zxcvbn-ruby 1.3.0 → 2.0.0

metadata

@@ -1,19 +1,22 @@
 --- !ruby/object:Gem::Specification
 name: zxcvbn-ruby
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 2.0.0
 platform: ruby
 authors:
 - Steve Hodgkiss
 - Matthieu Aussaguel
+- Orien Madgwick
 bindir: bin
 cert_chain: []
 date: 1980-01-02 00:00:00.000000000 Z
 dependencies: []
-description: Ruby port of Dropboxs zxcvbn.js
+description: Ruby port of Dropbox's zxcvbn.js JavaScript password strength estimator,
+  providing v4 compatibility.
 email:
 - steve@hodgkiss.me
 - matthieu.aussaguel@gmail.com
+- _@orien.io
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -22,25 +25,26 @@ files:
 - LICENSE.txt
 - README.md
 - data/adjacency_graphs.json
-- data/frequency_lists/english.txt
+- data/frequency_lists/english_wikipedia.txt
 - data/frequency_lists/female_names.txt
 - data/frequency_lists/male_names.txt
 - data/frequency_lists/passwords.txt
 - data/frequency_lists/surnames.txt
+- data/frequency_lists/us_tv_and_film.txt
 - lib/zxcvbn.rb
 - lib/zxcvbn/clock.rb
 - lib/zxcvbn/crack_time.rb
 - lib/zxcvbn/data.rb
 - lib/zxcvbn/dictionary_ranker.rb
-- lib/zxcvbn/entropy.rb
 - lib/zxcvbn/feedback.rb
 - lib/zxcvbn/feedback_giver.rb
+- lib/zxcvbn/guesses.rb
 - lib/zxcvbn/match.rb
+- lib/zxcvbn/match_builder.rb
 - lib/zxcvbn/matchers/date.rb
 - lib/zxcvbn/matchers/dictionary.rb
 - lib/zxcvbn/matchers/digits.rb
 - lib/zxcvbn/matchers/l33t.rb
-- lib/zxcvbn/matchers/new_l33t.rb
 - lib/zxcvbn/matchers/regex_helpers.rb
 - lib/zxcvbn/matchers/repeat.rb
 - lib/zxcvbn/matchers/sequences.rb
@@ -48,21 +52,51 @@ files:
 - lib/zxcvbn/matchers/year.rb
 - lib/zxcvbn/math.rb
 - lib/zxcvbn/omnimatch.rb
-- lib/zxcvbn/password_strength.rb
+- lib/zxcvbn/ruby.rb
 - lib/zxcvbn/score.rb
 - lib/zxcvbn/scorer.rb
 - lib/zxcvbn/tester.rb
+- lib/zxcvbn/tester_builder.rb
 - lib/zxcvbn/trie.rb
 - lib/zxcvbn/version.rb
-homepage: http://github.com/envato/zxcvbn-ruby
+- sig/README.md
+- sig/zxcvbn.rbs
+- sig/zxcvbn/clock.rbs
+- sig/zxcvbn/crack_time.rbs
+- sig/zxcvbn/data.rbs
+- sig/zxcvbn/dictionary_ranker.rbs
+- sig/zxcvbn/feedback.rbs
+- sig/zxcvbn/feedback_giver.rbs
+- sig/zxcvbn/guesses.rbs
+- sig/zxcvbn/match.rbs
+- sig/zxcvbn/match_builder.rbs
+- sig/zxcvbn/matchers/date.rbs
+- sig/zxcvbn/matchers/dictionary.rbs
+- sig/zxcvbn/matchers/digits.rbs
+- sig/zxcvbn/matchers/l33t.rbs
+- sig/zxcvbn/matchers/regex_helpers.rbs
+- sig/zxcvbn/matchers/repeat.rbs
+- sig/zxcvbn/matchers/sequences.rbs
+- sig/zxcvbn/matchers/spatial.rbs
+- sig/zxcvbn/matchers/year.rbs
+- sig/zxcvbn/math.rbs
+- sig/zxcvbn/omnimatch.rbs
+- sig/zxcvbn/score.rbs
+- sig/zxcvbn/scorer.rbs
+- sig/zxcvbn/tester.rbs
+- sig/zxcvbn/tester_builder.rbs
+- sig/zxcvbn/trie.rbs
+homepage: https://github.com/envato/zxcvbn-ruby
 licenses:
 - MIT
 metadata:
+  allowed_push_host: https://rubygems.org
   bug_tracker_uri: https://github.com/envato/zxcvbn-ruby/issues
   changelog_uri: https://github.com/envato/zxcvbn-ruby/blob/HEAD/CHANGELOG.md
-  documentation_uri: https://github.com/envato/zxcvbn-ruby/blob/HEAD/README.md
+  documentation_uri: https://www.rubydoc.info/gems/zxcvbn-ruby/2.0.0
   homepage_uri: https://github.com/envato/zxcvbn-ruby
-  source_code_uri: https://github.com/envato/zxcvbn-ruby
+  source_code_uri: https://github.com/envato/zxcvbn-ruby/tree/v2.0.0
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -70,14 +104,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.5'
+      version: '3.3'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 4.0.12
 specification_version: 4
-summary: ''
+summary: Ruby port of Dropbox's zxcvbn.js JavaScript password strength estimator
 test_files: []

data/lib/zxcvbn/entropy.rb

@@ -1,158 +0,0 @@
-# frozen_string_literal: true
-
-require 'zxcvbn/math'
-
-module Zxcvbn::Entropy
-  include Zxcvbn::Math
-
-  def calc_entropy(match)
-    return match.entropy unless match.entropy.nil?
-
-    match.entropy =
-      case match.pattern
-      when 'repeat'
-        repeat_entropy(match)
-      when 'sequence'
-        sequence_entropy(match)
-      when 'digits'
-        digits_entropy(match)
-      when 'year'
-        year_entropy(match)
-      when 'date'
-        date_entropy(match)
-      when 'spatial'
-        spatial_entropy(match)
-      when 'dictionary'
-        dictionary_entropy(match)
-      else
-        0
-      end
-  end
-
-  def repeat_entropy(match)
-    cardinality = bruteforce_cardinality match.token
-    lg(cardinality * match.token.length)
-  end
-
-  def sequence_entropy(match)
-    first_char = match.token[0]
-    base_entropy =
-      if ['a', '1'].include?(first_char)
-        1
-      elsif first_char.match(/\d/)
-        lg(10)
-      elsif first_char.match(/[a-z]/)
-        lg(26)
-      else
-        lg(26) + 1
-      end
-    base_entropy += 1 unless match.ascending
-    base_entropy + lg(match.token.length)
-  end
-
-  def digits_entropy(match)
-    lg(10**match.token.length)
-  end
-
-  NUM_YEARS = 119 # years match against 1900 - 2019
-  NUM_MONTHS = 12
-  NUM_DAYS = 31
-
-  def year_entropy(_match)
-    lg(NUM_YEARS)
-  end
-
-  def date_entropy(match)
-    entropy =
-      if match.year < 100
-        lg(NUM_DAYS * NUM_MONTHS * 100)
-      else
-        lg(NUM_DAYS * NUM_MONTHS * NUM_YEARS)
-      end
-
-    entropy += 2 if match.separator
-
-    entropy
-  end
-
-  def dictionary_entropy(match)
-    match.base_entropy = lg(match.rank)
-    match.uppercase_entropy = extra_uppercase_entropy(match)
-    match.l33t_entropy = extra_l33t_entropy(match)
-
-    match.base_entropy + match.uppercase_entropy + match.l33t_entropy
-  end
-
-  START_UPPER = /^[A-Z][^A-Z]+$/.freeze
-  END_UPPER   = /^[^A-Z]+[A-Z]$/.freeze
-  ALL_UPPER   = /^[A-Z]+$/.freeze
-  ALL_LOWER   = /^[a-z]+$/.freeze
-
-  def extra_uppercase_entropy(match)
-    word = match.token
-    [START_UPPER, END_UPPER, ALL_UPPER].each do |regex|
-      return 1 if word.match(regex)
-    end
-    num_upper = word.chars.count { |c| c.match(/[A-Z]/) }
-    num_lower = word.chars.count { |c| c.match(/[a-z]/) }
-    possibilities = 0
-    (0..[num_upper, num_lower].min).each do |i|
-      possibilities += nCk(num_upper + num_lower, i)
-    end
-    lg(possibilities)
-  end
-
-  def extra_l33t_entropy(match)
-    word = match.token
-    return 0 unless match.l33t
-
-    possibilities = 0
-    match.sub.each do |subbed, unsubbed|
-      num_subbed = word.chars.count { |c| c == subbed }
-      num_unsubbed = word.chars.count { |c| c == unsubbed }
-      (0..[num_subbed, num_unsubbed].min).each do |i|
-        possibilities += nCk(num_subbed + num_unsubbed, i)
-      end
-    end
-    entropy = lg(possibilities)
-    entropy.zero? ? 1 : entropy
-  end
-
-  def spatial_entropy(match)
-    if %w[qwerty dvorak].include? match.graph
-      starting_positions = starting_positions_for_graph('qwerty')
-      average_degree     = average_degree_for_graph('qwerty')
-    else
-      starting_positions = starting_positions_for_graph('keypad')
-      average_degree     = average_degree_for_graph('keypad')
-    end
-
-    possibilities = 0
-    token_length  = match.token.length
-    turns         = match.turns
-
-    # estimate the ngpumber of possible patterns w/ token length or less with number of turns or less.
-    (2..token_length).each do |i|
-      possible_turns = [turns, i - 1].min
-      (1..possible_turns).each do |j|
-        possibilities += nCk(i - 1, j - 1) * starting_positions * average_degree**j
-      end
-    end
-
-    entropy = lg possibilities
-    # add extra entropy for shifted keys. (% instead of 5, A instead of a.)
-    # math is similar to extra entropy from uppercase letters in dictionary matches.
-
-    if match.shifted_count
-      shiffted_count  = match.shifted_count
-      unshifted_count = match.token.length - match.shifted_count
-      possibilities   = 0
-
-      (0..[shiffted_count, unshifted_count].min).each do |i|
-        possibilities += nCk(shiffted_count + unshifted_count, i)
-      end
-      entropy += lg possibilities
-    end
-    entropy
-  end
-end

data/lib/zxcvbn/matchers/new_l33t.rb

@@ -1,118 +0,0 @@
-# frozen_string_literal: true
-
-module Zxcvbn
-  module Matchers
-    class L33t
-      L33T_TABLE = {
-        'a' => ['4', '@'].freeze,
-        'b' => ['8'].freeze,
-        'c' => ['(', '{', '[', '<'].freeze,
-        'e' => ['3'].freeze,
-        'g' => ['6', '9'].freeze,
-        'i' => ['1', '!', '|'].freeze,
-        'l' => ['1', '|', '7'].freeze,
-        'o' => ['0'].freeze,
-        's' => ['$', '5'].freeze,
-        't' => ['+', '7'].freeze,
-        'x' => ['%'].freeze,
-        'z' => ['2'].freeze
-      }.freeze
-
-      def initialize(dictionary_matchers)
-        @dictionary_matchers = dictionary_matchers
-      end
-
-      def matches(password)
-        matches = []
-        lowercased_password = password.downcase
-        combinations_to_try = substitution_combinations(relevant_l33t_substitutions(lowercased_password))
-        combinations_to_try.each do |substitutions|
-          @dictionary_matchers.each do |matcher|
-            subbed_password = substitute(lowercased_password, substitutions)
-            matcher.matches(subbed_password).each do |match|
-              length = match.j - match.i + 1
-              token = lowercased_password.slice(match.i, length)
-              next if token == match.matched_word.downcase
-
-              match_substitutions = {}
-              substitutions.each do |letter, substitution|
-                match_substitutions[substitution] = letter if token.include?(substitution)
-              end
-              match.l33t = true
-              match.token = password.slice(match.i, length)
-              match.sub = match_substitutions
-              match.sub_display = match_substitutions.map do |k, v|
-                "#{k} -> #{v}"
-              end.join(', ')
-              matches << match
-            end
-          end
-        end
-        matches
-      end
-
-      def substitute(password, substitutions)
-        subbed_password = password.dup
-        substitutions.each do |letter, substitution|
-          subbed_password.gsub!(substitution, letter)
-        end
-        subbed_password
-      end
-
-      # produces a l33t table of substitutions present in the given password
-      def relevant_l33t_substitutions(password)
-        subs = Hash.new do |hash, key|
-          hash[key] = []
-        end
-        L33T_TABLE.each do |letter, substibutions|
-          password.each_char do |password_char|
-            subs[letter] << password_char if substibutions.include?(password_char)
-          end
-        end
-        subs
-      end
-
-      # takes a character substitutions hash and produces an array of all
-      # possible substitution combinations
-      def substitution_combinations(subs_hash)
-        combinations = []
-        expanded_substitutions = expanded_substitutions(subs_hash)
-
-        # build an array of all possible combinations
-        expanded_substitutions.each do |substitution_hash|
-          # convert a hash to an array of hashes with 1 key each
-          subs_array = substitution_hash.map do |letter, substitutions|
-            { letter => substitutions }
-          end
-          combinations << subs_array
-
-          # find all possible combinations for each number of combinations available
-          subs_array.combination(subs_array.size).each do |combination|
-            # Don't add duplicates
-            combinations << combination unless combinations.include?(combination)
-          end
-        end
-
-        # convert back to simple hash per substitution combination
-        combinations.map do |combination_set|
-          hash = {}
-          combination_set.each do |combination_hash|
-            hash.merge!(combination_hash)
-          end
-          hash
-        end
-      end
-
-      # expand possible combinations if multiple characters can be substituted
-      # e.g. {'a' => ['4', '@'], 'i' => ['1']} expands to
-      #      [{'a' => '4', 'i' => 1}, {'a' => '@', 'i' => '1'}]
-      def expanded_substitutions(hash)
-        return {} if hash.empty?
-
-        values = hash.values
-        product_values = values[0].product(*values[1..-1])
-        product_values.map { |p| Hash[hash.keys.zip(p)] }
-      end
-    end
-  end
-end

data/lib/zxcvbn/password_strength.rb

@@ -1,27 +0,0 @@
-# frozen_string_literal: true
-
-require 'zxcvbn/clock'
-require 'zxcvbn/feedback_giver'
-require 'zxcvbn/omnimatch'
-require 'zxcvbn/scorer'
-
-module Zxcvbn
-  class PasswordStrength
-    def initialize(data)
-      @omnimatch = Omnimatch.new(data)
-      @scorer = Scorer.new(data)
-    end
-
-    def test(password, user_inputs = [])
-      password ||= ''
-      result = nil
-      calc_time = Clock.realtime do
-        matches = @omnimatch.matches(password, user_inputs)
-        result = @scorer.minimum_entropy_match_sequence(password, matches)
-      end
-      result.calc_time = calc_time
-      result.feedback = FeedbackGiver.get_feedback(result.score, result.match_sequence)
-      result
-    end
-  end
-end