strong_password 0.0.4 → 0.0.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 2096a893ba8dd706abcd55dca27bef4595757b44
-  data.tar.gz: 3223d986cc149971258c53a9bf4bc85a49cf13ff
+SHA256:
+  metadata.gz: 4559a04254bce83f7f49ed741cacc81df19a55ca3b7512ffb8fbd63da5ec0a57
+  data.tar.gz: 2164536b2690a5946796f874b00db0a80228bb72c19f3d3437625a332a792fa9
 SHA512:
-  metadata.gz: 6670c0fa8982bee8acaec5fda404560ab55860fe76ccbe369e4a048297035e625a1040c6699c138d444f62cf3d6cb2d7eaf382b7154f0d7e490c5295ce331509
-  data.tar.gz: 0dab918c62d3fb5e39996878a67ae61a7a6275ffd141f8a7f700d9685ea1aed6a07a02cb34c168131149ec73f72a7fc0630be152a699a0dd1bc02b477bb13221
+  metadata.gz: 75dbfd339fcf1c8a4082ff02bf5f8326a0299fcb600a93e2126e10a409abd3008002c5f705537710f40e9c9989d29fc3feb8ffa22b70c121fb81c60f363f9f23
+  data.tar.gz: ea1905e903579dc290b544e99476bbc88585cdff81c45c6e492969978bc465e4ce2e59e160a64c96c05fa16ebd98efc995d60bc196f3e30b5bcb53e289008d72

data/.gitignore

@@ -15,3 +15,5 @@ spec/reports
 test/tmp
 test/version_tmp
 tmp
+.ruby-gemset
+.ruby-version

data/.travis.yml

@@ -0,0 +1,17 @@
+language: ruby
+rvm:
+  - 2.2.3
+  - 2.1.7
+  - ruby-head
+env:
+  - "RAILS_VERSION=4.2"
+  - "RAILS_VERSION=4.1"
+  - "RAILS_VERSION=4.0"
+  - "RAILS_VERSION=3.2"
+  - "RAILS_VERSION=3.1"
+  - "RAILS_VERSION=3.0"
+  - "RAILS_VERSION=master"
+matrix:
+  allow_failures:
+    - rvm: ruby-head
+    - env: "RAILS_VERSION=master"

data/CHANGELOG

@@ -1,3 +1,18 @@
+## v0.0.10
+* jfabre - Remove ruby 2.7 warning
+## v0.0.8
+This release breaks backwards compatibility if you are using the lib components
+directly. If you are using the ActiveModel validations in a Rails project then
+you should be unaffected.
+
+The major changes when used directly are that you now initialize the objects
+with the various strength options instead of the password and then provide the
+password to the various methods. The README section on standalone usage has
+been updated to reflect this change.
+
+* jacobat - Performance improvements
+* jacksenechal - Updated README
+
 ## v0.0.4
 * peterkovacs - Increase size of password dictionary
 * peterkovacs - Swapped in a cleaner, more efficient comparison algorithm
@@ -7,4 +22,4 @@
 
 ## v0.0.1
 
-* Initial release
+* Initial release

data/Gemfile

@@ -1,8 +1,9 @@
 source 'https://rubygems.org'
+git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 
 gemspec
 
-version = ENV["RAILS_VERSION"] || "3.2"
+version = ENV["RAILS_VERSION"] || "4.2"
 
 rails = case version
 when "master"
@@ -11,4 +12,8 @@ else
   "~> #{version}.0"
 end
 
-gem "rails", rails
+gem "rails", rails
+group :test do
+  gem "simplecov", require: false
+  gem "simplecov-console", require: false
+end

data/README.md

@@ -1,3 +1,7 @@
+[![Build Status](https://travis-ci.org/bdmac/strong_password.svg?branch=master)](https://travis-ci.org/bdmac/strong_password)
+[![Code Climate](https://codeclimate.com/github/bdmac/strong_password/badges/gpa.svg)](https://codeclimate.com/github/bdmac/strong_password)
+[![Test Coverage](https://codeclimate.com/github/bdmac/strong_password/badges/coverage.svg)](https://codeclimate.com/github/bdmac/strong_password/coverage)
+
 # StrongPassword
 
 StrongPassword provides entropy-based password strength checking for your apps.
@@ -15,7 +19,9 @@ NOTE: StrongPassword requires the use of Ruby 2.0.  Upgrade if you haven't alrea
 
 Add this line to your application's Gemfile:
 
-    gem 'strong_password', '~> 0.0.3'
+```ruby
+gem 'strong_password', '~> 0.0.9'
+```
 
 And then execute:
 
@@ -61,15 +67,15 @@ class User
 end
 ```
 
-The default validation message is "%{attribute} is too weak".  If you would like to customize that you can override it in your locale file
-by setting a value for this key:
+The default validation message is "is too weak". Rails will display a field of `:password` having too weak of a password with `full_error_messages` as "Password is too weak". If you would like to customize the error message, you can override it in your locale file by setting a value for this key:
+
 
 ```yml
 en:
   errors:
     messages:
       password:
-        password_strength: "%{attribute} is a terrible password, try again!"
+        password_strength: "is a terrible password, try again!"
 ```
 
 ### Standalone
@@ -77,19 +83,23 @@ en:
 StrongPassword can also be used standalone if you need to. There are a few helper methods for determining whether a
 password is strong or not. You can also directly access the entropy calculations if you want.
 
-```text
-2.0.0p0 :001 > checker = StrongPassword::StrengthChecker.new('password')
- => #<StrongPassword::StrengthChecker:0x007fcd7c939b48 @base_password="password">
-2.0.0p0 :002 > checker.is_strong?
- => false
-2.0.0p0 :003 > checker.is_weak?
- => true
-2.0.0p0 :004 > checker.is_strong?(min_entropy: 2)
- => true
-2.0.0p0 :005 > checker.calculate_entropy
- => 15.5
-2.0.0p0 :006 > checker.calculate_entropy(use_dictionary: true)
- => 2
+```console
+irb(main):004:0> checker = StrongPassword::StrengthChecker.new
+=> #<StrongPassword::StrengthChecker:0x00007f985509db30 @min_entropy=18, @use_dictionary=false, @min_word_length=4, @extra_dictionary_words=[]>
+irb(main):005:0> checker.is_strong?("password")
+=> false
+irb(main):006:0> checker.is_weak?("password")
+=> true
+irb(main):007:0> checker = StrongPassword::StrengthChecker.new(min_entropy: 2)
+=> #<StrongPassword::StrengthChecker:0x00007f9855147bd0 @min_entropy=2, @use_dictionary=false, @min_word_length=4, @extra_dictionary_words=[]>
+irb(main):008:0> checker.calculate_entropy("password")
+=> 15.5
+irb(main):009:0> checker.is_strong?("password")
+=> true
+irb(main):010:0> checker = StrongPassword::StrengthChecker.new(use_dictionary: true)
+=> #<StrongPassword::StrengthChecker:0x00007f98550ee008 @min_entropy=18, @use_dictionary=true, @min_word_length=4, @extra_dictionary_words=[]>
+irb(main):011:0> checker.calculate_entropy("password")
+=> 2
 ```
 
 ## Details
@@ -141,17 +151,21 @@ disallowed by the strength checker.
 
 ## Todo
 
-1. Allow the dictionary of common words to be specified by the user.  This is currently hard-coded to
-   the 500 most common passwords.  That also means it's not a true "dictionary" check...
-2. Add a common password adjuster that basically works like the existing DictionaryAdjuster but does
+1. Add a common password adjuster that basically works like the existing DictionaryAdjuster but does
    not stop at the first found word.  Stopping at the first word make sense if you have a 300,000 word
-   dictionary of the English language but not so much when you're only talking about the 500 most
+   dictionary of the English language but not so much when you're only talking about the 10,000 most
    common passwords.
 
+## Running the tests
+
+To run the tests, install the gems with `bundle install`. Then run `rake`.
+
 ## Contributing
 
 1. Fork it
 2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+3. Make your changes
+4. Test the changes and make sure existing tests pass
+5. Commit your changes (`git commit -am 'Add some feature'`)
+6. Push to the branch (`git push origin my-new-feature`)
+7. Create new Pull Request

data/Rakefile

@@ -1 +1,6 @@
 require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/lib/active_model/validations/password_strength_validator.rb

@@ -4,9 +4,9 @@ module ActiveModel
   module Validations
     class PasswordStrengthValidator < ActiveModel::EachValidator
       def validate_each(object, attribute, value)
-        ps = ::StrongPassword::StrengthChecker.new(value.to_s)
-        unless ps.is_strong?(strength_options(options, object))
-          object.errors.add(attribute, :'password.password_strength', options.merge(:value => value.to_s))
+        ps = ::StrongPassword::StrengthChecker.new(**strength_options(options, object))
+        unless ps.is_strong?(value.to_s)
+          object.errors.add(attribute, :'password.password_strength', **(options.merge(:value => value.to_s)))
         end
       end
 
@@ -40,4 +40,4 @@ module ActiveModel
       end
     end
   end
-end
+end

data/lib/strong_password.rb

@@ -1,4 +1,4 @@
-require 'active_model/validations'
+require 'active_model/validations' if defined?(ActiveModel)
 
 require 'strong_password/version'
 require 'strong_password/nist_bonus_bits'
@@ -12,4 +12,4 @@ require 'active_model/validations/password_strength_validator' if defined?(Activ
 module StrongPassword
 end
 
-I18n.load_path << File.dirname(__FILE__) + '/strong_password/locale/en.yml' if defined?(I18n)
+I18n.load_path << File.dirname(__FILE__) + '/strong_password/locale/en.yml' if defined?(I18n)

data/lib/strong_password/dictionary_adjuster.rb

@@ -967,20 +967,20 @@ module StrongPassword
         hounds honeydew hooters1 hoes howie hevnm4 hugohugo eighty epson evangeli
         eeeee1 eyphed ).sort_by(&:length).reverse
 
-    attr_reader :base_password
+    attr_reader :min_entropy, :min_word_length, :extra_dictionary_words
 
-    def initialize(password)
-      @base_password = password.downcase
+    def initialize(min_entropy: 18, min_word_length: 4, extra_dictionary_words: [])
+      @min_entropy = min_entropy
+      @min_word_length = min_word_length
+      @extra_dictionary_words = extra_dictionary_words
     end
 
-    def is_strong?(min_entropy: 18, min_word_length: 4, extra_dictionary_words: [])
-      adjusted_entropy(entropy_threshhold: min_entropy,
-                       min_word_length: min_word_length,
-                       extra_dictionary_words: extra_dictionary_words) >= min_entropy
+    def is_strong?(password)
+      adjusted_entropy(password) >= min_entropy
     end
 
-    def is_weak?(min_entropy: 18, min_word_length: 4, extra_dictionary_words: [])
-      !is_strong?(min_entropy: min_entropy, min_word_length: min_word_length, extra_dictionary_words: extra_dictionary_words)
+    def is_weak?(password)
+      !is_strong?(password)
     end
 
     # Returns the minimum entropy for the passwords dictionary adjustments.
@@ -988,13 +988,17 @@ module StrongPassword
     # processing.
     # Note that we only check for the first matching word up to the threshhold if set.
     # Subsequent matching words are not deductd.
-    def adjusted_entropy(min_word_length: 4, extra_dictionary_words: [], entropy_threshhold: -1)
-      dictionary_words = Regexp.union( ( extra_dictionary_words + COMMON_PASSWORDS ).compact.reject{ |i| i.length < min_word_length } )
+    def adjusted_entropy(password)
+      base_password = password.downcase
       min_entropy = EntropyCalculator.calculate(base_password)
       # Process the passwords, while looking for possible matching words in the dictionary.
       PasswordVariants.all_variants(base_password).inject( min_entropy ) do |min_entropy, variant|
         [ min_entropy, EntropyCalculator.calculate( variant.sub( dictionary_words, '*' ) ) ].min 
       end
     end
+
+    def dictionary_words
+      @dictionary_words ||= Regexp.union( ( extra_dictionary_words + COMMON_PASSWORDS ).compact.reject{ |i| i.length < min_word_length } )
+    end
   end
-end
+end

data/lib/strong_password/entropy_calculator.rb

@@ -8,7 +8,7 @@ module StrongPassword
         bits(password)
       end
     end
-    
+
     # The basic NIST entropy calculation is based solely
     # on the length of the password in question.
     def self.bits(password)
@@ -24,7 +24,7 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-    
+
     # A modified version of the basic entropy calculation
     # which lowers the amount of entropy gained for each
     # repeated character in the password
@@ -36,9 +36,9 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-  
+
   private
-    
+
     def self.bit_value_at_position(position, base = 1)
       if position > 19
         return base
@@ -50,17 +50,17 @@ module StrongPassword
         return 4
       end
     end
-  
+
     class EntropyResolver
       BASE_VALUE = 1
       REPEAT_WEAKENING_FACTOR = 0.75
-      
+
       attr_reader :char_multiplier
-      
+
       def initialize
         @char_multiplier = {}
       end
-      
+
       # Returns the current entropy value for a character and weakens the entropy
       # for future calls for the same character.
       def entropy_for(char)

data/lib/strong_password/locale/en.yml

@@ -2,4 +2,4 @@ en:
   errors:
     messages:
       password:
-        password_strength: "%{attribute} is too weak"
+        password_strength: "is too weak"

data/lib/strong_password/nist_bonus_bits.rb

@@ -1,26 +1,26 @@
 module StrongPassword
   module NistBonusBits
     @@bonus_bits_for_password = {}
-    
+
     # NIST password strength rules allow up to 6 bonus bits for mixed case and non-alphabetic
     def self.bonus_bits(password)
       @@bonus_bits_for_password[password] ||= begin
         calculate_bonus_bits_for(password)
   	  end
     end
-    
+
     # This smells bad as it's only used for testing...
     def self.reset_bonus_cache!
       @@bonus_bits_for_password = {}
     end
-    
+
     def self.calculate_bonus_bits_for(password)
       upper   = !!(password =~ /[[:upper:]]/)
   		lower   = !!(password =~ /[[:lower:]]/)
   		numeric = !!(password =~ /[[:digit:]]/)
   		other   = !!(password =~ /[^a-zA-Z0-9 ]/)
   		space   = !!(password =~ / /)
-  		
+
   		# I had this condensed to nested ternaries but that shit was ugly
   		bonus_bits = if upper && lower && other && numeric
   		  6
@@ -42,4 +42,4 @@ module StrongPassword
   	  bonus_bits
 	  end
   end
-end
+end

data/lib/strong_password/password_variants.rb

@@ -1,6 +1,8 @@
 module StrongPassword
   module PasswordVariants
-    LEET_SPEAK_1 = {
+    LEET_SPEAK_REGEXP = /[\@\!\$1234567890]/
+
+    LEET_SPEAK = {
       "@" => "a",
       "!" => "i",
       "$" => "s",
@@ -16,37 +18,9 @@ module StrongPassword
       "0" => "o"
     }
 
-    LEET_SPEAK_2 = {
-      "@" => "a",
-      "!" => "i",
-      "$" => "s",
-      "1" => "l",
-      "2" => "z",
-      "3" => "e",
-      "4" => "a",
-      "5" => "s",
-      "6" => "g",
-      "7" => "t",
-      "8" => "b",
-      "9" => "g",
-      "0" => "o"
-    }
+    LEET_SPEAK_ALT = LEET_SPEAK.dup.merge!("1" => "l")
 
-    KEYBOARDMAP_DOWN_NOSHIFT = {
-      "z" => "", 
-      "x" => "", 
-      "c" => "", 
-      "v" => "", 
-      "b" => "", 
-      "n" => "", 
-      "m" => "", 
-      "," => "", 
-      "." => "", 
-      "/" => "", 
-      "<" => "", 
-      ">" => "", 
-      "?" => ""
-    }
+    BOTTOM_ROW_REGEXP = /[zxcvbnm,\.\/\<\>\?]/
 
     KEYBOARDMAP_DOWNRIGHT = {
       "a" => "z",
@@ -105,7 +79,7 @@ module StrongPassword
       "p" => "l",
       "-" => "p"
     }
-    
+
     # Returns all variants of a given password including the password itself
     def self.all_variants(password)
       passwords = [password.downcase]
@@ -117,37 +91,26 @@ module StrongPassword
     # Returns all keyboard shifted variants of a given password
     def self.keyboard_shift_variants(password)
       password = password.downcase
-      variants = []
-      
-      if (password == password.tr(KEYBOARDMAP_DOWN_NOSHIFT.keys.join, KEYBOARDMAP_DOWN_NOSHIFT.values.join))
-        variant = password.tr(KEYBOARDMAP_DOWNRIGHT.keys.join, KEYBOARDMAP_DOWNRIGHT.values.join)
-        variants << variant
-        variants << variant.reverse
 
-        variant = password.tr(KEYBOARDMAP_DOWNLEFT.keys.join, KEYBOARDMAP_DOWNLEFT.values.join)
-        variants << variant
-        variants << variant.reverse
-      end
-      variants
+      return [] if password.match(BOTTOM_ROW_REGEXP)
+      variants(password, KEYBOARDMAP_DOWNRIGHT, KEYBOARDMAP_DOWNLEFT)
     end
 
     # Returns all leet speak variants of a given password
     def self.leet_speak_variants(password)
       password = password.downcase
-      variants = []
 
-      leet = password.tr(LEET_SPEAK_1.keys.join, LEET_SPEAK_1.values.join)
-      if leet != password
-        variants << leet
-        variants << leet.reverse
-      end
+      return [] if !password.match(LEET_SPEAK_REGEXP)
+      variants(password, LEET_SPEAK, LEET_SPEAK_ALT)
+    end
+
+    private
 
-      leet_l = password.tr(LEET_SPEAK_2.keys.join, LEET_SPEAK_2.values.join)
-      if (leet_l != password && leet_l != leet)
-        variants << leet_l
-        variants << leet_l.reverse
+    def self.variants(password, *mappings)
+      mappings.flat_map do |map|
+        variant = password.tr(map.keys.join, map.values.join)
+        [variant, variant.reverse]
       end
-      variants
     end
   end
-end
+end