strong_password 0.0.8 → 0.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 9a5e366ad0a5a46d9b2dbda6c2b637bfcbc667f4ed8e7b4cd25e64ed75d315bd
4
- data.tar.gz: 2793f8c780ef37d19a3b5b11ae81adf175fa0f2d6716047830e0d79efbc6891c
3
+ metadata.gz: 90a81a17ad95741f57771cb8708cdf93f570ee20910d55b86c0c6c4104694fe0
4
+ data.tar.gz: 34f7e8e5e38eca56283e260895f5d0d54711e201344ba891861af7e53852b7ba
5
5
  SHA512:
6
- metadata.gz: 6a155d97437572fcaa4b17142f1f0e355128925620dd461525f8480194f6b9c89dc848494d2eb261b9cca15c54cbd452437ad6f2a3f8f4f4ccccbb9bb9955bb9
7
- data.tar.gz: 63761deb2f831eed7cf7150c17f72e9f64f5d37398ce7ff1a9c253a61404775654fa0f29113af367f43c3cc2471d025f099e15083c06b0ef9c88206fbdd22a42
6
+ metadata.gz: d5212716ea15246134da0ade5cf70497a78bf4ecf29198254cdc2ce2199717fb9af759212c0d327492a51a0d00e213ff0afc00c7fc3955fedfb5b875a8a6608e
7
+ data.tar.gz: 64e6df41029e605517e80a37f821c778964a6509a25bc5f975a3ac605b111d4e04ed229dab27cdc5789a9b88e431865ba848a0a67652a15621b56485feeb94e0
data/CHANGELOG CHANGED
@@ -1,3 +1,5 @@
1
+ ## v0.0.9
2
+ * jfabre - Remove ruby 2.7 warning
1
3
  ## v0.0.8
2
4
  This release breaks backwards compatibility if you are using the lib components
3
5
  directly. If you are using the ActiveModel validations in a Rails project then
@@ -4,7 +4,7 @@ module ActiveModel
4
4
  module Validations
5
5
  class PasswordStrengthValidator < ActiveModel::EachValidator
6
6
  def validate_each(object, attribute, value)
7
- ps = ::StrongPassword::StrengthChecker.new(strength_options(options, object))
7
+ ps = ::StrongPassword::StrengthChecker.new(**strength_options(options, object))
8
8
  unless ps.is_strong?(value.to_s)
9
9
  object.errors.add(attribute, :'password.password_strength', options.merge(:value => value.to_s))
10
10
  end
@@ -1,25 +1,25 @@
1
1
  module StrongPassword
2
2
  class QwertyAdjuster
3
3
  QWERTY_STRINGS = [
4
- "1234567890-",
5
- "qwertyuiop",
6
- "asdfghjkl;",
7
- "zxcvbnm,./",
4
+ '1234567890-',
5
+ 'qwertyuiop',
6
+ 'asdfghjkl;',
7
+ 'zxcvbnm,./',
8
8
  "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik,9ol.0p;/-['=]:?_{\"+}",
9
- "1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p",
9
+ '1qaz2wsx3edc4rfv5tgb6yhn7ujm8ik9ol0p',
10
10
  "qazwsxedcrfvtgbyhnujmik,ol.p;/-['=]:?_{\"+}",
11
- "qazwsxedcrfvtgbyhnujmikolp",
12
- "]\"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
13
- "pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1",
14
- "]\"/[;.pl,okmijnuhbygvtfcrdxeszwaq",
15
- "plokmijnuhbygvtfcrdxeszwaq",
16
- "014725836914702583697894561230258/369*+-*/",
17
- "abcdefghijklmnopqrstuvwxyz"
18
- ]
11
+ 'qazwsxedcrfvtgbyhnujmikolp',
12
+ ']"/=[;.-pl,0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
13
+ 'pl0okm9ijn8uhb7ygv6tfc5rdx4esz3wa2q1',
14
+ ']"/[;.pl,okmijnuhbygvtfcrdxeszwaq',
15
+ 'plokmijnuhbygvtfcrdxeszwaq',
16
+ '014725836914702583697894561230258/369*+-*/',
17
+ 'abcdefghijklmnopqrstuvwxyz'
18
+ ].freeze
19
19
 
20
20
  attr_reader :min_entropy, :entropy_threshhold
21
21
 
22
- def initialize(min_entropy: 18, entropy_threshhold: 0)
22
+ def initialize(min_entropy: 18, entropy_threshhold: min_entropy)
23
23
  @min_entropy = min_entropy
24
24
  @entropy_threshhold = entropy_threshhold
25
25
  end
@@ -37,23 +37,21 @@ module StrongPassword
37
37
  # early to avoid unnecessary processing.
38
38
  def adjusted_entropy(base_password)
39
39
  revpassword = base_password.reverse
40
- min_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
40
+ lowest_entropy = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(revpassword)].min
41
+ # If our entropy is already lower than we care about then there's no reason to look further.
42
+ return lowest_entropy if lowest_entropy < entropy_threshhold
43
+
41
44
  qpassword = mask_qwerty_strings(base_password)
45
+ lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qpassword)].min if qpassword != base_password
46
+ # Bail early if our entropy on the base password's masked qwerty value is less than our threshold.
47
+ return lowest_entropy if lowest_entropy < entropy_threshhold
48
+
42
49
  qrevpassword = mask_qwerty_strings(revpassword)
43
- if qpassword != base_password
44
- numbits = EntropyCalculator.calculate(qpassword)
45
- min_entropy = [min_entropy, numbits].min
46
- return min_entropy if min_entropy < entropy_threshhold
47
- end
48
- if qrevpassword != revpassword
49
- numbits = EntropyCalculator.calculate(qrevpassword)
50
- min_entropy = [min_entropy, numbits].min
51
- return min_entropy if min_entropy < entropy_threshhold
52
- end
53
- min_entropy
50
+ lowest_entropy = [lowest_entropy, EntropyCalculator.calculate(qrevpassword)].min if qrevpassword != revpassword
51
+ lowest_entropy
54
52
  end
55
53
 
56
- private
54
+ private
57
55
 
58
56
  def all_qwerty_strings
59
57
  @all_qwerty_strings ||= Regexp.union(QWERTY_STRINGS.flat_map do |qwerty_string|
@@ -1,3 +1,3 @@
1
1
  module StrongPassword
2
- VERSION = '0.0.8'.freeze
2
+ VERSION = '0.0.9'.freeze
3
3
  end
@@ -2,31 +2,29 @@ require 'spec_helper'
2
2
 
3
3
  module StrongPassword
4
4
  describe QwertyAdjuster do
5
- describe '#is_strong?' do
6
- let(:subject) { QwertyAdjuster.new }
5
+ subject(:qwerty_adjuster) { QwertyAdjuster.new(entropy_threshhold: 0) }
7
6
 
7
+ describe '#is_strong?' do
8
8
  it 'returns true if the calculated entropy is >= the minimum' do
9
9
  allow(subject).to receive_messages(adjusted_entropy: 18)
10
- expect(subject.is_strong?("password")).to be_truthy
10
+ expect(subject.is_strong?('password')).to be_truthy
11
11
  end
12
12
 
13
13
  it 'returns false if the calculated entropy is < the minimum' do
14
14
  allow(subject).to receive_messages(adjusted_entropy: 17)
15
- expect(subject.is_strong?("password")).to be_falsey
15
+ expect(subject.is_strong?('password')).to be_falsey
16
16
  end
17
17
  end
18
18
 
19
19
  describe '#is_weak?' do
20
- let(:subject) { QwertyAdjuster.new }
21
-
22
20
  it 'returns the opposite of is_strong?' do
23
21
  allow(subject).to receive_messages(is_strong?: true)
24
- expect(subject.is_weak?("password")).to be_falsey
22
+ expect(subject.is_weak?('password')).to be_falsey
25
23
  end
26
24
  end
27
25
 
28
26
  describe '#adjusted_entropy' do
29
- before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0)}
27
+ before(:each) { allow(NistBonusBits).to receive_messages(bonus_bits: 0) }
30
28
  {
31
29
  'qwertyuio' => 5.5,
32
30
  '1234567' => 6,
@@ -37,7 +35,19 @@ module StrongPassword
37
35
  'password' => 17.5 # Ensure that we don't qwerty-adjust 'password'
38
36
  }.each do |password, bits|
39
37
  it "returns #{bits} for '#{password}'" do
40
- expect(QwertyAdjuster.new.adjusted_entropy(password)).to eq(bits)
38
+ expect(subject.adjusted_entropy(password)).to eq(bits)
39
+ end
40
+ end
41
+
42
+ describe 'with a default entropy threshhold' do
43
+ subject(:qwerty_adjuster) { QwertyAdjuster.new }
44
+
45
+ it 'returns the higher entropy before running qwerty adjustments' do
46
+ # Default threshhold is equal to the default min_entropy for a strong password (18).
47
+ # When not set we should get the base password's entropy from this (16) instead of the
48
+ # lower qwerty-adjusted entropy (6) indicating we avoided doing additional work in the
49
+ # qwerty adjustment code since we already know the password is weak.
50
+ expect(subject.adjusted_entropy('1234567')).to eq(16)
41
51
  end
42
52
  end
43
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: strong_password
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.8
4
+ version: 0.0.9
5
5
  platform: ruby
6
6
  authors:
7
7
  - Brian McManus
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-07-08 00:00:00.000000000 Z
11
+ date: 2020-07-13 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -119,8 +119,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
119
119
  - !ruby/object:Gem::Version
120
120
  version: '0'
121
121
  requirements: []
122
- rubyforge_project:
123
- rubygems_version: 2.7.6
122
+ rubygems_version: 3.0.3
124
123
  signing_key:
125
124
  specification_version: 4
126
125
  summary: StrongPassword adds a class to check password strength and a validator for