strong_password 0.0.4 → 0.0.10

data/lib/strong_password/qwerty_adjuster.rb

@@ -1,73 +1,75 @@
 module StrongPassword
   class QwertyAdjuster
     QWERTY_STRINGS = [
-      "1234567890-",
-      "qwertyuiop",
-      "asdfghjkl;",
-      "zxcvbnm,./",
+      '1234567890-',
+      'qwertyuiop',
+      'asdfghjkl;',
+      'zxcvbnm,./',
       "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]:?_{\"+}",
-      "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p",
+      '1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p',
       "qazwsxedcrfvtgbyhnujmik,ol.p;/-['=]:?_{\"+}",
-      "qazwsxedcrfvtgbyhnujmikolp",
-      "]\"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
-      "pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
-      "]\"/[;.pl,okmijnuhbygvtfcrdxeszwaq",
-      "plokmijnuhbygvtfcrdxeszwaq",
-      "014725836914702583697894561230258/369*+-*/",
-      "abcdefghijklmnopqrstuvwxyz"
-    ]
-    
-    attr_reader :base_password
-    
-    def initialize(password)
-      @base_password = password.downcase
+      'qazwsxedcrfvtgbyhnujmikolp',
+      ']"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
+      'pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
+      ']"/[;.pl,okmijnuhbygvtfcrdxeszwaq',
+      'plokmijnuhbygvtfcrdxeszwaq',
+      '014725836914702583697894561230258/369*+-*/',
+      'abcdefghijklmnopqrstuvwxyz'
+    ].freeze
+
+    attr_reader :min_entropy, :entropy_threshhold
+
+    def initialize(min_entropy: 18, entropy_threshhold: min_entropy)
+      @min_entropy = min_entropy
+      @entropy_threshhold = entropy_threshhold
     end
-    
-    def is_strong?(min_entropy: 18)
-      adjusted_entropy(entropy_threshhold: min_entropy) >= min_entropy
+
+    def is_strong?(base_password)
+      adjusted_entropy(base_password) >= min_entropy
     end
-    
-    def is_weak?(min_entropy: 18)
-      !is_strong?(min_entropy: min_entropy)
+
+    def is_weak?(base_password)
+      !is_strong?(base_password)
     end
-    
+
     # Returns the minimum entropy for the password's qwerty locality
     # adjustments.  If a threshhold is specified we will bail
     # early to avoid unnecessary processing.
-    def adjusted_entropy(entropy_threshhold: 0)
+    def adjusted_entropy(base_password)
       revpassword = base_password.reverse
-      min_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
-      QWERTY_STRINGS.each do |qwertystr|
-        qpassword = mask_qwerty_strings(base_password, qwertystr)
-        qrevpassword = mask_qwerty_strings(revpassword, qwertystr)
-        if qpassword != base_password
-          numbits = EntropyCalculator.calculate(qpassword)
-          min_entropy = [min_entropy, numbits].min
-          return min_entropy if min_entropy < entropy_threshhold
-        end
-        if qrevpassword != revpassword
-          numbits = EntropyCalculator.calculate(qrevpassword)
-          min_entropy = [min_entropy, numbits].min
-          return min_entropy if min_entropy < entropy_threshhold
-        end
-      end
-      min_entropy
+      lowest_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
+      # If our entropy is already lower than we care about then there's no reason to look further.
+      return lowest_entropy if lowest_entropy < entropy_threshhold
+
+      qpassword = mask_qwerty_strings(base_password)
+      lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qpassword)].min if qpassword != base_password
+      # Bail early if our entropy on the base password's masked qwerty value is less than our threshold.
+      return lowest_entropy if lowest_entropy < entropy_threshhold
+
+      qrevpassword = mask_qwerty_strings(revpassword)
+      lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qrevpassword)].min if qrevpassword != revpassword
+      lowest_entropy
     end
-  
-  private
-  
-    def mask_qwerty_strings(password, qwerty_string)
-      masked_password = password
-      z = 6
-      begin
+
+    private
+
+    def all_qwerty_strings
+      @all_qwerty_strings ||= Regexp.union(QWERTY_STRINGS.flat_map do |qwerty_string|
+        gen_qw_strings(qwerty_string)
+      end)
+    end
+
+    def gen_qw_strings(qwerty_string)
+      6.downto(3).flat_map do |z|
         y = qwerty_string.length - z
-        (0..y).each do |x|
-          str = qwerty_string[x, z].sub('-', '\\-')
-          masked_password = masked_password.sub(str, '*')
+        (0..y).map do |x|
+          qwerty_string[x, z].sub('-', '\\-')
         end
-        z = z - 1
-      end while z > 2
-      masked_password
+      end
+    end
+
+    def mask_qwerty_strings(password)
+      password.gsub(all_qwerty_strings, '*')
     end
   end
-end
+end

data/lib/strong_password/railtie.rb

@@ -1 +1 @@
-require 'rails/railtie'
+require 'rails/railtie' if defined?(Rails)

data/lib/strong_password/strength_checker.rb

@@ -1,37 +1,58 @@
 module StrongPassword
   class StrengthChecker
     BASE_ENTROPY = 18
-    
-    attr_reader :base_password
+    PASSWORD_LIMIT = 1_000
+    EXTRA_WORDS_LIMIT = 1_000
 
-    def initialize(password)
-      @base_password = password.dup
+    attr_reader :min_entropy, :use_dictionary, :min_word_length, :extra_dictionary_words
+
+    def initialize(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
+      @min_entropy = min_entropy
+      @use_dictionary = use_dictionary
+      @min_word_length = min_word_length
+      @extra_dictionary_words = extra_dictionary_words
     end
-    
-    def is_weak?(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
-      !is_strong?(min_entropy: min_entropy,
-                  use_dictionary: use_dictionary, 
-                  min_word_length: min_word_length, 
-                  extra_dictionary_words: extra_dictionary_words)
+
+    def is_weak?(password)
+      !is_strong?(password)
     end
 
-    def is_strong?(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
+    def is_strong?(password)
+      base_password = password.dup[0...PASSWORD_LIMIT]
       weak = (EntropyCalculator.calculate(base_password) < min_entropy) ||
              (EntropyCalculator.calculate(base_password.downcase) < min_entropy) ||
-             (QwertyAdjuster.new(base_password).is_weak?(min_entropy: min_entropy))
+             (qwerty_adjuster.is_weak?(base_password))
       if !weak && use_dictionary
-        return DictionaryAdjuster.new(base_password).is_strong?(min_entropy: min_entropy,
-                    min_word_length: min_word_length, 
-                    extra_dictionary_words: extra_dictionary_words)
+        return dictionary_adjuster.is_strong?(base_password)
       else
         return !weak
       end
     end
-    
-    def calculate_entropy(use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
-      entropies = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(base_password.downcase), QwertyAdjuster.new(base_password).adjusted_entropy]
-      entropies << DictionaryAdjuster.new(base_password).adjusted_entropy(min_word_length: min_word_length, extra_dictionary_words: extra_dictionary_words) if use_dictionary
+
+    def calculate_entropy(password)
+      base_password = password.dup[0...PASSWORD_LIMIT]
+      extra_dictionary_words.collect! { |w| w[0...EXTRA_WORDS_LIMIT] }
+      entropies = [
+        EntropyCalculator.calculate(base_password),
+        EntropyCalculator.calculate(base_password.downcase),
+        qwerty_adjuster.adjusted_entropy(base_password)
+      ]
+      entropies << dictionary_adjuster.adjusted_entropy(base_password) if use_dictionary
       entropies.min
     end
+
+    private
+
+    def qwerty_adjuster
+      @qwerty_adjuster ||= QwertyAdjuster.new(min_entropy: min_entropy)
+    end
+
+    def dictionary_adjuster
+      @dictionary_adjuster ||= DictionaryAdjuster.new(
+        min_word_length: min_word_length,
+        extra_dictionary_words: extra_dictionary_words,
+        min_entropy: min_entropy
+      )
+    end
   end
-end
+end

data/lib/strong_password/version.rb

@@ -1,3 +1,3 @@
 module StrongPassword
-  VERSION = "0.0.4"
+  VERSION = '0.0.10'.freeze
 end

data/spec/spec_helper.rb

@@ -1,8 +1,14 @@
+require 'simplecov'
+require 'simplecov-console'
+SimpleCov.formatter = SimpleCov::Formatter::Console
+SimpleCov.start
+
 require 'bundler/setup'
-require 'strong_password'
+require 'pry'
 require 'active_model'
+require 'strong_password'
 
 RSpec.configure do |config|
   config.expect_with(:rspec) {|c| c.syntax = :expect}
   config.order = :random
-end
+end

data/spec/strong_password/dictionary_adjuster_spec.rb

@@ -3,36 +3,36 @@ require 'spec_helper'
 module StrongPassword
   describe DictionaryAdjuster do
     describe '#is_strong?' do
-      let(:subject) { DictionaryAdjuster.new('password') }
+      let(:subject) { DictionaryAdjuster.new }
 
       it 'returns true if the calculated entropy is >= the minimum' do
-        subject.stub(adjusted_entropy: 18)
-        expect(subject.is_strong?).to be_true
+        allow(subject).to receive_messages(adjusted_entropy: 18)
+        expect(subject.is_strong?('password')).to be_truthy
       end
 
       it 'returns false if the calculated entropy is < the minimum' do
-        subject.stub(adjusted_entropy: 17)
-        expect(subject.is_strong?).to be_false
+        allow(subject).to receive_messages(adjusted_entropy: 17)
+        expect(subject.is_strong?('password')).to be_falsey
       end
     end
 
     describe '#is_weak?' do
-      let(:subject) { DictionaryAdjuster.new('password') }
+      let(:subject) { DictionaryAdjuster.new }
 
       it 'returns the opposite of is_strong?' do
-        subject.stub(is_strong?: true)
-        expect(subject.is_weak?).to be_false
+        allow(subject).to receive_messages(is_strong?: true)
+        expect(subject.is_weak?('password')).to be_falsey
       end
     end
 
     describe '#adjusted_entropy' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0)}
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
 
       it 'checks against all variants of a given password' do
         password = 'password'
-        adjuster = DictionaryAdjuster.new(password)
-        PasswordVariants.should_receive(:all_variants).with(password).and_return([])
-        adjuster.adjusted_entropy
+        adjuster = DictionaryAdjuster.new
+        expect(PasswordVariants).to receive(:all_variants).with(password).and_return([])
+        adjuster.adjusted_entropy(password)
       end
 
       {
@@ -47,22 +47,22 @@ module StrongPassword
         'asdf[]asdf' => 16 # Doesn't break with []s
       }.each do |password, bits|
         it "returns #{bits} for '#{password}'" do
-          expect(DictionaryAdjuster.new(password).adjusted_entropy).to eq(bits)
+          expect(DictionaryAdjuster.new.adjusted_entropy(password)).to eq(bits)
         end
       end
 
       it 'allows extra words to be provided as an array' do
-        password = 'mcmanus'
+        password = 'administratorWEQ@123'
         base_entropy = EntropyCalculator.calculate(password)
-        expect(DictionaryAdjuster.new(password).adjusted_entropy(extra_dictionary_words: ['mcmanus'])).not_to eq(base_entropy)
+        expect(DictionaryAdjuster.new(extra_dictionary_words: ['administrator']).adjusted_entropy(password)).not_to eq(base_entropy)
       end
 
       it 'allows minimum word length to be adjusted' do
         password = '6969'
-        base_entropy = DictionaryAdjuster.new(password).adjusted_entropy
+        base_entropy = DictionaryAdjuster.new.adjusted_entropy(password)
         # If we increase the min_word_length above the length of the password we should get a higher entropy
-        expect(DictionaryAdjuster.new(password).adjusted_entropy(min_word_length: 6)).not_to be < base_entropy
+        expect(DictionaryAdjuster.new(min_word_length: 6).adjusted_entropy(password)).not_to be < base_entropy
       end
     end
   end
-end
+end

data/spec/strong_password/entropy_calculator_spec.rb

@@ -3,7 +3,7 @@ require 'spec_helper'
 module StrongPassword
   describe EntropyCalculator do
     describe '.bits' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0) }
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
       {
         '' => 0,
         '*' => 4,
@@ -36,9 +36,9 @@ module StrongPassword
         end
       end
     end
-    
+
     describe '.bits_with_repeats_weakened' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0) }
+      before(:each) { allow(NistBonusBits).to receive(:bonus_bits).and_return(0) }
       {
         '' => 0,
         '*' => 4,
@@ -52,7 +52,7 @@ module StrongPassword
           expect(subject.bits_with_repeats_weakened(password)).to eq(bits)
         end
       end
-      
+
       it 'returns the same value for repeated calls on a password' do
         password = 'password'
         initial_value = subject.bits_with_repeats_weakened(password)

data/spec/strong_password/nist_bonus_bits_spec.rb

@@ -5,19 +5,19 @@ module StrongPassword
     describe '.bonus_bits' do
       it 'calculates the bonus bits the first time for a given password' do
         NistBonusBits.reset_bonus_cache!
-        NistBonusBits.should_receive(:calculate_bonus_bits_for).and_return(1)
+        expect(NistBonusBits).to receive(:calculate_bonus_bits_for).and_return(1)
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
-      
+
       it 'caches the bonus bits for a password for later use' do
         NistBonusBits.reset_bonus_cache!
-        NistBonusBits.stub(calculate_bonus_bits_for: 1)
+        allow(NistBonusBits).to receive_messages(calculate_bonus_bits_for: 1)
         NistBonusBits.bonus_bits('password')
-        NistBonusBits.should_not_receive(:calculate_bonus_bits_for)
+        expect(NistBonusBits).not_to receive(:calculate_bonus_bits_for)
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
     end
-    
+
     describe '.calculate_bonus_bits_for' do
 	    {
 	      'Ab$9' => 4,

data/spec/strong_password/password_variants_spec.rb

@@ -6,59 +6,59 @@ module StrongPassword
       it 'includes the lowercase password' do
         expect(subject.all_variants("PASSWORD")).to include('password')
       end
-      
+
       it 'includes keyboard shift variants' do
-        subject.stub(keyboard_shift_variants: ['foo', 'bar'])
+        allow(subject).to receive_messages(keyboard_shift_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'includes leet speak variants' do
-        subject.stub(leet_speak_variants: ['foo', 'bar'])
+        allow(subject).to receive_messages(leet_speak_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'does not mutate the password' do
         password = 'PASSWORD'
         subject.all_variants(password)
         expect(password).to eq('PASSWORD')
       end
     end
-    
+
     describe '.keyboard_shift_variants' do
       it 'returns no variants if password includes only bottom row characters' do
         expect(subject.keyboard_shift_variants('zxcvbnm,./')).to eq([])
       end
-      
+
       it 'maps down-right passwords' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('asdfgh')
       end
-      
+
       it 'includes reversed down-right password' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('hgfdsa')
       end
-      
+
       it 'maps down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('zxcvbn')
       end
-      
+
       it 'maps reversed down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('nbvcxz')
       end
     end
-    
+
     describe '.leet_speak_variants' do
       it 'returns no variants if the password includes no leet speak' do
         expect(subject.leet_speak_variants('password')).to eq([])
       end
-      
+
       it 'returns standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('password')
       end
-      
+
       it 'returns reversed standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('drowssap')
       end
-      
+
       it 'returns both i and l variants when given a 1' do
         expect(subject.leet_speak_variants('h1b0b')).to include('hibob', 'hlbob')
       end