zxcvbn 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -4
- data/README.md +14 -5
- data/lib/zxcvbn/matching.rb +13 -2
- data/lib/zxcvbn/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6a374558176fa132c830032ab3cf333483389b98ce54ef92bfd026400362a224
|
|
4
|
+
data.tar.gz: eb751fc63e94b4573144f66ef9cc343695104cd4461fd170931b5b5fa06e0ad2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e50119ccf438121beee719afe200c7a2085c0a266f5c5595fb95bebc01a10fca980dec4df8a30374dc5f7cf7bb5c57708a7f71565877ee8885d6740e54e71d66
|
|
7
|
+
data.tar.gz: 1323dff6d9433298bc44c4a2632de42af7137629d02113e60f2a64f6d184967a27a13e161ff3d2404b6a58177d880465bd865cc4d95158bd33c07849ed0361f4
|
data/CHANGELOG.md
CHANGED
|
@@ -1,11 +1,14 @@
|
|
|
1
|
+
## [0.1.9] - 2023-01-27
|
|
2
|
+
- [#6] [#7] Security/Performance fix to vulnerability to DoS attacks.
|
|
3
|
+
|
|
1
4
|
## [0.1.8] - 2023-01-22
|
|
2
5
|
- How to find information on translations on README.
|
|
3
6
|
- Drop automatic tests on ruby 2.5 (It still works on it but development gems are failing to build).
|
|
4
7
|
- Update dev gems to prepare to test on Ruby 3.1 and 3.2. (mini_racer, rubocop and bundler)
|
|
5
|
-
- Fix Style/RedundantStringEscape on frequency_lists.rb
|
|
6
|
-
- Add automated tests for Ruby 3.1 and 3.2
|
|
7
|
-
- Add MFA requirement on release
|
|
8
|
-
- Trim non-production files from final gem
|
|
8
|
+
- Fix Style/RedundantStringEscape on frequency_lists.rb.
|
|
9
|
+
- Add automated tests for Ruby 3.1 and 3.2.
|
|
10
|
+
- Add MFA requirement on release.
|
|
11
|
+
- Trim non-production files from final gem.
|
|
9
12
|
|
|
10
13
|
## [0.1.7] - 2021-06-12
|
|
11
14
|
- Ported original specs
|
data/README.md
CHANGED
|
@@ -5,7 +5,20 @@
|
|
|
5
5
|
|
|
6
6
|
Ruby port of Dropbox's [zxcvbn.js](https://github.com/dropbox/zxcvbn) JavaScript library running completely in Ruby (no need to load execjs or libv8).
|
|
7
7
|
|
|
8
|
-
|
|
8
|
+
### Goals:
|
|
9
|
+
- Exact same results as [dropbox/zxcvbn.js (Version 4.4.2)](https://github.com/dropbox/zxcvbn). If **result compatibility** is found or made different a major version will be bumped so no one is caught off guard.
|
|
10
|
+
- Parity of features to [dropbox/zxcvbn.js (Version 4.4.2)](https://github.com/dropbox/zxcvbn) interface.
|
|
11
|
+
- 100% native Ruby solution: **No Javascript Runtime**.
|
|
12
|
+
|
|
13
|
+
### Compatible with [zxcvbn-js](https://github.com/bitzesty/zxcvbn-js) and [zxcvbn-ruby](https://github.com/envato/zxcvbn-ruby)
|
|
14
|
+
|
|
15
|
+
This gem include compatibility interfaces so it can be used as a drop-in substitution both of the most popular alternatives `zxcvbn-js` and `zxcvbn-ruby`). Besides `Zxcvbn.zxcvbn` you can just call `Zxcvbn.test` or use `Zxcvbn::Tester.new` the same way as you would if you were using any of them.
|
|
16
|
+
|
|
17
|
+
| | `zxcvbn-rb` | `zxcvbn-js` | `zxcvbn-ruby` |
|
|
18
|
+
|------------------------------------|------------------------|------------------------|------------------------|
|
|
19
|
+
| Results match `zxcvbn.js (V4.4.2)` | :white_check_mark: yes | :white_check_mark: yes | :x: no |
|
|
20
|
+
| Run without Javascript Runtime | :white_check_mark: yes | :x: no | :white_check_mark: yes |
|
|
21
|
+
| Interface compatibility with others| :white_check_mark: yes | :x: no | :x: no |
|
|
9
22
|
|
|
10
23
|
## Installation
|
|
11
24
|
|
|
@@ -71,10 +84,6 @@ Zxcvbn.zxcvbn("password")
|
|
|
71
84
|
}
|
|
72
85
|
```
|
|
73
86
|
|
|
74
|
-
### Compatible with `zxcvbn-js` and `zxcvbn-ruby`
|
|
75
|
-
|
|
76
|
-
This gem include a compatible interface so it can be used as a drop-in substitution for `zxcvbn-js` or `zxcvbn-ruby`. You can just call `Zxcvbn.test` or use `Zxcvbn::Tester.new` the same way as you would if you were using `zxcvbn-js` or `zxcvbn-ruby`.
|
|
77
|
-
|
|
78
87
|
### Note about translations (i18n, gettext, etc...)
|
|
79
88
|
Check the [wiki](https://github.com/formigarafa/zxcvbn-rb/wiki) for more details on how to handle translations.
|
|
80
89
|
|
data/lib/zxcvbn/matching.rb
CHANGED
|
@@ -15,6 +15,10 @@ module Zxcvbn
|
|
|
15
15
|
build_ranked_dict(lst)
|
|
16
16
|
end
|
|
17
17
|
|
|
18
|
+
RANKED_DICTIONARIES_MAX_WORD_SIZE = RANKED_DICTIONARIES.transform_values do |word_scores|
|
|
19
|
+
word_scores.keys.max_by(&:size).size
|
|
20
|
+
end
|
|
21
|
+
|
|
18
22
|
GRAPHS = {
|
|
19
23
|
"qwerty" => ADJACENCY_GRAPHS["qwerty"],
|
|
20
24
|
"dvorak" => ADJACENCY_GRAPHS["dvorak"],
|
|
@@ -151,8 +155,13 @@ module Zxcvbn
|
|
|
151
155
|
len = password.length
|
|
152
156
|
password_lower = password.downcase
|
|
153
157
|
_ranked_dictionaries.each do |dictionary_name, ranked_dict|
|
|
158
|
+
longest_dict_word_size = RANKED_DICTIONARIES_MAX_WORD_SIZE.fetch(dictionary_name) do
|
|
159
|
+
ranked_dict.keys.max_by(&:size)&.size || 0
|
|
160
|
+
end
|
|
161
|
+
search_width = [longest_dict_word_size, len].min
|
|
154
162
|
(0...len).each do |i|
|
|
155
|
-
|
|
163
|
+
search_end = [i + search_width, len].min
|
|
164
|
+
(i...search_end).each do |j|
|
|
156
165
|
if ranked_dict.key?(password_lower[i..j])
|
|
157
166
|
word = password_lower[i..j]
|
|
158
167
|
rank = ranked_dict[word]
|
|
@@ -187,7 +196,9 @@ module Zxcvbn
|
|
|
187
196
|
end
|
|
188
197
|
|
|
189
198
|
def self.user_input_dictionary=(ordered_list)
|
|
190
|
-
|
|
199
|
+
ranked_dict = build_ranked_dict(ordered_list.dup)
|
|
200
|
+
RANKED_DICTIONARIES["user_inputs"] = ranked_dict
|
|
201
|
+
RANKED_DICTIONARIES_MAX_WORD_SIZE["user_inputs"] = ranked_dict.keys.max_by(&:size)&.size || 0
|
|
191
202
|
end
|
|
192
203
|
|
|
193
204
|
#-------------------------------------------------------------------------------
|
data/lib/zxcvbn/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: zxcvbn
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.9
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Rafael Santos
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-01-
|
|
11
|
+
date: 2023-01-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: 100% native Ruby 100% compatible port of Dropbox's zxcvbn.js
|
|
14
14
|
email:
|