unpwn 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (12) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +1 -0
  3. data/.travis.yml +2 -2
  4. data/Gemfile +0 -4
  5. data/Gemfile.lock +61 -0
  6. data/README.md +13 -13
  7. data/Rakefile +20 -1
  8. data/lib/top1000000.msgpack +0 -0
  9. data/lib/unpwn.rb +33 -3
  10. data/lib/unpwn/version.rb +2 -2
  11. data/unpwn.gemspec +4 -0
  12. metadata +47 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 751fe587a241074ec358dc560a9ad5dd18a1b894787666e5131d4fc9a87ef21f
4
- data.tar.gz: 29e7861bf77981e9381365033bc6a49060f0c679c8f922014b4d8c5f7414533a
3
+ metadata.gz: 4642564366c6e8700db38f6a35d4fd4194957f266ca199987de796fd6f7993a4
4
+ data.tar.gz: ab5b529c9a58c6ba807adbce7eb90048ce9c6a5b2b074ac279d30178532e528e
5
5
  SHA512:
6
- metadata.gz: 582e97979bd344443b82b43a5d42274f95fc7d1435e416961a6e215ee72c7008df91ce4adb7d5410a7417a6d5acd0426cfc647c481c7a5cd72bc6c2bc7e7e19e
7
- data.tar.gz: 70d0650db3ee04a3b0c1fe74810a6ada7b7a3552234be2b732010db48ba69a0e17acabc8f6a0bbe1ff0e80e96de24a946ab5452aaf83f7280057e3078d7f4c20
6
+ metadata.gz: ca8b19488b52bb19be2534354fea873195be038f0dd9834cccc58201c10baad2f620a89a47a5a69387ff73ea9bff2c2a291ad76c4dfcab4d08becabbc500fdab
7
+ data.tar.gz: 3b97ceb239217b5a96ca50f8baa217e58cfbfa1e1edb025d1c385fb907499e1693245811bc38270caea225d1777433fa198157c186ed298530cce58fbac9610b
data/.gitignore CHANGED
@@ -9,3 +9,4 @@
9
9
 
10
10
  # rspec failure tracking
11
11
  .rspec_status
12
+ /src/
data/.travis.yml CHANGED
@@ -3,5 +3,5 @@ sudo: false
3
3
  language: ruby
4
4
  cache: bundler
5
5
  rvm:
6
- - 2.5.1
7
- before_install: gem install bundler -v 2.0.0.dev
6
+ - 2.6.0
7
+ before_install: "gem install 'bundler:~>2.0'"
data/Gemfile CHANGED
@@ -1,6 +1,2 @@
1
1
  source "https://rubygems.org"
2
-
3
- git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
4
-
5
- # Specify your gem's dependencies in unpwn.gemspec
6
2
  gemspec
data/Gemfile.lock ADDED
@@ -0,0 +1,61 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ unpwn (0.2.0)
5
+ bloomer (~> 1.0)
6
+ pwned (~> 1.2)
7
+
8
+ GEM
9
+ remote: https://rubygems.org/
10
+ specs:
11
+ addressable (2.5.2)
12
+ public_suffix (>= 2.0.2, < 4.0)
13
+ bitarray (1.2.0)
14
+ bloomer (1.0.0)
15
+ bitarray
16
+ msgpack
17
+ diff-lcs (1.3)
18
+ domain_name (0.5.20180417)
19
+ unf (>= 0.0.5, < 1.0.0)
20
+ http (4.0.0)
21
+ addressable (~> 2.3)
22
+ http-cookie (~> 1.0)
23
+ http-form_data (~> 2.0)
24
+ http_parser.rb (~> 0.6.0)
25
+ http-cookie (1.0.3)
26
+ domain_name (~> 0.5)
27
+ http-form_data (2.1.1)
28
+ http_parser.rb (0.6.0)
29
+ msgpack (1.3.1)
30
+ public_suffix (3.0.3)
31
+ pwned (1.2.1)
32
+ rake (10.5.0)
33
+ rspec (3.8.0)
34
+ rspec-core (~> 3.8.0)
35
+ rspec-expectations (~> 3.8.0)
36
+ rspec-mocks (~> 3.8.0)
37
+ rspec-core (3.8.0)
38
+ rspec-support (~> 3.8.0)
39
+ rspec-expectations (3.8.2)
40
+ diff-lcs (>= 1.2.0, < 2.0)
41
+ rspec-support (~> 3.8.0)
42
+ rspec-mocks (3.8.0)
43
+ diff-lcs (>= 1.2.0, < 2.0)
44
+ rspec-support (~> 3.8.0)
45
+ rspec-support (3.8.0)
46
+ unf (0.1.4)
47
+ unf_ext
48
+ unf_ext (0.0.7.5)
49
+
50
+ PLATFORMS
51
+ ruby
52
+
53
+ DEPENDENCIES
54
+ bundler (>= 1)
55
+ http (~> 4.0)
56
+ rake (~> 10.0)
57
+ rspec (~> 3.0)
58
+ unpwn!
59
+
60
+ BUNDLED WITH
61
+ 2.0.1
data/README.md CHANGED
@@ -1,28 +1,28 @@
1
1
  # Unpwn
2
2
 
3
- Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/unpwn`. To experiment with that code, run `bin/console` for an interactive prompt.
3
+ A gem to help you make sure that passwords are good, and not likely to be guessed or hacked, as suggested by [NIST SP-800-63B](https://pages.nist.gov/800-63-3/).
4
4
 
5
- TODO: Delete this and the text above, and describe your gem
5
+ Unpwn checks passwords locally against the top one million passwords, as provided by the [nbp](https://cry.github.io/nbp/) project. Then, it uses the [haveibeenpwned](https://haveibeenpwned.com) API to check proposed passwords against the largest corpus of publicly dumped passwords in the world.
6
+
7
+ Inspired by @codahale's [passpol](https://github.com/codahale/passpol), and uses prior work from [nbp](https://cry.github.io/nbp/) and [devise-pwned\_password](https://github.com/michaelbanfield/devise-pwned_password).
6
8
 
7
9
  ## Installation
8
10
 
9
- Add this line to your application's Gemfile:
11
+ Add `unpwn` to your `Gemfile`:
10
12
 
11
13
  ```ruby
12
- gem 'unpwn'
14
+ gem "unpwn", "~> 1.0"
13
15
  ```
14
16
 
15
- And then execute:
16
-
17
- $ bundle install
18
-
19
- Or install it yourself as:
20
-
21
- $ gem install unpwn
22
-
23
17
  ## Usage
24
18
 
25
- TODO: Write usage instructions here
19
+ ```ruby
20
+ require "unpwn"
21
+ # Default length requirement is 8 characters minimum, no maximum
22
+ Unpwn.acceptable?("abc123") # => false
23
+ # Min and max can be set manually, but only as low as 8 and 64 respectively.
24
+ Unpwn.new(min: 10, max: 64).acceptable?("visit raven follow disk") # => true
25
+ ```
26
26
 
27
27
  ## Development
28
28
 
data/Rakefile CHANGED
@@ -3,4 +3,23 @@ require "rspec/core/rake_task"
3
3
 
4
4
  RSpec::Core::RakeTask.new(:spec)
5
5
 
6
- task :default => :spec
6
+ task default: %w[spec]
7
+
8
+ task build: %w[lib/top1000000.msgpack]
9
+
10
+ file "lib/top1000000.msgpack" => %w[src/top1000000] do
11
+ ruby %{-rbloomer -rbloomer/msgpackable -e '
12
+ b=Bloomer.new(1_000_000, 0.001)
13
+ File.foreach("src/top1000000"){|p| b.add(p.chomp) }
14
+ File.write("lib/top1000000.msgpack", b.to_msgpack)
15
+ '}
16
+ end
17
+
18
+ file "src/top1000000" => %w[src] do
19
+ require "http"
20
+ puts "getting src/top1m"
21
+ url = "https://github.com/cry/nbp/raw/master/build_collection/top1000000"
22
+ File.write "src/top1000000", HTTP.follow.get(url).body
23
+ end
24
+
25
+ directory "src"
data/lib/top1000000.msgpack ADDED
Binary file
data/lib/unpwn.rb CHANGED
@@ -1,6 +1,36 @@
1
1
  require "unpwn/version"
2
2
 
3
- module Unpwn
4
- class Error < StandardError; end
5
- # Your code goes here...
3
+ require "bloomer"
4
+ require "bloomer/msgpackable"
5
+ require "pwned"
6
+
7
+ # Unpwn.pwned? tells you if a password should be rejected.
8
+ class Unpwn
9
+
10
+ def initialize(min: 8, max: nil)
11
+ raise ArgumentError if min && min < 8
12
+ raise ArgumentError if max && max < 64
13
+
14
+ @min = min
15
+ @max = max
16
+ end
17
+
18
+ def acceptable?(password)
19
+ return false if @min && password.size < @min
20
+ return false if @max && password.size > @max
21
+
22
+ !pwned?(password)
23
+ end
24
+
25
+ def pwned?(password)
26
+ bloom.include?(password) || Pwned.pwned?(password)
27
+ end
28
+
29
+ def bloom
30
+ @bloom ||= begin
31
+ top = File.read File.expand_path("top1000000.msgpack", __dir__)
32
+ Bloomer.from_msgpack(top)
33
+ end
34
+ end
35
+
6
36
  end
data/lib/unpwn/version.rb CHANGED
@@ -1,3 +1,3 @@
1
- module Unpwn
2
- VERSION = "0.1.0"
1
+ class Unpwn
2
+ VERSION = "0.2.0"
3
3
  end
data/unpwn.gemspec CHANGED
@@ -20,7 +20,11 @@ Gem::Specification.new do |spec|
20
20
  spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
21
21
  spec.require_paths = ["lib"]
22
22
 
23
+ spec.add_dependency "bloomer", "~> 1.0"
24
+ spec.add_dependency "pwned", "~> 1.2"
25
+
23
26
  spec.add_development_dependency "bundler", ">= 1"
27
+ spec.add_development_dependency "http", "~> 4.0"
24
28
  spec.add_development_dependency "rake", "~> 10.0"
25
29
  spec.add_development_dependency "rspec", "~> 3.0"
26
30
  end
metadata CHANGED
@@ -1,15 +1,43 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: unpwn
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Andre Arko
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2018-10-09 00:00:00.000000000 Z
11
+ date: 2019-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: bloomer
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '1.0'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '1.0'
27
+ - !ruby/object:Gem::Dependency
28
+ name: pwned
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: '1.2'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: '1.2'
13
41
  - !ruby/object:Gem::Dependency
14
42
  name: bundler
15
43
  requirement: !ruby/object:Gem::Requirement
@@ -24,6 +52,20 @@ dependencies:
24
52
  - - ">="
25
53
  - !ruby/object:Gem::Version
26
54
  version: '1'
55
+ - !ruby/object:Gem::Dependency
56
+ name: http
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '4.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '4.0'
27
69
  - !ruby/object:Gem::Dependency
28
70
  name: rake
29
71
  requirement: !ruby/object:Gem::Requirement
@@ -64,11 +106,13 @@ files:
64
106
  - ".travis.yml"
65
107
  - CODE_OF_CONDUCT.md
66
108
  - Gemfile
109
+ - Gemfile.lock
67
110
  - LICENSE.txt
68
111
  - README.md
69
112
  - Rakefile
70
113
  - bin/console
71
114
  - bin/setup
115
+ - lib/top1000000.msgpack
72
116
  - lib/unpwn.rb
73
117
  - lib/unpwn/version.rb
74
118
  - unpwn.gemspec
@@ -91,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
91
135
  - !ruby/object:Gem::Version
92
136
  version: '0'
93
137
  requirements: []
94
- rubyforge_project:
95
- rubygems_version: 2.7.6
138
+ rubygems_version: 3.0.3
96
139
  signing_key:
97
140
  specification_version: 4
98
141
  summary: Keeps passwords from being easily hackable.