strong_password 0.0.3 → 0.0.9

data/spec/strong_password/dictionary_adjuster_spec.rb

@@ -3,36 +3,36 @@ require 'spec_helper'
 module StrongPassword
   describe DictionaryAdjuster do
     describe '#is_strong?' do
-      let(:subject) { DictionaryAdjuster.new('password') }
+      let(:subject) { DictionaryAdjuster.new }
 
       it 'returns true if the calculated entropy is >= the minimum' do
-        subject.stub(adjusted_entropy: 18)
-        expect(subject.is_strong?).to be_true
+        allow(subject).to receive_messages(adjusted_entropy: 18)
+        expect(subject.is_strong?('password')).to be_truthy
       end
 
       it 'returns false if the calculated entropy is < the minimum' do
-        subject.stub(adjusted_entropy: 17)
-        expect(subject.is_strong?).to be_false
+        allow(subject).to receive_messages(adjusted_entropy: 17)
+        expect(subject.is_strong?('password')).to be_falsey
       end
     end
 
     describe '#is_weak?' do
-      let(:subject) { DictionaryAdjuster.new('password') }
+      let(:subject) { DictionaryAdjuster.new }
 
       it 'returns the opposite of is_strong?' do
-        subject.stub(is_strong?: true)
-        expect(subject.is_weak?).to be_false
+        allow(subject).to receive_messages(is_strong?: true)
+        expect(subject.is_weak?('password')).to be_falsey
       end
     end
 
     describe '#adjusted_entropy' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0)}
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
 
       it 'checks against all variants of a given password' do
         password = 'password'
-        adjuster = DictionaryAdjuster.new(password)
-        PasswordVariants.should_receive(:all_variants).with(password).and_return([])
-        adjuster.adjusted_entropy
+        adjuster = DictionaryAdjuster.new
+        expect(PasswordVariants).to receive(:all_variants).with(password).and_return([])
+        adjuster.adjusted_entropy(password)
       end
 
       {
@@ -40,29 +40,29 @@ module StrongPassword
         'h#e0zbPas' => 19.5, # Random string should not get adjusted by dictionary adjuster
         'password' => 4, # Adjusts common dictionary words
         'E_!3password' => 11.5, # Adjusts common dictionary words regardless of placement
-        'h#e0zbPas 32e2i81 password' => 31.3125, # Even if there are multiple words
+        'h#e0zbPas 32e2i81 password' => 31.0625, # Even if there are multiple words
         '123456' => 4, # Even if they are also qwerty strings
-        'password123456' => 16, # But only drops the first matched word
+        'password123456' => 14, # But only drops the first matched word
         'asdf)asdf' => 14, # Doesn't break with parens
         'asdf[]asdf' => 16 # Doesn't break with []s
       }.each do |password, bits|
         it "returns #{bits} for '#{password}'" do
-          expect(DictionaryAdjuster.new(password).adjusted_entropy).to eq(bits)
+          expect(DictionaryAdjuster.new.adjusted_entropy(password)).to eq(bits)
         end
       end
 
       it 'allows extra words to be provided as an array' do
-        password = 'mcmanus'
+        password = 'administratorWEQ@123'
         base_entropy = EntropyCalculator.calculate(password)
-        expect(DictionaryAdjuster.new(password).adjusted_entropy(extra_dictionary_words: ['mcmanus'])).not_to eq(base_entropy)
+        expect(DictionaryAdjuster.new(extra_dictionary_words: ['administrator']).adjusted_entropy(password)).not_to eq(base_entropy)
       end
 
       it 'allows minimum word length to be adjusted' do
         password = '6969'
-        base_entropy = DictionaryAdjuster.new(password).adjusted_entropy
+        base_entropy = DictionaryAdjuster.new.adjusted_entropy(password)
         # If we increase the min_word_length above the length of the password we should get a higher entropy
-        expect(DictionaryAdjuster.new(password).adjusted_entropy(min_word_length: 6)).not_to be < base_entropy
+        expect(DictionaryAdjuster.new(min_word_length: 6).adjusted_entropy(password)).not_to be < base_entropy
       end
     end
   end
-end
+end

data/spec/strong_password/entropy_calculator_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module StrongPassword
   describe EntropyCalculator do
     describe '.bits' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0) }
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
       {
         '' => 0,
         '*' => 4,
@@ -36,9 +36,9 @@ module StrongPassword
         end
       end
     end
-    
+
     describe '.bits_with_repeats_weakened' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0) }
+      before(:each) { allow(NistBonusBits).to receive(:bonus_bits).and_return(0) }
       {
         '' => 0,
         '*' => 4,
@@ -52,7 +52,7 @@ module StrongPassword
           expect(subject.bits_with_repeats_weakened(password)).to eq(bits)
         end
       end
-      
+
       it 'returns the same value for repeated calls on a password' do
         password = 'password'
         initial_value = subject.bits_with_repeats_weakened(password)

data/spec/strong_password/nist_bonus_bits_spec.rb

@@ -5,19 +5,19 @@ module StrongPassword
     describe '.bonus_bits' do
       it 'calculates the bonus bits the first time for a given password' do
         NistBonusBits.reset_bonus_cache!
-        NistBonusBits.should_receive(:calculate_bonus_bits_for).and_return(1)
+        expect(NistBonusBits).to receive(:calculate_bonus_bits_for).and_return(1)
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
-      
+
       it 'caches the bonus bits for a password for later use' do
         NistBonusBits.reset_bonus_cache!
-        NistBonusBits.stub(calculate_bonus_bits_for: 1)
+        allow(NistBonusBits).to receive_messages(calculate_bonus_bits_for: 1)
         NistBonusBits.bonus_bits('password')
-        NistBonusBits.should_not_receive(:calculate_bonus_bits_for)
+        expect(NistBonusBits).not_to receive(:calculate_bonus_bits_for)
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
     end
-    
+
     describe '.calculate_bonus_bits_for' do
 	    {
 	      'Ab$9' => 4,

data/spec/strong_password/password_variants_spec.rb

@@ -6,59 +6,59 @@ module StrongPassword
       it 'includes the lowercase password' do
         expect(subject.all_variants("PASSWORD")).to include('password')
       end
-      
+
       it 'includes keyboard shift variants' do
-        subject.stub(keyboard_shift_variants: ['foo', 'bar'])
+        allow(subject).to receive_messages(keyboard_shift_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'includes leet speak variants' do
-        subject.stub(leet_speak_variants: ['foo', 'bar'])
+        allow(subject).to receive_messages(leet_speak_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'does not mutate the password' do
         password = 'PASSWORD'
         subject.all_variants(password)
         expect(password).to eq('PASSWORD')
       end
     end
-    
+
     describe '.keyboard_shift_variants' do
       it 'returns no variants if password includes only bottom row characters' do
         expect(subject.keyboard_shift_variants('zxcvbnm,./')).to eq([])
       end
-      
+
       it 'maps down-right passwords' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('asdfgh')
       end
-      
+
       it 'includes reversed down-right password' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('hgfdsa')
       end
-      
+
       it 'maps down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('zxcvbn')
       end
-      
+
       it 'maps reversed down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('nbvcxz')
       end
     end
-    
+
     describe '.leet_speak_variants' do
       it 'returns no variants if the password includes no leet speak' do
         expect(subject.leet_speak_variants('password')).to eq([])
       end
-      
+
       it 'returns standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('password')
       end
-      
+
       it 'returns reversed standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('drowssap')
       end
-      
+
       it 'returns both i and l variants when given a 1' do
         expect(subject.leet_speak_variants('h1b0b')).to include('hibob', 'hlbob')
       end

data/spec/strong_password/qwerty_adjuster_spec.rb

@@ -2,31 +2,29 @@ require 'spec_helper'
 
 module StrongPassword
   describe QwertyAdjuster do
-    describe '#is_strong?' do
-      let(:subject) { QwertyAdjuster.new('password') }
+    subject(:qwerty_adjuster) { QwertyAdjuster.new(entropy_threshhold: 0) }
 
+    describe '#is_strong?' do
       it 'returns true if the calculated entropy is >= the minimum' do
-        subject.stub(adjusted_entropy: 18)
-        expect(subject.is_strong?).to be_true
+        allow(subject).to receive_messages(adjusted_entropy: 18)
+        expect(subject.is_strong?('password')).to be_truthy
       end
-      
+
       it 'returns false if the calculated entropy is < the minimum' do
-        subject.stub(adjusted_entropy: 17)
-        expect(subject.is_strong?).to be_false
+        allow(subject).to receive_messages(adjusted_entropy: 17)
+        expect(subject.is_strong?('password')).to be_falsey
       end
     end
-    
-    describe '#is_weak?' do
-      let(:subject) { QwertyAdjuster.new('password') }
 
+    describe '#is_weak?' do
       it 'returns the opposite of is_strong?' do
-        subject.stub(is_strong?: true)
-        expect(subject.is_weak?).to be_false
+        allow(subject).to receive_messages(is_strong?: true)
+        expect(subject.is_weak?('password')).to be_falsey
       end
     end
-    
+
     describe '#adjusted_entropy' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0)}
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
       {
         'qwertyuio' => 5.5,
         '1234567' => 6,
@@ -37,9 +35,21 @@ module StrongPassword
         'password' => 17.5 # Ensure that we don't qwerty-adjust 'password'
       }.each do |password, bits|
         it "returns #{bits} for '#{password}'" do
-          expect(QwertyAdjuster.new(password).adjusted_entropy).to eq(bits)
+          expect(subject.adjusted_entropy(password)).to eq(bits)
+        end
+      end
+
+      describe 'with a default entropy threshhold' do
+        subject(:qwerty_adjuster) { QwertyAdjuster.new }
+
+        it 'returns the higher entropy before running qwerty adjustments' do
+          # Default threshhold is equal to the default min_entropy for a strong password (18).
+          # When not set we should get the base password's entropy from this (16) instead of the
+          # lower qwerty-adjusted entropy (6) indicating we avoided doing additional work in the
+          # qwerty adjustment code since we already know the password is weak.
+          expect(subject.adjusted_entropy('1234567')).to eq(16)
         end
       end
     end
   end
-end
+end

data/spec/strong_password/strength_checker_spec.rb

@@ -11,25 +11,26 @@ module StrongPassword
         'aB$1' => false
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with 12 bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 12)).to be(strength)
+          expect(StrengthChecker.new(min_entropy: 12).is_strong?(password)).to be(strength)
         end
       end
     end
-    
+
     context 'with lowered entropy requirement and dictionary checking' do
       {
         'blahblah' => true,
         'password' => false,
         'wwwwwwww' => false,
-        'adamruge' => true,
+        'adamruge' => false,
+        'madaegur' => true,
         'aB$1' => false
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with 12 bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 12, use_dictionary: true)).to be(strength)
+          expect(StrengthChecker.new(min_entropy: 12, use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
-    
+
     context 'with standard entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -40,11 +41,11 @@ module StrongPassword
         'correct horse battery staple' => true
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with standard bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(use_dictionary: true)).to be(strength)
+          expect(StrengthChecker.new(use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
-    
+
     context 'with crazy entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -56,9 +57,32 @@ module StrongPassword
         'c0rr#ct h0rs3 Batt$ry st@pl3 is Gr34t' => true
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with standard bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 40, use_dictionary: true)).to be(strength)
+          expect(StrengthChecker.new(min_entropy: 40, use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
+
+    context 'with long password' do
+      let(:strength_checker) { StrengthChecker.new }
+      let(:password) { ("ba"*500_000) }
+      it 'should be truncated' do
+        expect(strength_checker.calculate_entropy(password)).
+          to eq(strength_checker.calculate_entropy(password.slice(0, StrengthChecker::PASSWORD_LIMIT)))
+      end
+    end
+
+    context 'with long extra words' do
+      let(:strength_checker) { StrengthChecker.new(use_dictionary: true, extra_dictionary_words: ["a"*1_000_000, "b"*10_000_000, "c"*10]) }
+      let(:exta_limit) { StrengthChecker::EXTRA_WORDS_LIMIT }
+      it 'should be truncated' do
+        expect(DictionaryAdjuster).to receive(:new).with({
+            min_entropy: 18,
+            min_word_length: 4,
+            extra_dictionary_words:
+            ["a"*StrengthChecker::EXTRA_WORDS_LIMIT, "b"*StrengthChecker::EXTRA_WORDS_LIMIT, "c"*10]
+          }).and_call_original
+        strength_checker.calculate_entropy("$tr0NgP4s$w0rd91d£")
+      end
+    end
   end
-end
+end

data/spec/validation/strength_validator_spec.rb

@@ -18,7 +18,7 @@ class TestStrengthStrongEntropy < User
 end
 
 class TestStrengthExtraWords < User
-  validates :password, password_strength: {extra_dictionary_words: ['mcmanus'], use_dictionary: true}
+  validates :password, password_strength: {extra_dictionary_words: ['administrator'], use_dictionary: true}
 end
 
 class TestBaseStrengthAlternative < User
@@ -47,7 +47,7 @@ module ActiveModel
               it "adds errors when password is '#{password}'" do
                 base_strength.password = password
                 base_strength.valid?
-                expect(base_strength.errors[:password]).to eq(["Password is too weak"])
+                expect(base_strength.errors[:password]).to eq(["is too weak"])
               end
             end
           end
@@ -79,7 +79,7 @@ module ActiveModel
               it "adds errors when password is '#{password}'" do
                 alternative_usage.password = password
                 alternative_usage.valid?
-                expect(alternative_usage.errors[:password]).to eq(["Password is too weak"])
+                expect(alternative_usage.errors[:password]).to eq(["is too weak"])
               end
             end
           end
@@ -129,7 +129,7 @@ module ActiveModel
                 it "'#{password}' should be invalid with increased entropy requirement" do
                   strong_entropy.password = password
                   strong_entropy.valid?
-                  expect(strong_entropy.errors[:password]).to eq(["Password is too weak"])
+                  expect(strong_entropy.errors[:password]).to eq(["is too weak"])
                 end
               end
             end
@@ -138,14 +138,18 @@ module ActiveModel
 
         describe 'extra words' do
           it 'allows extra words to be specified as an option to the validation' do
-            password = 'mcmanus'
+            password = 'administratorWEQ@123'
+            # Validate that without 'administrator' added to extra_dictionary_words
+            # this password is considered strong
             weak_entropy.password = password
-            expect(weak_entropy.valid?).to be_true
+            expect(weak_entropy.valid?).to be_truthy
+            # Now check that with 'administrator' added to extra_dictionary_words
+            # in our model, the same password is considered weak.
             extra_words.password = password
-            expect(extra_words.valid?).to be_false
+            expect(extra_words.valid?).to be_falsey
           end
         end
       end
     end
   end
-end
+end

data/strong_password.gemspec

@@ -20,5 +20,6 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec', '~> 2.12'
+  spec.add_development_dependency 'rspec', '~> 3.8'
+  spec.add_development_dependency 'pry'
 end

metadata

@@ -1,57 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: strong_password
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.9
 platform: ruby
 authors:
 - Brian McManus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-06-27 00:00:00.000000000 Z
+date: 2020-07-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Entropy-based password strength checking for Ruby and ActiveModel
 email:
 - bdmac97@gmail.com
@@ -59,7 +73,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG
 - Gemfile
 - LICENSE.txt
@@ -95,17 +110,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: StrongPassword adds a class to check password strength and a validator for