strong_password 0.0.5 → 0.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: 21042c15094f1a9a0f960b16435fee882ac7e517
-  data.tar.gz: f4e9cf9c311aa13a7cf591b866d1f43a91c91290
+SHA256:
+  metadata.gz: 0506c07961d8cf54ee30542579493af60a4a508c176f7de7c0131d8082bcdf35
+  data.tar.gz: 132ea4c4bc8a96f44b687a342f418ef9c183efb696618cf6b6a7f14a3558c590
 SHA512:
-  metadata.gz: b5be352df9e03643ab21a4c10ba1bdc9561607776faa8974ea59563b43432cfc62a6824d86365811875672a57028c99887df4aee172618f5c0c407d2312ed974
-  data.tar.gz: 67032a9ff38562e8893a9dbd581d55a79531a9b83165029bdbcf05fcf883ab4effd8a8021996c79167fc3d8fc1193d25bfda9b71b2e894c4a31a4a264d244806
+  metadata.gz: 9342ba93d158425cb8623662341f43fda16c33102590c846571767f09aa8def4a34f4d0d03eb150ea468b3f3c2de58a4cdf2f57c29367fbbc402a3e797b4f893
+  data.tar.gz: 5ba21b3b35527fc07fe5744dc9560e083fe0844a316c88ef22249aeacea0f77ec1b3082a6fb20b4eb6cc7f4cabb63560433023c1c438a73a28e60ec46e64b4aa

data/Gemfile

@@ -12,4 +12,7 @@ else
 end
 
 gem "rails", rails
-gem "codeclimate-test-reporter", group: :test, require: nil
+group :test do
+  gem "simplecov", "~> 0.16.1", require: false
+  gem "simplecov-console", "~> 0.4.2", require: false
+end

data/README.md

@@ -19,7 +19,7 @@ NOTE: StrongPassword requires the use of Ruby 2.0.  Upgrade if you haven't alrea
 
 Add this line to your application's Gemfile:
 
-    gem 'strong_password', '~> 0.0.5'
+    gem 'strong_password', '~> 0.0.6'
 
 And then execute:
 

data/lib/active_model/validations/password_strength_validator.rb

@@ -40,4 +40,4 @@ module ActiveModel
       end
     end
   end
-end
+end

data/lib/strong_password/dictionary_adjuster.rb

@@ -997,4 +997,4 @@ module StrongPassword
       end
     end
   end
-end
+end

data/lib/strong_password/entropy_calculator.rb

@@ -8,7 +8,7 @@ module StrongPassword
         bits(password)
       end
     end
-    
+
     # The basic NIST entropy calculation is based solely
     # on the length of the password in question.
     def self.bits(password)
@@ -24,7 +24,7 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-    
+
     # A modified version of the basic entropy calculation
     # which lowers the amount of entropy gained for each
     # repeated character in the password
@@ -36,9 +36,9 @@ module StrongPassword
       end
       bits + NistBonusBits.bonus_bits(password)
     end
-  
+
   private
-    
+
     def self.bit_value_at_position(position, base = 1)
       if position > 19
         return base
@@ -50,17 +50,17 @@ module StrongPassword
         return 4
       end
     end
-  
+
     class EntropyResolver
       BASE_VALUE = 1
       REPEAT_WEAKENING_FACTOR = 0.75
-      
+
       attr_reader :char_multiplier
-      
+
       def initialize
         @char_multiplier = {}
       end
-      
+
       # Returns the current entropy value for a character and weakens the entropy
       # for future calls for the same character.
       def entropy_for(char)

data/lib/strong_password/nist_bonus_bits.rb

@@ -1,26 +1,26 @@
 module StrongPassword
   module NistBonusBits
     @@bonus_bits_for_password = {}
-    
+
     # NIST password strength rules allow up to 6 bonus bits for mixed case and non-alphabetic
     def self.bonus_bits(password)
       @@bonus_bits_for_password[password] ||= begin
         calculate_bonus_bits_for(password)
   	  end
     end
-    
+
     # This smells bad as it's only used for testing...
     def self.reset_bonus_cache!
       @@bonus_bits_for_password = {}
     end
-    
+
     def self.calculate_bonus_bits_for(password)
       upper   = !!(password =~ /[[:upper:]]/)
   		lower   = !!(password =~ /[[:lower:]]/)
   		numeric = !!(password =~ /[[:digit:]]/)
   		other   = !!(password =~ /[^a-zA-Z0-9 ]/)
   		space   = !!(password =~ / /)
-  		
+
   		# I had this condensed to nested ternaries but that shit was ugly
   		bonus_bits = if upper && lower && other && numeric
   		  6
@@ -42,4 +42,4 @@ module StrongPassword
   	  bonus_bits
 	  end
   end
-end
+end

data/lib/strong_password/qwerty_adjuster.rb

@@ -16,21 +16,21 @@ module StrongPassword
       "014725836914702583697894561230258/369*+-*/",
       "abcdefghijklmnopqrstuvwxyz"
     ]
-    
+
     attr_reader :base_password
-    
+
     def initialize(password)
       @base_password = password.downcase
     end
-    
+
     def is_strong?(min_entropy: 18)
       adjusted_entropy(entropy_threshhold: min_entropy) >= min_entropy
     end
-    
+
     def is_weak?(min_entropy: 18)
       !is_strong?(min_entropy: min_entropy)
     end
-    
+
     # Returns the minimum entropy for the password's qwerty locality
     # adjustments.  If a threshhold is specified we will bail
     # early to avoid unnecessary processing.
@@ -53,9 +53,9 @@ module StrongPassword
       end
       min_entropy
     end
-  
+
   private
-  
+
     def mask_qwerty_strings(password, qwerty_string)
       masked_password = password
       z = 6
@@ -70,4 +70,4 @@ module StrongPassword
       masked_password
     end
   end
-end
+end

data/lib/strong_password/strength_checker.rb

@@ -1,13 +1,15 @@
 module StrongPassword
   class StrengthChecker
     BASE_ENTROPY = 18
-    
+    PASSWORD_LIMIT = 1_000
+    EXTRA_WORDS_LIMIT = 1_000
+
     attr_reader :base_password
 
     def initialize(password)
-      @base_password = password.dup
+      @base_password = password.dup[0...PASSWORD_LIMIT]
     end
-    
+
     def is_weak?(min_entropy: BASE_ENTROPY, use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
       !is_strong?(min_entropy: min_entropy,
                   use_dictionary: use_dictionary, 
@@ -27,11 +29,12 @@ module StrongPassword
         return !weak
       end
     end
-    
+
     def calculate_entropy(use_dictionary: false, min_word_length: 4, extra_dictionary_words: [])
+      extra_dictionary_words.collect! { |w| w[0...EXTRA_WORDS_LIMIT] }
       entropies = [EntropyCalculator.calculate(base_password), EntropyCalculator.calculate(base_password.downcase), QwertyAdjuster.new(base_password).adjusted_entropy]
       entropies << DictionaryAdjuster.new(base_password).adjusted_entropy(min_word_length: min_word_length, extra_dictionary_words: extra_dictionary_words) if use_dictionary
       entropies.min
     end
   end
-end
+end

data/lib/strong_password/version.rb

@@ -1,3 +1,3 @@
 module StrongPassword
-  VERSION = "0.0.5"
+  VERSION = "0.0.6"
 end

data/spec/spec_helper.rb

@@ -1,5 +1,8 @@
-require "codeclimate-test-reporter"
-CodeClimate::TestReporter.start
+require 'simplecov'
+require 'simplecov-console'
+SimpleCov.formatter = SimpleCov::Formatter::Console
+SimpleCov.start
+
 require 'bundler/setup'
 require 'pry'
 require 'active_model'

data/spec/strong_password/entropy_calculator_spec.rb

@@ -36,9 +36,9 @@ module StrongPassword
         end
       end
     end
-    
+
     describe '.bits_with_repeats_weakened' do
-      before(:each) { NistBonusBits.stub(bonus_bits: 0) }
+      before(:each) { allow(NistBonusBits).to receive(:bonus_bits).and_return(0) }
       {
         '' => 0,
         '*' => 4,
@@ -52,7 +52,7 @@ module StrongPassword
           expect(subject.bits_with_repeats_weakened(password)).to eq(bits)
         end
       end
-      
+
       it 'returns the same value for repeated calls on a password' do
         password = 'password'
         initial_value = subject.bits_with_repeats_weakened(password)

data/spec/strong_password/nist_bonus_bits_spec.rb

@@ -8,7 +8,7 @@ module StrongPassword
         NistBonusBits.should_receive(:calculate_bonus_bits_for).and_return(1)
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
-      
+
       it 'caches the bonus bits for a password for later use' do
         NistBonusBits.reset_bonus_cache!
         NistBonusBits.stub(calculate_bonus_bits_for: 1)
@@ -17,7 +17,7 @@ module StrongPassword
         expect(NistBonusBits.bonus_bits('password')).to eq(1)
       end
     end
-    
+
     describe '.calculate_bonus_bits_for' do
 	    {
 	      'Ab$9' => 4,

data/spec/strong_password/password_variants_spec.rb

@@ -6,59 +6,59 @@ module StrongPassword
       it 'includes the lowercase password' do
         expect(subject.all_variants("PASSWORD")).to include('password')
       end
-      
+
       it 'includes keyboard shift variants' do
         subject.stub(keyboard_shift_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'includes leet speak variants' do
         subject.stub(leet_speak_variants: ['foo', 'bar'])
         expect(subject.all_variants("password")).to include('foo', 'bar')
       end
-      
+
       it 'does not mutate the password' do
         password = 'PASSWORD'
         subject.all_variants(password)
         expect(password).to eq('PASSWORD')
       end
     end
-    
+
     describe '.keyboard_shift_variants' do
       it 'returns no variants if password includes only bottom row characters' do
         expect(subject.keyboard_shift_variants('zxcvbnm,./')).to eq([])
       end
-      
+
       it 'maps down-right passwords' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('asdfgh')
       end
-      
+
       it 'includes reversed down-right password' do
         expect(subject.keyboard_shift_variants('qwerty')).to include('hgfdsa')
       end
-      
+
       it 'maps down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('zxcvbn')
       end
-      
+
       it 'maps reversed down-left passwords' do
         expect(subject.keyboard_shift_variants('sdfghj')).to include('nbvcxz')
       end
     end
-    
+
     describe '.leet_speak_variants' do
       it 'returns no variants if the password includes no leet speak' do
         expect(subject.leet_speak_variants('password')).to eq([])
       end
-      
+
       it 'returns standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('password')
       end
-      
+
       it 'returns reversed standard leet speak variants' do
         expect(subject.leet_speak_variants('p4ssw0rd')).to include('drowssap')
       end
-      
+
       it 'returns both i and l variants when given a 1' do
         expect(subject.leet_speak_variants('h1b0b')).to include('hibob', 'hlbob')
       end

data/spec/strong_password/strength_checker_spec.rb

@@ -15,7 +15,7 @@ module StrongPassword
         end
       end
     end
-    
+
     context 'with lowered entropy requirement and dictionary checking' do
       {
         'blahblah' => true,
@@ -30,7 +30,7 @@ module StrongPassword
         end
       end
     end
-    
+
     context 'with standard entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -45,7 +45,7 @@ module StrongPassword
         end
       end
     end
-    
+
     context 'with crazy entropy requirement and dictionary checking' do
       {
         'blahblah' => false,
@@ -61,5 +61,25 @@ module StrongPassword
         end
       end
     end
+
+    context 'with long password' do
+      let(:strength_checker) { StrengthChecker.new("ba"*500_000) }
+      it 'should be truncated' do
+        expect(strength_checker.instance_variable_get(:@base_password).length).to eq StrengthChecker::PASSWORD_LIMIT
+      end
+    end
+
+    context 'with long extra words' do
+      let(:strength_checker) { StrengthChecker.new("$tr0NgP4s$w0rd91d£") }
+      let(:exta_limit) { StrengthChecker::EXTRA_WORDS_LIMIT }
+      it 'should be truncated' do
+        expect_any_instance_of(DictionaryAdjuster).to receive(:adjusted_entropy).with({
+            min_word_length: 4,
+            extra_dictionary_words:
+            ["a"*StrengthChecker::EXTRA_WORDS_LIMIT, "b"*StrengthChecker::EXTRA_WORDS_LIMIT, "c"*10]
+          }).and_call_original
+        strength_checker.calculate_entropy(use_dictionary: true, extra_dictionary_words: ["a"*1_000_000, "b"*10_000_000, "c"*10])
+      end
+    end
   end
-end
+end

data/strong_password.gemspec

@@ -20,6 +20,6 @@ Gem::Specification.new do |spec|
 
   spec.add_development_dependency 'bundler', '~> 1.3'
   spec.add_development_dependency 'rake'
-  spec.add_development_dependency 'rspec', '~> 2.12'
+  spec.add_development_dependency 'rspec', '~> 3.8'
   spec.add_development_dependency 'pry'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: strong_password
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.6
 platform: ruby
 authors:
 - Brian McManus
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-01-28 00:00:00.000000000 Z
+date: 2018-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.12'
+        version: '3.8'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -120,7 +120,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: StrongPassword adds a class to check password strength and a validator for
@@ -134,4 +134,3 @@ test_files:
 - spec/strong_password/qwerty_adjuster_spec.rb
 - spec/strong_password/strength_checker_spec.rb
 - spec/validation/strength_validator_spec.rb
-has_rdoc: