RubyGems - unpwn - Versions diffs - 0.1.0 → 0.2.0 - Mend

unpwn 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 751fe587a241074ec358dc560a9ad5dd18a1b894787666e5131d4fc9a87ef21f
-  data.tar.gz: 29e7861bf77981e9381365033bc6a49060f0c679c8f922014b4d8c5f7414533a
+  metadata.gz: 4642564366c6e8700db38f6a35d4fd4194957f266ca199987de796fd6f7993a4
+  data.tar.gz: ab5b529c9a58c6ba807adbce7eb90048ce9c6a5b2b074ac279d30178532e528e
 SHA512:
-  metadata.gz: 582e97979bd344443b82b43a5d42274f95fc7d1435e416961a6e215ee72c7008df91ce4adb7d5410a7417a6d5acd0426cfc647c481c7a5cd72bc6c2bc7e7e19e
-  data.tar.gz: 70d0650db3ee04a3b0c1fe74810a6ada7b7a3552234be2b732010db48ba69a0e17acabc8f6a0bbe1ff0e80e96de24a946ab5452aaf83f7280057e3078d7f4c20
+  metadata.gz: ca8b19488b52bb19be2534354fea873195be038f0dd9834cccc58201c10baad2f620a89a47a5a69387ff73ea9bff2c2a291ad76c4dfcab4d08becabbc500fdab
+  data.tar.gz: 3b97ceb239217b5a96ca50f8baa217e58cfbfa1e1edb025d1c385fb907499e1693245811bc38270caea225d1777433fa198157c186ed298530cce58fbac9610b

data/.gitignore CHANGED Viewed

@@ -9,3 +9,4 @@
 # rspec failure tracking
 .rspec_status
+/src/

data/.travis.yml CHANGED Viewed

@@ -3,5 +3,5 @@ sudo: false
 language: ruby
 cache: bundler
 rvm:
-  - 2.5.1
-before_install: gem install bundler -v 2.0.0.dev
+  - 2.6.0
+before_install: "gem install 'bundler:~>2.0'"

data/Gemfile CHANGED Viewed

@@ -1,6 +1,2 @@
 source "https://rubygems.org"
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
-# Specify your gem's dependencies in unpwn.gemspec
 gemspec

data/Gemfile.lock ADDED Viewed

@@ -0,0 +1,61 @@
+PATH
+  remote: .
+  specs:
+    unpwn (0.2.0)
+      bloomer (~> 1.0)
+      pwned (~> 1.2)
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.5.2)
+      public_suffix (>= 2.0.2, < 4.0)
+    bitarray (1.2.0)
+    bloomer (1.0.0)
+      bitarray
+      msgpack
+    diff-lcs (1.3)
+    domain_name (0.5.20180417)
+      unf (>= 0.0.5, < 1.0.0)
+    http (4.0.0)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 2.0)
+      http_parser.rb (~> 0.6.0)
+    http-cookie (1.0.3)
+      domain_name (~> 0.5)
+    http-form_data (2.1.1)
+    http_parser.rb (0.6.0)
+    msgpack (1.3.1)
+    public_suffix (3.0.3)
+    pwned (1.2.1)
+    rake (10.5.0)
+    rspec (3.8.0)
+      rspec-core (~> 3.8.0)
+      rspec-expectations (~> 3.8.0)
+      rspec-mocks (~> 3.8.0)
+    rspec-core (3.8.0)
+      rspec-support (~> 3.8.0)
+    rspec-expectations (3.8.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-mocks (3.8.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.8.0)
+    rspec-support (3.8.0)
+    unf (0.1.4)
+      unf_ext
+    unf_ext (0.0.7.5)
+PLATFORMS
+  ruby
+DEPENDENCIES
+  bundler (>= 1)
+  http (~> 4.0)
+  rake (~> 10.0)
+  rspec (~> 3.0)
+  unpwn!
+BUNDLED WITH
+   2.0.1

data/README.md CHANGED Viewed

@@ -1,28 +1,28 @@
 # Unpwn
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/unpwn`. To experiment with that code, run `bin/console` for an interactive prompt.
+A gem to help you make sure that passwords are good, and not likely to be guessed or hacked, as suggested by [NIST SP-800-63B](https://pages.nist.gov/800-63-3/).
-TODO: Delete this and the text above, and describe your gem
+Unpwn checks passwords locally against the top one million passwords, as provided by the [nbp](https://cry.github.io/nbp/) project. Then, it uses the [haveibeenpwned](https://haveibeenpwned.com) API to check proposed passwords against the largest corpus of publicly dumped passwords in the world.
+Inspired by @codahale's [passpol](https://github.com/codahale/passpol), and uses prior work from [nbp](https://cry.github.io/nbp/) and [devise-pwned\_password](https://github.com/michaelbanfield/devise-pwned_password).
 ## Installation
-Add this line to your application's Gemfile:
+Add `unpwn` to your `Gemfile`:
 ```ruby
-gem 'unpwn'
+gem "unpwn", "~> 1.0"
 ```
-And then execute:
-    $ bundle install
-Or install it yourself as:
-    $ gem install unpwn
 ## Usage
-TODO: Write usage instructions here
+```ruby
+require "unpwn"
+# Default length requirement is 8 characters minimum, no maximum
+Unpwn.acceptable?("abc123") # => false
+# Min and max can be set manually, but only as low as 8 and 64 respectively.
+Unpwn.new(min: 10, max: 64).acceptable?("visit raven follow disk") # => true
+```
 ## Development

data/Rakefile CHANGED Viewed

@@ -3,4 +3,23 @@ require "rspec/core/rake_task"
 RSpec::Core::RakeTask.new(:spec)
-task :default => :spec
+task default: %w[spec]
+task build: %w[lib/top1000000.msgpack]
+file "lib/top1000000.msgpack" => %w[src/top1000000] do
+  ruby %{-rbloomer -rbloomer/msgpackable -e '
+    b=Bloomer.new(1_000_000, 0.001)
+    File.foreach("src/top1000000"){|p| b.add(p.chomp) }
+    File.write("lib/top1000000.msgpack", b.to_msgpack)
+  '}
+end
+file "src/top1000000" => %w[src] do
+  require "http"
+  puts "getting src/top1m"
+  url = "https://github.com/cry/nbp/raw/master/build_collection/top1000000"
+  File.write "src/top1000000", HTTP.follow.get(url).body
+end
+directory "src"

data/lib/top1000000.msgpack ADDED Viewed

Binary file

data/lib/unpwn.rb CHANGED Viewed

@@ -1,6 +1,36 @@
 require "unpwn/version"
-module Unpwn
-  class Error < StandardError; end
-  # Your code goes here...
+require "bloomer"
+require "bloomer/msgpackable"
+require "pwned"
+# Unpwn.pwned? tells you if a password should be rejected.
+class Unpwn
+  def initialize(min: 8, max: nil)
+    raise ArgumentError if min && min < 8
+    raise ArgumentError if max && max < 64
+    @min = min
+    @max = max
+  end
+  def acceptable?(password)
+    return false if @min && password.size < @min
+    return false if @max && password.size > @max
+    !pwned?(password)
+  end
+  def pwned?(password)
+    bloom.include?(password) || Pwned.pwned?(password)
+  end
+  def bloom
+    @bloom ||= begin
+      top = File.read File.expand_path("top1000000.msgpack", __dir__)
+      Bloomer.from_msgpack(top)
+    end
+  end
 end

data/lib/unpwn/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
-module Unpwn
-  VERSION = "0.1.0"
+class Unpwn
+  VERSION = "0.2.0"
 end

data/unpwn.gemspec CHANGED Viewed

@@ -20,7 +20,11 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
+  spec.add_dependency "bloomer", "~> 1.0"
+  spec.add_dependency "pwned", "~> 1.2"
   spec.add_development_dependency "bundler", ">= 1"
+  spec.add_development_dependency "http", "~> 4.0"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

metadata CHANGED Viewed

@@ -1,15 +1,43 @@
 --- !ruby/object:Gem::Specification
 name: unpwn
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Andre Arko
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2018-10-09 00:00:00.000000000 Z
+date: 2019-08-15 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: bloomer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+- !ruby/object:Gem::Dependency
+  name: pwned
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -24,6 +52,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '1'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -64,11 +106,13 @@ files:
 - ".travis.yml"
 - CODE_OF_CONDUCT.md
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
+- lib/top1000000.msgpack
 - lib/unpwn.rb
 - lib/unpwn/version.rb
 - unpwn.gemspec
@@ -91,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: Keeps passwords from being easily hackable.