validates_password_strength 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: e379cf03a22ed639fd43e38acbfa6e86eb355b02
+  data.tar.gz: 81b816a221bbda427a21a63eb1a27260a2f0283c
+SHA512:
+  metadata.gz: 41790af0caf6118ebffc9c593cdb347549013d8e577e1914db3a08e737cdfdacbca7673fb41224b9b5d09072cc3b846ab2ec59178736d5f206e2e7d58d9b4725
+  data.tar.gz: 383ac2ff128e6e360150c9395b65ed4aa8d0e9f58434c6e35adf96401bb5019e6677f347aa6dedae46184279d61fe1c473b651dfbfe94c50aa167ba0cfc4bd3d

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,11 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in validates_password_strength.gemspec
+gemspec
+
+gem 'rspec'
+gem 'pry'
+gem 'jasmine'
+gem 'guard'
+gem 'coffee-script'
+gem 'guard-sprockets', github: 'sandrew/guard-sprockets'

data/Guardfile

@@ -0,0 +1,7 @@
+require 'coffee_script'
+require 'erb'
+
+guard 'sprockets', destination: 'tmp/js', :asset_paths => ['app/assets/javascripts', 'spec/javascripts'] do
+  watch 'app/assets/javascripts/validates_password_strength.js.coffee'
+  watch 'spec/javascripts/checker_spec.js.coffee.erb'
+end

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Andrew Shaydurov
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,55 @@
+# ValidatesPasswordStrength
+
+This gem was created with following ideas in my head:
+
+1. Password should not be validated against regexp. When you try to set formal requirements to password, user still can make the worst: `qQ1!qQ1!qQ1!`
+2. Password strength should be estimated with some metric. When it is, you can set your own requirements to this metric in your app.
+3. Same metrics algorithm should be implemented both on server side and client side, so you can show user that password is weak when it has not been sent to server yet.
+
+## Warning
+
+Algorithm implemented for password strength measurement is simple because I have no cryptography skills. Your help in enhancing it with pull requests or at least formal algorithm description (so I can implement it) will be hardly appreciated.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'validates_password_strength'
+```
+
+Add this line to your model with password:
+
+```ruby
+validates :password, password_strength: { min: 5 }
+```
+
+`:min` option is a minimum value for password strength measured from `0` to `10`. If password strength will be measured less than that value, and error will be added and your model will be invalid. Default value is `5`.
+
+Following lines are an example of usage on client-side:
+
+```coffee
+#= require jquery-validates_password_strength
+
+$ ->
+  $('input[type=password]').validatesPasswordStrength (i) ->
+    $('.strength-indicator.progress-bar .filler').css 'width', (10 * i)+'%'
+
+# or
+
+PasswordStrengthValidator.getPasswordStrength 's0me_p4ssw0rd'
+```
+
+## Contributing
+
+Ruby specs:
+
+    $ rake spec
+
+CoffeeScript specs:
+
+    $ rake jasmine
+
+Both specs are run against the same suite of password-estimates pairs defined at `spec/examples.json`.
+
+## Any help in enhancing algorithm is appreciated.

data/Rakefile

@@ -0,0 +1,9 @@
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new('spec')
+
+task :default => :spec
+
+require 'jasmine'
+load 'jasmine/tasks/jasmine.rake'

data/app/assets/javascripts/jquery-validates_password_strength.js.coffee

@@ -0,0 +1,7 @@
+#= require validates_password_strength
+
+$.fn.validatesPasswordStrength = (cb) ->
+  @each ->
+    callback = (e) ->
+      cb.call @, PasswordStrengthValidator.getPasswordStrength(item.val()), e
+    (item = $(@)).change(callback).keyup(callback)

data/app/assets/javascripts/validates_password_strength.js.coffee

@@ -0,0 +1,30 @@
+reduce = (arr, init, cb) ->
+  for item in arr
+    init = cb(init, item)
+  init
+
+map = (arr, cb) ->
+  cb(x) for x in arr
+
+uniq = (arr) ->
+  reduce arr, [], (memo, x) ->
+    memo.push(x) if memo.indexOf(x) == -1
+    memo
+
+@PasswordStrengthValidator =
+  getPasswordStrength: (pwd) ->
+    @__normalizeResult [
+      [1, pwd.match(/[a-z]/)],
+      [1, pwd.match(/[A-Z]/)],
+      [1, pwd.match(/[0-9]/)],
+      [1, pwd.match(/[^a-zA-Z0-9]/)],
+      [3, pwd.length > 7],
+      [1, pwd.length > 9],
+      [2, uniq(pwd.split('')).length > 5]
+    ]
+
+  __normalizeResult: (result) ->
+    reduce(result, 0, (strength, res) ->
+      if res[1] then strength + res[0] else strength
+    ) * (10/reduce(map(result, (x) -> x[0]), 0, (memo, x) -> memo + x))
+

data/lib/validates_password_strength.rb

@@ -0,0 +1,9 @@
+require 'validates_password_strength/version'
+require 'validates_password_strength/password_strength_validator'
+
+if defined?(Rails)
+  require 'validates_password_strength/rails/engine'
+end
+
+module ValidatesPasswordStrength
+end

data/lib/validates_password_strength/checker.rb

@@ -0,0 +1,21 @@
+module ValidatesPasswordStrength::Checker
+  def self.get_password_strength(pwd)
+    normalize_result [
+      [1, pwd =~ /[a-z]/],
+      [1, pwd =~ /[A-Z]/],
+      [1, pwd =~ /[0-9]/],
+      [1, pwd =~ /[^a-zA-Z0-9]/],
+      [3, pwd.length > 7],
+      [1, pwd.length > 9],
+      [2, pwd.split('').uniq.length > 5]
+    ]
+  end
+
+  private
+
+  def self.normalize_result(result)
+    result.reduce(0) do |strength, res|
+      res[1] ? strength + res[0] : strength
+    end.to_f * (10.0/result.map(&:first).reduce(&:+))
+  end
+end

data/lib/validates_password_strength/password_strength_validator.rb

@@ -0,0 +1,11 @@
+require 'active_model/validator'
+require 'validates_password_strength/checker'
+
+class PasswordStrengthValidator < ActiveModel::EachValidator
+  def validate_each(record, attr_name, value)
+    options[:min]     ||= 5
+    if ValidatesPasswordStrength::Checker.get_password_strength(value) < options[:min]
+      record.errors.add(attr_name, :weak_password, options)
+    end
+  end
+end

data/lib/validates_password_strength/rails/engine.rb

@@ -0,0 +1,8 @@
+require 'rails/engine'
+
+module ValidatesPasswordStrength
+  module Rails
+    class Engine < ::Rails::Engine
+    end
+  end
+end

data/lib/validates_password_strength/version.rb

@@ -0,0 +1,3 @@
+module ValidatesPasswordStrength
+  VERSION = "0.0.1"
+end

data/spec/examples.json

@@ -0,0 +1,7 @@
+{
+  ""                : 0,
+  "asdfQWER1!"      : 10,
+  "a"               : 1,
+  "aA"              : 2,
+  "asdfghjk"        : 6
+}

data/spec/javascripts/checker_spec.js.coffee.erb

@@ -0,0 +1,7 @@
+examples = <%= File.open(File.expand_path('../../examples.json', __FILE__)).read %>
+
+describe 'PasswordStrengthValidator', ->
+
+  for pwd, score of examples
+    it "gives #{score} for password '#{pwd}'", ->
+      expect(PasswordStrengthValidator.getPasswordStrength(pwd)).toEqual score

data/spec/javascripts/support/jasmine.yml

@@ -0,0 +1,8 @@
+src_dir: tmp/js
+spec_dir: tmp/js
+
+src_files:
+  - validates_password_strength.js
+
+spec_files:
+    - checker_spec.js

data/spec/spec_helper.rb

@@ -0,0 +1,8 @@
+require 'rspec'
+require 'json'
+require 'validates_password_strength'
+
+RSpec.configure do |config|
+  config.color_enabled = true
+  config.formatter     = 'documentation'
+end

data/spec/validates_password_strength/checker_spec.rb

@@ -0,0 +1,9 @@
+require 'spec_helper'
+
+describe ValidatesPasswordStrength::PasswordStrengthValidator do
+  JSON.parse(File.open(File.expand_path('../../examples.json', __FILE__)).read).each do |pwd, score|
+    it "gives #{score} for password '#{pwd}'" do
+      ValidatesPasswordStrength::Checker.get_password_strength(pwd).should == score
+    end
+  end
+end

data/validates_password_strength.gemspec

@@ -0,0 +1,25 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'validates_password_strength/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "validates_password_strength"
+  spec.version       = ValidatesPasswordStrength::VERSION
+  spec.authors       = ["Andrew Shaydurov"]
+  spec.email         = ["gearhead@it-primorye.ru"]
+  spec.description   = "This gem unions a server-side ActiveModel password strength validation plugin with a client-side password strength estimation"
+  spec.summary       = "ActiveModel and JS password strength estimation"
+  spec.homepage      = "https://github.com/sandrew/validates_password_strength"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake'
+
+  spec.add_dependency 'activemodel', '~> 3.2.0'
+end

metadata

@@ -0,0 +1,111 @@
+--- !ruby/object:Gem::Specification
+name: validates_password_strength
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Andrew Shaydurov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-03-23 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.2.0
+description: This gem unions a server-side ActiveModel password strength validation
+  plugin with a client-side password strength estimation
+email:
+- gearhead@it-primorye.ru
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- Guardfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- app/assets/javascripts/jquery-validates_password_strength.js.coffee
+- app/assets/javascripts/validates_password_strength.js.coffee
+- lib/validates_password_strength.rb
+- lib/validates_password_strength/checker.rb
+- lib/validates_password_strength/password_strength_validator.rb
+- lib/validates_password_strength/rails/engine.rb
+- lib/validates_password_strength/version.rb
+- spec/examples.json
+- spec/javascripts/checker_spec.js.coffee.erb
+- spec/javascripts/support/jasmine.yml
+- spec/spec_helper.rb
+- spec/validates_password_strength/checker_spec.rb
+- validates_password_strength.gemspec
+homepage: https://github.com/sandrew/validates_password_strength
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.0.rc.2
+signing_key: 
+specification_version: 4
+summary: ActiveModel and JS password strength estimation
+test_files:
+- spec/examples.json
+- spec/javascripts/checker_spec.js.coffee.erb
+- spec/javascripts/support/jasmine.yml
+- spec/spec_helper.rb
+- spec/validates_password_strength/checker_spec.rb