zxcvbn-ruby 0.0.3 → 1.1.0

data/lib/zxcvbn/scorer.rb

@@ -1,5 +1,16 @@
+require 'zxcvbn/entropy'
+require 'zxcvbn/crack_time'
+require 'zxcvbn/score'
+require 'zxcvbn/match'
+
 module Zxcvbn
   class Scorer
+    def initialize(data)
+      @data = data
+    end
+
+    attr_reader :data
+
     include Entropy
     include CrackTime
 

data/lib/zxcvbn/tester.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require "zxcvbn/data"
+require "zxcvbn/password_strength"
+
+module Zxcvbn
+  # Allows you to test the strength of multiple passwords without reading and
+  # parsing the dictionary data from disk each test. Dictionary data is read
+  # once from disk and stored in memory for the life of the Tester object.
+  #
+  # Example:
+  #
+  #   tester = Zxcvbn::Tester.new
+  #
+  #   tester.add_word_lists("custom" => ["words"])
+  #
+  #   tester.test("password 1")
+  #   tester.test("password 2")
+  #   tester.test("password 3")
+  class Tester
+    def initialize
+      @data = Data.new
+    end
+
+    def test(password, user_inputs = [])
+      PasswordStrength.new(@data).test(password, sanitize(user_inputs))
+    end
+
+    def add_word_lists(lists)
+      lists.each_pair { |name, words| @data.add_word_list(name, sanitize(words)) }
+    end
+
+    def inspect
+      "#<#{self.class}:0x#{__id__.to_s(16)}>"
+    end
+
+    private
+
+    def sanitize(user_inputs)
+      user_inputs.select { |i| i.respond_to?(:downcase) }
+    end
+  end
+end

data/lib/zxcvbn/version.rb

@@ -1,3 +1,3 @@
 module Zxcvbn
-  VERSION = "0.0.3"
+  VERSION = '1.1.0'.freeze
 end

data/spec/dictionary_ranker_spec.rb

@@ -5,8 +5,8 @@ describe Zxcvbn::DictionaryRanker do
     it 'ranks word lists' do
       result = Zxcvbn::DictionaryRanker.rank_dictionaries({:test => ['ABC', 'def'],
                                                            :test2 => ['def', 'ABC']})
-      result[:test].should eq({'abc' => 1, 'def' => 2})
-      result[:test2].should eq({'def' => 1, 'abc' => 2})
+      expect(result[:test]).to eq({'abc' => 1, 'def' => 2})
+      expect(result[:test2]).to eq({'def' => 1, 'abc' => 2})
     end
   end
 end

data/spec/feedback_giver_spec.rb

@@ -0,0 +1,212 @@
+require 'spec_helper'
+
+describe Zxcvbn::FeedbackGiver do
+  # NOTE: We go in via the tester because the `FeedbackGiver` relies on both
+  #       Omnimatch and the Scorer, which are troublesome to wire up for tests
+  let(:tester) { Zxcvbn::Tester.new }
+
+  describe '.get_feedback' do
+    it "gives empty feedback when a password's score is good" do
+      feedback = tester.test('5815A30BE798').feedback
+
+      expect(feedback).to be_a Zxcvbn::Feedback
+      expect(feedback.warning).to be_nil
+      expect(feedback.suggestions).to be_empty
+    end
+
+    it 'gives general feedback when a password is empty' do
+      feedback = tester.test('').feedback
+
+      expect(feedback).to be_a Zxcvbn::Feedback
+      expect(feedback.warning).to be_nil
+      expect(feedback.suggestions).to contain_exactly(
+        'Use a few words, avoid common phrases',
+        'No need for symbols, digits, or uppercase letters'
+      )
+    end
+
+    it "gives general feedback when a password is poor but doesn't match any heuristics" do
+      feedback = tester.test(':005:0').feedback
+
+      expect(feedback).to be_a Zxcvbn::Feedback
+      expect(feedback.warning).to be_nil
+      expect(feedback.suggestions).to contain_exactly(
+        'Add another word or two. Uncommon words are better.'
+      )
+    end
+
+    describe 'gives specific feedback' do
+      describe 'for dictionary passwords' do
+        it 'that are extremely common' do
+          feedback = tester.test('password').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql('This is a top-10 common password')
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+        end
+
+        it 'that are very, very common' do
+          feedback = tester.test('letmein').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql('This is a top-100 common password')
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+        end
+
+        it 'that are very common' do
+          feedback = tester.test('playstation').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql('This is a very common password')
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+        end
+
+        it 'that are common and you tried to use l33tsp33k' do
+          feedback = tester.test('pl4yst4ti0n').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'This is similar to a commonly used password'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.',
+            "Predictable substitutions like '@' instead of 'a' don't help very much"
+          )
+        end
+
+        it 'that are common and you capitalised the start' do
+          feedback = tester.test('Password').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'This is a top-10 common password'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.',
+            "Capitalization doesn't help very much"
+          )
+        end
+
+        it 'that are common and you capitalised the whole thing' do
+          feedback = tester.test('PASSWORD').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'This is a top-10 common password'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.',
+            'All-uppercase is almost as easy to guess as all-lowercase'
+          )
+        end
+
+        it 'that contain a common first name or last name' do
+          feedback = tester.test('jessica').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'Names and surnames by themselves are easy to guess'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+
+          feedback = tester.test('smith').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'Names and surnames by themselves are easy to guess'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+        end
+
+        it 'that contain a common name and surname' do
+          feedback = tester.test('jessica smith').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'Common names and surnames are easy to guess'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.'
+          )
+        end
+      end
+
+      describe 'for spatial passwords' do
+        it 'that contain a straight keyboard row' do
+          feedback = tester.test('1qaz').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'Straight rows of keys are easy to guess'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.',
+            'Use a longer keyboard pattern with more turns'
+          )
+        end
+
+        it 'that contain a keyboard pattern with one turn' do
+          feedback = tester.test('zaqwer').feedback
+
+          expect(feedback).to be_a Zxcvbn::Feedback
+          expect(feedback.warning).to eql(
+            'Short keyboard patterns are easy to guess'
+          )
+          expect(feedback.suggestions).to contain_exactly(
+            'Add another word or two. Uncommon words are better.',
+            'Use a longer keyboard pattern with more turns'
+          )
+        end
+      end
+
+      it 'for passwords with repeated characters' do
+        feedback = tester.test('zzz').feedback
+
+        expect(feedback).to be_a Zxcvbn::Feedback
+        expect(feedback.warning).to eql(
+          'Repeats like "aaa" are easy to guess'
+        )
+        expect(feedback.suggestions).to contain_exactly(
+          'Add another word or two. Uncommon words are better.',
+          'Avoid repeated words and characters'
+        )
+      end
+
+      it 'for passwords with sequential characters' do
+        feedback = tester.test('pqrpqrpqr').feedback
+
+        expect(feedback).to be_a Zxcvbn::Feedback
+        expect(feedback.warning).to eql(
+          'Sequences like abc or 6543 are easy to guess'
+        )
+        expect(feedback.suggestions).to contain_exactly(
+          'Add another word or two. Uncommon words are better.',
+          'Avoid sequences'
+        )
+      end
+
+      it 'for passwords containing dates' do
+        feedback = tester.test('testing02\12\1997').feedback
+
+        expect(feedback).to be_a Zxcvbn::Feedback
+        expect(feedback.warning).to eql(
+          'Dates are often easy to guess'
+        )
+        expect(feedback.suggestions).to contain_exactly(
+          'Add another word or two. Uncommon words are better.',
+          'Avoid dates and years that are associated with you'
+        )
+      end
+    end
+  end
+end

data/spec/matchers/date_spec.rb

@@ -15,16 +15,16 @@ describe Zxcvbn::Matchers::Date do
       let(:matches) { matcher.matches(password) }
 
       it 'finds matches' do
-        matches.should_not be_empty
+        expect(matches).not_to be_empty
       end
 
       it 'finds the correct matches' do
-        matches.count.should eq 1
-        matches[0].token.should eq %w[ 02 12 1997 ].join(separator)
-        matches[0].separator.should eq separator
-        matches[0].day.should eq 2
-        matches[0].month.should eq 12
-        matches[0].year.should eq 1997
+        expect(matches.count).to eq 1
+        expect(matches[0].token).to eq %w[ 02 12 1997 ].join(separator)
+        expect(matches[0].separator).to eq separator
+        expect(matches[0].day).to eq 2
+        expect(matches[0].month).to eq 12
+        expect(matches[0].year).to eq 1997
       end
     end
   end
@@ -103,7 +103,7 @@ describe Zxcvbn::Matchers::Date do
     let(:matches) { matcher.matches('testing0.x.1997') }
 
     it 'doesnt match' do
-      matches.should be_empty
+      expect(matches).to be_empty
     end
   end
 end

data/spec/matchers/dictionary_spec.rb

@@ -1,19 +1,30 @@
-require 'spec_helper'
+# frozen_string_literal: true
+
+require "spec_helper"
 
 describe Zxcvbn::Matchers::Dictionary do
-  let(:matcher) { described_class.new('english', dictionary) }
-  let(:dictionary) { Zxcvbn::RANKED_DICTIONARIES['english'] }
+  subject(:matcher) { described_class.new("Test dictionary", dictionary) }
 
-  it 'finds all the matches' do
-    matches = matcher.matches('whatisinit')
-    matches.count.should == 14
-    expected_matches = ['wha', 'what', 'ha', 'hat', 'a', 'at', 'tis', 'i', 'is',
-                       'sin', 'i', 'in', 'i', 'it']
-    matches.map(&:matched_word).should == expected_matches
-  end
+  describe "#matches" do
+    let(:matches) { matcher.matches(password) }
+    let(:matched_words) { matches.map(&:matched_word) }
+
+    context "Given a dictionary of English words" do
+      let(:dictionary) { Zxcvbn::Data.new.ranked_dictionaries["english"] }
+      let(:password) { "whatisinit" }
+
+      it "finds all the matches" do
+        expect(matched_words).to match_array %w[wha what ha hat a at tis i is sin i in i it]
+      end
+    end
+
+    context "Given a custom dictionary" do
+      let(:dictionary) { Zxcvbn::DictionaryRanker.rank_dictionary(%w[test AB10CD]) }
+      let(:password) { "AB10CD" }
 
-  it 'matches uppercase' do
-    matcher = described_class.new('user_inputs', Zxcvbn::DictionaryRanker.rank_dictionary(['test','AB10CD']))
-    matcher.matches('AB10CD').should_not be_empty
+      it "matches uppercase passwords with normalised dictionary entries" do
+        expect(matched_words).to match_array(%w[ab10cd])
+      end
+    end
   end
-end
+end

data/spec/matchers/digits_spec.rb

@@ -5,11 +5,11 @@ describe Zxcvbn::Matchers::Digits do
   let(:matches) { matcher.matches('testing1239xx9712') }
 
   it 'sets the pattern name' do
-    matches.all? { |m| m.pattern == 'digits' }.should eql(true)
+    expect(matches.all? { |m| m.pattern == 'digits' }).to eql(true)
   end
 
   it 'finds the correct matches' do
-    matches.count.should == 2
-    matches[0].token.should eq '1239'
+    expect(matches.count).to eq(2)
+    expect(matches[0].token).to eq '1239'
   end
 end

data/spec/matchers/l33t_spec.rb

@@ -2,12 +2,12 @@ require 'spec_helper'
 
 describe Zxcvbn::Matchers::L33t do
   let(:matcher) { described_class.new([dictionary_matcher]) }
-  let(:dictionary) { Zxcvbn::RANKED_DICTIONARIES['english'] }
+  let(:dictionary) { Zxcvbn::Data.new.ranked_dictionaries['english'] }
   let(:dictionary_matcher) { Zxcvbn::Matchers::Dictionary.new('english', dictionary) }
 
   describe '#relevant_l33t_substitutions' do
     it 'returns relevant l33t substitutions' do
-      matcher.relevent_l33t_subtable('p@ssw1rd24').should eq(
+      expect(matcher.relevent_l33t_subtable('p@ssw1rd24')).to eq(
         {'a' => ['4', '@'], 'i' => ['1'], 'l' => ['1'], 'z' => ['2']}
       )
     end
@@ -17,14 +17,14 @@ describe Zxcvbn::Matchers::L33t do
     context 'with 2 possible substitutions' do
       it 'returns the correct possible substitutions' do
         substitutions = {'a' => ['@'], 'i' => ['1']}
-        matcher.l33t_subs(substitutions).should match_array([
+        expect(matcher.l33t_subs(substitutions)).to match_array([
           {'@' => 'a', '1' => 'i'}
         ])
       end
 
       it 'returns the correct possible substitutions with multiple options' do
         substitutions = {'a' => ['@', '4'], 'i' => ['1']}
-        matcher.l33t_subs(substitutions).should match_array([
+        expect(matcher.l33t_subs(substitutions)).to match_array([
           {'@' => 'a', '1' => 'i'},
           {'4' => 'a', '1' => 'i'}
         ])
@@ -34,7 +34,7 @@ describe Zxcvbn::Matchers::L33t do
     context 'with 3 possible substitutions' do
       it 'returns the correct possible substitutions' do
         substitutions = {'a' => ['@'], 'i' => ['1'], 'z' => ['3']}
-        matcher.l33t_subs(substitutions).should match_array([
+        expect(matcher.l33t_subs(substitutions)).to match_array([
           {'@' => 'a', '1' => 'i', '3' => 'z'}
         ])
       end
@@ -43,7 +43,7 @@ describe Zxcvbn::Matchers::L33t do
     context 'with 4 possible substitutions' do
       it 'returns the correct possible substitutions' do
         substitutions = {'a' => ['@'], 'i' => ['1'], 'z' => ['3'], 'b' => ['8']}
-        matcher.l33t_subs(substitutions).should match_array([
+        expect(matcher.l33t_subs(substitutions)).to match_array([
           {'@' => 'a', '1' => 'i', '3' => 'z', '8' => 'b'}
         ])
       end
@@ -51,12 +51,14 @@ describe Zxcvbn::Matchers::L33t do
   end
 
   describe '#matches' do
-    let(:matches) { matcher.matches('p@ssword') }
-    # it doesn't match on 'password' because that's not in the english
-    # dictionary/frequency list
+    subject(:matches) { matcher.matches('p@ssword') }
+
+    it "doesn't find 'password' because it's not in english.txt" do
+      expect(matches.map(&:matched_word)).not_to include "password"
+    end
 
     it 'finds the correct matches' do
-      matches.map(&:matched_word).should eq([
+      expect(matches.map(&:matched_word)).to match_array([
         'pas',
         'a',
         'as',
@@ -65,7 +67,7 @@ describe Zxcvbn::Matchers::L33t do
     end
 
     it 'sets the token correctly on those matches' do
-      matches.map(&:token).should eq([
+      expect(matches.map(&:token)).to match_array([
         'p@s',
         '@',
         '@s',
@@ -74,7 +76,7 @@ describe Zxcvbn::Matchers::L33t do
     end
 
     it 'sets the substituions used' do
-      matches.map(&:sub).should eq([
+      expect(matches.map(&:sub)).to match_array([
         {'@' => 'a'},
         {'@' => 'a'},
         {'@' => 'a'},
@@ -82,4 +84,4 @@ describe Zxcvbn::Matchers::L33t do
       ])
     end
   end
-end
+end