strong_password 0.0.4 → 0.0.10

data/spec/strong_password/qwerty_adjuster_spec.rb

@@ -2,31 +2,29 @@ require 'spec_helper'
 
 module StrongPassword
   describe QwertyAdjuster do
-    describe '#is_strong?' do
-      let(:subject) { QwertyAdjuster.new('password') }
+    subject(:qwerty_adjuster) { QwertyAdjuster.new(entropy_threshhold: 0) }
 
+    describe '#is_strong?' do
       it 'returns true if the calculated entropy is >= the minimum' do
-        subject.stub(adjusted_entropy: 18)
-        expect(subject.is_strong?).to be_true
+        allow(subject).to receive_messages(adjusted_entropy: 18)
+        expect(subject.is_strong?('password')).to be_truthy
       end
-      
+
       it 'returns false if the calculated entropy is < the minimum' do
-        subject.stub(adjusted_entropy: 17)
-        expect(subject.is_strong?).to be_false
+        allow(subject).to receive_messages(adjusted_entropy: 17)
+        expect(subject.is_strong?('password')).to be_falsey
       end
     end
-    
-    describe '#is_weak?' do
-      let(:subject) { QwertyAdjuster.new('password') }
 
+    describe '#is_weak?' do
       it 'returns the opposite of is_strong?' do
-        subject.stub(is_strong?: true)
-        expect(subject.is_weak?).to be_false
+        allow(subject).to receive_messages(is_strong?: true)
+        expect(subject.is_weak?('password')).to be_falsey
       end
     end
-    
+
     describe '#adjusted_entropy' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0)}
+      before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
       {
         'qwertyuio' => 5.5,
         '1234567' => 6,
@@ -37,9 +35,21 @@ module StrongPassword
         'password' => 17.5 # Ensure that we don't qwerty-adjust 'password'
       }.each do |password, bits|
         it "returns #{bits} for '#{password}'" do
-          expect(QwertyAdjuster.new(password).adjusted_entropy).to eq(bits)
+          expect(subject.adjusted_entropy(password)).to eq(bits)
+        end
+      end
+
+      describe 'with a default entropy threshhold' do
+        subject(:qwerty_adjuster) { QwertyAdjuster.new }
+
+        it 'returns the higher entropy before running qwerty adjustments' do
+          # Default threshhold is equal to the default min_entropy for a strong password (18).
+          # When not set we should get the base password's entropy from this (16) instead of the
+          # lower qwerty-adjusted entropy (6) indicating we avoided doing additional work in the
+          # qwerty adjustment code since we already know the password is weak.
+          expect(subject.adjusted_entropy('1234567')).to eq(16)
         end
       end
     end
   end
-end
+end

data/spec/strong_password/strength_checker_spec.rb

@@ -11,11 +11,11 @@ module StrongPassword
         'aB$1' => false
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with 12 bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 12)).to be(strength)
+          expect(StrengthChecker.new(min_entropy: 12).is_strong?(password)).to be(strength)
         end
       end
     end
-    
+
     context 'with lowered entropy requirement and dictionary checking' do
       {
         'blahblah' => true,
@@ -26,11 +26,11 @@ module StrongPassword
         'aB$1' => false
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with 12 bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 12, use_dictionary: true)).to eq(strength)
+          expect(StrengthChecker.new(min_entropy: 12, use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
-    
+
     context 'with standard entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -41,11 +41,11 @@ module StrongPassword
         'correct horse battery staple' => true
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with standard bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(use_dictionary: true)).to eq(strength)
+          expect(StrengthChecker.new(use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
-    
+
     context 'with crazy entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -57,9 +57,32 @@ module StrongPassword
         'c0rr#ct h0rs3 Batt$ry st@pl3 is Gr34t' => true
       }.each do |password, strength|
         it "is_strong? returns #{strength} for '#{password}' with standard bits of entropy" do
-          expect(StrengthChecker.new(password).is_strong?(min_entropy: 40, use_dictionary: true)).to eq(strength)
+          expect(StrengthChecker.new(min_entropy: 40, use_dictionary: true).is_strong?(password)).to eq(strength)
         end
       end
     end
+
+    context 'with long password' do
+      let(:strength_checker) { StrengthChecker.new }
+      let(:password) { ("ba"*500_000) }
+      it 'should be truncated' do
+        expect(strength_checker.calculate_entropy(password)).
+          to eq(strength_checker.calculate_entropy(password.slice(0, StrengthChecker::PASSWORD_LIMIT)))
+      end
+    end
+
+    context 'with long extra words' do
+      let(:strength_checker) { StrengthChecker.new(use_dictionary: true, extra_dictionary_words: ["a"*1_000_000, "b"*10_000_000, "c"*10]) }
+      let(:exta_limit) { StrengthChecker::EXTRA_WORDS_LIMIT }
+      it 'should be truncated' do
+        expect(DictionaryAdjuster).to receive(:new).with({
+            min_entropy: 18,
+            min_word_length: 4,
+            extra_dictionary_words:
+            ["a"*StrengthChecker::EXTRA_WORDS_LIMIT, "b"*StrengthChecker::EXTRA_WORDS_LIMIT, "c"*10]
+          }).and_call_original
+        strength_checker.calculate_entropy("$tr0NgP4s$w0rd91d£")
+      end
+    end
   end
-end
+end

data/spec/validation/strength_validator_spec.rb

@@ -18,7 +18,7 @@ class TestStrengthStrongEntropy < User
 end
 
 class TestStrengthExtraWords < User
-  validates :password, password_strength: {extra_dictionary_words: ['mcmanus'], use_dictionary: true}
+  validates :password, password_strength: {extra_dictionary_words: ['administrator'], use_dictionary: true}
 end
 
 class TestBaseStrengthAlternative < User
@@ -47,7 +47,7 @@ module ActiveModel
               it "adds errors when password is '#{password}'" do
                 base_strength.password = password
                 base_strength.valid?
-                expect(base_strength.errors[:password]).to eq(["Password is too weak"])
+                expect(base_strength.errors[:password]).to eq(["is too weak"])
               end
             end
           end
@@ -79,7 +79,7 @@ module ActiveModel
               it "adds errors when password is '#{password}'" do
                 alternative_usage.password = password
                 alternative_usage.valid?
-                expect(alternative_usage.errors[:password]).to eq(["Password is too weak"])
+                expect(alternative_usage.errors[:password]).to eq(["is too weak"])
               end
             end
           end
@@ -129,7 +129,7 @@ module ActiveModel
                 it "'#{password}' should be invalid with increased entropy requirement" do
                   strong_entropy.password = password
                   strong_entropy.valid?
-                  expect(strong_entropy.errors[:password]).to eq(["Password is too weak"])
+                  expect(strong_entropy.errors[:password]).to eq(["is too weak"])
                 end
               end
             end
@@ -138,14 +138,18 @@ module ActiveModel
 
         describe 'extra words' do
           it 'allows extra words to be specified as an option to the validation' do
-            password = 'mcmanus'
+            password = 'administratorWEQ@123'
+            # Validate that without 'administrator' added to extra_dictionary_words
+            # this password is considered strong
             weak_entropy.password = password
-            expect(weak_entropy.valid?).to be_true
+            expect(weak_entropy.valid?).to be_truthy
+            # Now check that with 'administrator' added to extra_dictionary_words
+            # in our model, the same password is considered weak.
             extra_words.password = password
-            expect(extra_words.valid?).to be_false
+            expect(extra_words.valid?).to be_falsey
           end
         end
       end
     end
   end
-end
+end

data/strong_password.gemspec

@@ -18,7 +18,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ['lib']
 
-  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'bundler', '>= 1.3'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec', '~> 2.12'
+  spec.add_development_dependency 'rspec', '~> 3.8'
+  spec.add_development_dependency 'pry'
 end

metadata

@@ -1,57 +1,71 @@
 --- !ruby/object:Gem::Specification
 name: strong_password
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.0.10
 platform: ruby
 authors:
 - Brian McManus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-01-17 00:00:00.000000000 Z
+date: 2021-05-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
+- !ruby/object:Gem::Dependency
+  name: pry
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Entropy-based password strength checking for Ruby and ActiveModel
 email:
 - bdmac97@gmail.com
@@ -59,7 +73,8 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
+- ".travis.yml"
 - CHANGELOG
 - Gemfile
 - LICENSE.txt
@@ -95,17 +110,16 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.2.0
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: StrongPassword adds a class to check password strength and a validator for