zxcvbn-ruby 0.0.1

data/lib/zxcvbn/matchers/digits.rb

@@ -0,0 +1,18 @@
+module Zxcvbn
+  module Matchers
+    class Digits
+      include RegexHelpers
+
+      DIGITS_REGEX = /\d{3,}/
+
+      def matches(password)
+        result = []
+        re_match_all(DIGITS_REGEX, password) do |match|
+          match.pattern = 'digits'
+          result << match
+        end
+        result
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/l33t.rb

@@ -0,0 +1,127 @@
+module Zxcvbn
+  module Matchers
+    class L33t
+      L33T_TABLE = {
+        'a' => ['4', '@'],
+        'b' => ['8'],
+        'c' => ['(', '{', '[', '<'],
+        'e' => ['3'],
+        'g' => ['6', '9'],
+        'i' => ['1', '!', '|'],
+        'l' => ['1', '|', '7'],
+        'o' => ['0'],
+        's' => ['$', '5'],
+        't' => ['+', '7'],
+        'x' => ['%'],
+        'z' => ['2']
+      }
+
+      def initialize(dictionary_matchers)
+        @dictionary_matchers = dictionary_matchers
+      end
+
+      def matches(password)
+        matches = []
+        lowercased_password = password.downcase
+        combinations_to_try = l33t_subs(relevent_l33t_subtable(lowercased_password))
+        combinations_to_try.each do |substitution|
+          @dictionary_matchers.each do |matcher|
+            subbed_password = translate(lowercased_password, substitution)
+            matcher.matches(subbed_password).each do |match|
+              token = password[match.i..match.j]
+              next if token.downcase == match.matched_word.downcase
+              match_substitutions = {}
+              substitution.each do |substitution, letter|
+                match_substitutions[substitution] = letter if token.include?(substitution)
+              end
+              match.l33t = true
+              match.token = password[match.i..match.j]
+              match.sub = match_substitutions
+              match.sub_display = match_substitutions.map do |k, v|
+                "#{k} -> #{v}"
+              end.join(', ')
+              matches << match
+            end
+          end
+        end
+        matches
+      end
+
+      def translate(password, sub)
+        password.split('').map do |chr|
+          sub[chr] || chr
+        end.join
+      end
+
+      def relevent_l33t_subtable(password)
+        filtered = {}
+        L33T_TABLE.each do |letter, subs|
+          relevent_subs = subs.select { |s| password.include?(s) }
+          filtered[letter] = relevent_subs unless relevent_subs.empty?
+        end
+        filtered
+      end
+
+      def l33t_subs(table)
+        keys = table.keys
+        subs = [[]]
+        subs = find_substitutions(subs, table, keys)
+        new_subs = []
+        subs.each do |sub|
+          hash = {}
+          sub.each do |l33t_char, chr|
+            hash[l33t_char] = chr
+          end
+          new_subs << hash
+        end
+        new_subs
+      end
+
+      def find_substitutions(subs, table, keys)
+        return subs if keys.empty?
+        first_key = keys[0]
+        rest_keys = keys[1..-1]
+        next_subs = []
+        table[first_key].each do |l33t_char|
+          subs.each do |sub|
+            dup_l33t_index = -1
+            (0...sub.length).each do |i|
+              if sub[i][0] == l33t_char
+                dup_l33t_index = i
+                break
+              end
+            end
+
+            if dup_l33t_index == -1
+              sub_extension = sub + [[l33t_char, first_key]]
+              next_subs << sub_extension
+            else
+              sub_alternative = sub.dup
+              sub_alternative[dup_l33t_index, 1] = [[l33t_char, first_key]]
+              next_subs << sub
+              next_subs << sub_alternative
+            end
+          end
+        end
+        subs = dedup(next_subs)
+        find_substitutions(subs, table, rest_keys)
+      end
+
+      def dedup(subs)
+        deduped = []
+        members = []
+        subs.each do |sub|
+          assoc = sub.dup
+
+          assoc.sort! rescue debugger
+          label = assoc.map{|k, v| "#{k},#{v}"}.join('-')
+          unless members.include?(label)
+            members << label
+            deduped << sub
+          end
+        end
+        deduped
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/new_l33t.rb

@@ -0,0 +1,120 @@
+module Zxcvbn
+  module Matchers
+    class L33t
+      L33T_TABLE = {
+        'a' => ['4', '@'],
+        'b' => ['8'],
+        'c' => ['(', '{', '[', '<'],
+        'e' => ['3'],
+        'g' => ['6', '9'],
+        'i' => ['1', '!', '|'],
+        'l' => ['1', '|', '7'],
+        'o' => ['0'],
+        's' => ['$', '5'],
+        't' => ['+', '7'],
+        'x' => ['%'],
+        'z' => ['2']
+      }
+
+      def initialize(dictionary_matchers)
+        @dictionary_matchers = dictionary_matchers
+      end
+
+      def matches(password)
+        matches = []
+        lowercased_password = password.downcase
+        combinations_to_try = substitution_combinations(relevant_l33t_substitutions(lowercased_password))
+        # debugger if password == 'abcdefghijk987654321'
+        combinations_to_try.each do |substitution|
+          @dictionary_matchers.each do |matcher|
+            subbed_password = substitute(lowercased_password, substitution)
+            matcher.matches(subbed_password).each do |match|
+              token = lowercased_password[match.i..match.j]
+              next if token == match.matched_word.downcase
+              # debugger if token == '1'
+              match_substitutions = {}
+              substitution.each do |letter, substitution|
+                match_substitutions[substitution] = letter if token.include?(substitution)
+              end
+              match.l33t = true
+              match.token = password[match.i..match.j]
+              match.sub = match_substitutions
+              match.sub_display = match_substitutions.map do |k, v|
+                "#{k} -> #{v}"
+              end.join(', ')
+              matches << match
+            end
+          end
+        end
+        matches
+      end
+
+      def substitute(password, substitution)
+        subbed_password = password.dup
+        substitution.each do |letter, substitution|
+          subbed_password.gsub!(substitution, letter)
+        end
+        subbed_password
+      end
+
+      # produces a l33t table of substitutions present in the given password
+      def relevant_l33t_substitutions(password)
+        subs = Hash.new do |hash, key|
+          hash[key] = []
+        end
+        L33T_TABLE.each do |letter, substibutions|
+          password.each_char do |password_char|
+            if substibutions.include?(password_char)
+              subs[letter] << password_char
+            end
+          end
+        end
+        subs
+      end
+
+      # takes a character substitutions hash and produces an array of all
+      # possible substitution combinations
+      def substitution_combinations(subs_hash)
+        combinations = []
+        expanded_substitutions = expanded_substitutions(subs_hash)
+
+        # build an array of all possible combinations
+        expanded_substitutions.each do |substitution_hash|
+          # convert a hash to an array of hashes with 1 key each
+          subs_array = substitution_hash.map do |letter, substitutions|
+            {letter => substitutions}
+          end
+          combinations << subs_array
+
+          # find all possible combinations for each number of combinations available
+          subs_array.combination(subs_array.size).each do |combination|
+            # Don't add duplicates
+            combinations << combination unless combinations.include?(combination)
+          end
+        end
+
+        # convert back to simple hash per substitution combination
+        combination_hashes = combinations.map do |combination_set|
+          hash = {}
+          combination_set.each do |combination_hash|
+            hash.merge!(combination_hash)
+          end
+          hash
+        end
+
+        combination_hashes
+      end
+
+      # expand possible combinations if multiple characters can be substituted
+      # e.g. {'a' => ['4', '@'], 'i' => ['1']} expands to
+      #      [{'a' => '4', 'i' => 1}, {'a' => '@', 'i' => '1'}]
+      def expanded_substitutions(hash)
+        return {} if hash.empty?
+        values = hash.values
+        product_values = values[0].product(*values[1..-1])
+        product_values.map{ |p| Hash[hash.keys.zip(p)] }
+      end
+
+    end
+  end
+end

data/lib/zxcvbn/matchers/regex_helpers.rb

@@ -0,0 +1,21 @@
+module Zxcvbn
+  module Matchers
+    module RegexHelpers
+      def re_match_all(regex, password)
+        loop do
+          re_match = regex.match(password)
+          break unless re_match
+          i, j = re_match.offset(0)
+          j -= 1
+          match = Match.new(
+            :i => i,
+            :j => j,
+            :token => password[i..j]
+          )
+          yield match, re_match
+          password = password.sub(re_match[0], ' ' * re_match[0].length)
+        end
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/repeat.rb

@@ -0,0 +1,32 @@
+module Zxcvbn
+  module Matchers
+    class Repeat
+      def matches(password)
+        result = []
+        i = 0
+        while i < password.length
+          j = i + 1
+          loop do
+            prev_char, cur_char = password[j-1..j]
+            if password[j-1] == password[j]
+              j += 1
+            else
+              if j - i > 2 # don't consider length 1 or 2 chains.
+                result << Match.new(
+                  :pattern => 'repeat',
+                  :i => i,
+                  :j => j-1,
+                  :token => password[i...j],
+                  :repeated_char => password[i]
+                )
+              end
+              break
+            end
+          end
+          i = j
+        end
+        result
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/sequences.rb

@@ -0,0 +1,64 @@
+module Zxcvbn
+  module Matchers
+    class Sequences
+      SEQUENCES = {
+        'lower' => 'abcdefghijklmnopqrstuvwxyz',
+        'upper' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ',
+        'digits' => '01234567890'
+      }
+
+      def matches(password)
+        result = []
+        i = 0
+        while i < password.length-1
+          j = i + 1
+          seq = nil # either lower, upper, or digits
+          seq_name = nil
+          seq_direction = nil # 1 for ascending seq abcd, -1 for dcba
+          SEQUENCES.each do |seq_candidate_name, seq_candidate|
+            seq = nil
+
+            i_n, j_n = [password[i], password[j]].map do |chr|
+              chr ? seq_candidate.index(chr) : nil
+            end
+
+            if i_n && j_n && i_n > -1 && j_n > -1
+              direction = j_n - i_n
+              if [1, -1].include?(direction)
+                seq = seq_candidate
+                seq_name = seq_candidate_name
+                seq_direction = direction
+              end
+            end
+            if seq
+              loop do
+                prev_char, cur_char = password[(j-1)], password[j]
+                prev_n, cur_n = [prev_char, cur_char].map do |chr|
+                  chr ? seq_candidate.index(chr) : nil
+                end
+                if prev_n && cur_n && cur_n - prev_n == seq_direction
+                  j += 1
+                else
+                  if j - i > 2 # don't consider length 1 or 2 chains.
+                    result << Match.new(
+                      :pattern => 'sequence',
+                      :i => i,
+                      :j => j-1,
+                      :token => password[i...j],
+                      :sequence_name => seq_name,
+                      :sequence_space => seq.length,
+                      :ascending => seq_direction == 1
+                    )
+                  end
+                  break
+                end
+              end
+            end
+          end
+          i = j
+        end
+        result
+      end
+    end
+  end
+end

data/lib/zxcvbn/matchers/spatial.rb

@@ -0,0 +1,79 @@
+module Zxcvbn
+  module Matchers
+    class Spatial
+      def initialize(graphs)
+        @graphs = graphs
+      end
+
+      def matches(password)
+        results = []
+        @graphs.each do |graph_name, graph|
+          results += matches_for_graph(graph, graph_name, password)
+        end
+        results
+      end
+
+      def matches_for_graph(graph, graph_name, password)
+        result = []
+        i = 0
+        while i < password.length - 1
+          j = i + 1
+          last_direction = nil
+          turns = 0
+          shifted_count = 0
+          loop do
+            prev_char = password[j-1]
+            found = false
+            found_direction = -1
+            cur_direction = -1
+            adjacents = graph[prev_char] || []
+            # consider growing pattern by one character if j hasn't gone over the edge.
+            if j < password.length
+              cur_char = password[j]
+              adjacents.each do |adj|
+                cur_direction += 1
+                if adj && adj.index(cur_char)
+                  found = true
+                  found_direction = cur_direction
+                  if adj.index(cur_char) == 1
+                    # index 1 in the adjacency means the key is shifted, 0 means unshifted: A vs a, % vs 5, etc.
+                    # for example, 'q' is adjacent to the entry '2@'. @ is shifted w/ index 1, 2 is unshifted.
+                    shifted_count += 1
+                  end
+                  if last_direction != found_direction
+                    # adding a turn is correct even in the initial case when last_direction is null:
+                    # every spatial pattern starts with a turn.
+                    turns += 1
+                    last_direction = found_direction
+                  end
+                  break
+                end
+              end
+            end
+            # if the current pattern continued, extend j and try to grow again
+            if found
+              j += 1
+            else
+              # otherwise push the pattern discovered so far, if any...
+              if j - i > 2 # don't consider length 1 or 2 chains.
+                result << Match.new(
+                  :pattern => 'spatial',
+                  :i => i,
+                  :j => j-1,
+                  :token => password[i...j],
+                  :graph => graph_name,
+                  :turns => turns,
+                  :shifted_count => shifted_count
+                )
+              end
+              # ...and then start a new search for the rest of the password.
+              i = j
+              break
+            end
+          end
+        end
+        result
+      end
+    end
+  end
+end