end
+end

data/lib/strong_password/password_variants.rb

@@ -1,6 +1,8 @@
 module StrongPassword
   module PasswordVariants
-    LEET_SPEAK_1 = {
+    LEET_SPEAK_REGEXP = /[\@\!\$1234567890]/
+
+    LEET_SPEAK = {
       "@" => "a",
       "!" => "i",
       "$" => "s",
@@ -16,37 +18,9 @@ module StrongPassword
       "0" => "o"
     }
 
-    LEET_SPEAK_2 = {
-      "@" => "a",
-      "!" => "i",
-      "$" => "s",
-      "1" => "l",
-      "2" => "z",
-      "3" => "e",
-      "4" => "a",
-      "5" => "s",
-      "6" => "g",
-      "7" => "t",
-      "8" => "b",
-      "9" => "g",
-      "0" => "o"
-    }
+    LEET_SPEAK_ALT = LEET_SPEAK.dup.merge!("1" => "l")
 
-    KEYBOARDMAP_DOWN_NOSHIFT = {
-      "z" => "", 
-      "x" => "", 
-      "c" => "", 
-      "v" => "", 
-      "b" => "", 
-      "n" => "", 
-      "m" => "", 
-      "," => "", 
-      "." => "", 
-      "/" => "", 
-      "<" => "", 
-      ">" => "", 
-      "?" => ""
-    }
+    BOTTOM_ROW_REGEXP = /[zxcvbnm,\.\/\<\>\?]/
 
     KEYBOARDMAP_DOWNRIGHT = {
       "a" => "z",
@@ -105,10 +79,10 @@ module StrongPassword
       "p" => "l",
       "-" => "p"
     }
-    
+
     # Returns all variants of a given password including the password itself
     def self.all_variants(password)
-      passwords = [password.dup.downcase]
+      passwords = [password.downcase]
       passwords += keyboard_shift_variants(password)
       passwords += leet_speak_variants(password)
       passwords.uniq
@@ -116,38 +90,27 @@ module StrongPassword
 
     # Returns all keyboard shifted variants of a given password
     def self.keyboard_shift_variants(password)
-      password = password.dup.downcase
-      variants = []
-      
-      if (password == password.tr(KEYBOARDMAP_DOWN_NOSHIFT.keys.join, KEYBOARDMAP_DOWN_NOSHIFT.values.join))
-        variant = password.tr(KEYBOARDMAP_DOWNRIGHT.keys.join, KEYBOARDMAP_DOWNRIGHT.values.join)
-        variants << variant
-        variants << variant.reverse
+      password = password.downcase
 
-        variant = password.tr(KEYBOARDMAP_DOWNLEFT.keys.join, KEYBOARDMAP_DOWNLEFT.values.join)
-        variants << variant
-        variants << variant.reverse
-      end
-      variants
+      return [] if password.match(BOTTOM_ROW_REGEXP)
+      variants(password, KEYBOARDMAP_DOWNRIGHT, KEYBOARDMAP_DOWNLEFT)
     end
 
     # Returns all leet speak variants of a given password
     def self.leet_speak_variants(password)
-      password = password.dup.downcase
-      variants = []
+      password = password.downcase
 
-      leet = password.tr(LEET_SPEAK_1.keys.join, LEET_SPEAK_1.values.join)
-      if leet != password
-        variants << leet
-        variants << leet.reverse
-      end
+      return [] if !password.match(LEET_SPEAK_REGEXP)
+      variants(password, LEET_SPEAK, LEET_SPEAK_ALT)
+    end
+
+    private
 
-      leet_l = password.tr(LEET_SPEAK_2.keys.join, LEET_SPEAK_2.values.join)
-      if (leet_l != password && leet_l != leet)
-        variants << leet_l
-        variants << leet_l.reverse
+    def self.variants(password, *mappings)
+      mappings.flat_map do |map|
+        variant = password.tr(map.keys.join, map.values.join)
+        [variant, variant.reverse]
       end
-      variants
     end
   end
-end
+end

data/lib/strong_password/qwerty_adjuster.rb

@@ -1,73 +1,75 @@
 module StrongPassword
   class QwertyAdjuster
     QWERTY_STRINGS = [
-      "1234567890-",
-      "qwertyuiop",
-      "asdfghjkl;",
-      "zxcvbnm,./",
+      '1234567890-',
+      'qwertyuiop',
+      'asdfghjkl;',
+      'zxcvbnm,./',
       "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]:?_{\"+}",
-      "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p",
+      '1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p',
       "qazwsxedcrfvtgbyhnujmik,ol.p;/-['=]:?_{\"+}",
-      "qazwsxedcrfvtgbyhnujmikolp",
-      "]\"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
-      "pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
-      "]\"/[;.pl,okmijnuhbygvtfcrdxeszwaq",
-      "plokmijnuhbygvtfcrdxeszwaq",
-      "014725836914702583697894561230258/369*+-*/",
-      "abcdefghijklmnopqrstuvwxyz"
-    ]
-    
-    attr_reader :base_password
-    
-    def initialize(password)
-      @base_password = password.dup.downcase
+      'qazwsxedcrfvtgbyhnujmikolp',
+      ']"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
+      'pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
+      ']"/[;.pl,okmijnuhbygvtfcrdxeszwaq',
+      'plokmijnuhbygvtfcrdxeszwaq',
+      '014725836914702583697894561230258/369*+-*/',
+      'abcdefghijklmnopqrstuvwxyz'
+    ].freeze
+
+    attr_reader :min_entropy, :entropy_threshhold
+
+    def initialize(min_entropy: 18, entropy_threshhold: min_entropy)
+      @min_entropy = min_entropy
+      @entropy_threshhold = entropy_threshhold
     end
-    
-    def is_strong?(min_entropy: 18)
-      adjusted_entropy(entropy_threshhold: min_entropy) >= min_entropy
+
+    def is_strong?(base_password)
+      adjusted_entropy(base_password) >= min_entropy
     end
-    
-    def is_weak?(min_entropy: 18)
-      !is_strong?(min_entropy: min_entropy)
+
+    def is_weak?(base_password)
+      !is_strong?(base_password)
     end
-    
+
     # Returns the minimum entropy for the password's qwerty locality
     # adjustments.  If a threshhold is specified we will bail
     # early to avoid unnecessary processing.
-    def adjusted_entropy(entropy_threshhold: 0)
+    def adjusted_entropy(base_password)
       revpassword = base_password.reverse
-      min_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
-      QWERTY_STRINGS.each do |qwertystr|
-        qpassword = mask_qwerty_strings(base_password, qwertystr)
-        qrevpassword = mask_qwerty_strings(revpassword, qwertystr)
-        if qpassword != base_password
-          numbits = EntropyCalculator.calculate(qpassword)
-          min_entropy = [min_entropy, numbits].min
-          return min_entropy if min_entropy < entropy_threshhold
-        end
-        if qrevpassword != revpassword
-          numbits = EntropyCalculator.calculate(qrevpassword)
-          min_entropy = [min_entropy, numbits].min
-          return min_entropy if min_entropy < entropy_threshhold
-        end
-      end
-      min_entropy
+      lowest_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
+      # If our entropy is already lower than we care about then there's no reason to look further.
+      return lowest_entropy if lowest_entropy < entropy_threshhold
+
+      qpassword = mask_qwerty_strings(base_password)
+      lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qpassword)].min if qpassword != base_password
+      # Bail early if our entropy on the base password's masked qwerty value is less than our threshold.
+      return lowest_entropy if lowest_entropy < entropy_threshhold
+
+      qrevpassword = mask_qwerty_strings(revpassword)
+      lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qrevpassword)].min if qrevpassword != revpassword
+      lowest_entropy
     end
-  
-  private
-  
-    def mask_qwerty_strings(password, qwerty_string)
-      masked_password = password
-      z = 6
-      begin
+
+    private
+
+    def all_qwerty_strings
+      @all_qwerty_strings ||= Regexp.union(QWERTY_STRINGS.flat_map do |qwerty_string|
+        gen_qw_strings(qwerty_string)
+      end)
+    end
+
+    def gen_qw_strings(qwerty_string)
+      6.downto(3).flat_map do |z|
         y = qwerty_string.length - z
-        (0..y).each do |x|
-          str = qwerty_string[x, z].sub('-', '\\-')
-          masked_password = masked_password.sub(str, '*')
+        (0..y).map do |x|
+          qwerty_string[x, z].sub('-', '\\-')
         end
-        z = z - 1
-      end while z > 2
-      masked_password
+      end
+    end
+
+    def mask_qwerty_strings(password)
+      password.gsub(all_qwerty_strings, '*')
     end
   end
-end
+end

data/lib/strong_password/railtie.rb

@@ -1 +1 @@
-require 'rails/railtie'
+require 'rails/railtie' if defined?(Rails)

data/lib/strong_password/strength_checker.rb

@@ -1,37 +1,58 @@
 module StrongPassword
   class StrengthChecker
     BASE_ENTROPY = 18
-    
-    attr_reader :base_password
+    PASSWORD_LIMIT = 1_000
+    EXTRA_WORDS_LIMIT = 1_000
 
-    def initialize(password)
-      @base_password = password.dup
+    attr_reader :min_entropy, :use_dictionary, :min_word_length, :extra_dictionary_words
+
+    def initialize(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
+      @min_entropy = min_entropy
+      @use_dictionary = use_dictionary
+      @min_word_length = min_word_length
+      @extra_dictionary_words = extra_dictionary_words
     end
-    
-    def is_weak?(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
-      !is_strong?(min_entropy: min_entropy,
-                  use_dictionary: use_dictionary, 
-                  min_word_length: min_word_length, 
-                  extra_dictionary_words: extra_dictionary_words)
+
+    def is_weak?(password)
+      !is_strong?(password)
     end
 
-    def is_strong?(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
+    def is_strong?(password)
+      base_password = password.dup[0...PASSWORD_LIMIT]
       weak = (EntropyCalculator.calculate(base_password) < min_entropy) ||
              (EntropyCalculator.calculate(base_password.downcase) < min_entropy) ||
-             (QwertyAdjuster.new(base_password).is_weak?(min_entropy: min_entropy))
+             (qwerty_adjuster.is_weak?(base_password))
       if !weak && use_dictionary
-        return DictionaryAdjuster.new(base_password).is_strong?(min_entropy: min_entropy,
-                    min_word_length: min_word_length, 
-                    extra_dictionary_words: extra_dictionary_words)
+        return dictionary_adjuster.is_strong?(base_password)
       else
         return !weak
       end
     end
-    
-    def calculate_entropy(use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
-      entropies = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(base_password.downcase), QwertyAdjuster.new(base_password).adjusted_entropy]
-      entropies << DictionaryAdjuster.new(base_password).adjusted_entropy(min_word_length: min_word_length, extra_dictionary_words: extra_dictionary_words) if use_dictionary
+
+    def calculate_entropy(password)
+      base_password = password.dup[0...PASSWORD_LIMIT]
+      extra_dictionary_words.collect! { |w| w[0...EXTRA_WORDS_LIMIT] }
+      entropies = [
+        EntropyCalculator.calculate(base_password),
+        EntropyCalculator.calculate(base_password.downcase),
+        qwerty_adjuster.adjusted_entropy(base_password)
+      ]
+      entropies << dictionary_adjuster.adjusted_entropy(base_password) if use_dictionary
       entropies.min
     end
+
+    private
+
+    def qwerty_adjuster
+      @qwerty_adjuster ||= QwertyAdjuster.new(min_entropy: min_entropy)
+    end
+
+    def dictionary_adjuster
+      @dictionary_adjuster ||= DictionaryAdjuster.new(
+        min_word_length: min_word_length,
+        extra_dictionary_words: extra_dictionary_words,
+        min_entropy: min_entropy
+      )
+    end
   end
-end
+end

data/lib/strong_password/version.rb

@@ -1,3 +1,3 @@
 module StrongPassword
-  VERSION = "0.0.3"
+  VERSION = '0.0.9'.freeze
 end

data/spec/spec_helper.rb

@@ -1,8 +1,14 @@
+require 'simplecov'
+require 'simplecov-console'
+SimpleCov.formatter = SimpleCov::Formatter::Console
+SimpleCov.start
+
 require 'bundler/setup'
-require 'strong_password'
+require 'pry'
 require 'active_model'
+require 'strong_password'
 
 RSpec.configure do |config|
   config.expect_with(:rspec) {|c| c.syntax = :expect}
   config.order = :random
-end
+end