Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/gchan/password_blocklist

Ruby gem to check a password against a blocklist of commonly used passwords
https://github.com/gchan/password_blocklist

password-blocklist pasword ruby ruby-gem ruby-on-rails rubygem security

Last synced: about 2 months ago
JSON representation

Ruby gem to check a password against a blocklist of commonly used passwords

Awesome Lists containing this project

README

        

# password_blocklist
[![Gem Version](https://badge.fury.io/rb/password_blocklist.svg)](http://badge.fury.io/rb/password_blocklist) ![License](https://img.shields.io/badge/license-MIT-blue.svg)

[![Ruby Tests on Github Actions](https://github.com/gchan/password_blocklist/actions/workflows/ruby.yml/badge.svg)](https://github.com/gchan/password_blocklist/actions/workflows/ruby.yml) [![Coverage Status](https://coveralls.io/repos/github/gchan/password_blocklist/badge.svg?branch=main)](https://coveralls.io/github/gchan/password_blocklist?branch=main) [![Code Climate](https://codeclimate.com/github/gchan/password_blocklist/badges/gpa.svg)](https://codeclimate.com/github/gchan/password_blocklist)

Check the presence of a string in a blocklist of the most commonly used passwords (sourced from berzerk0
's [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)). Different sized lists are
supported, with the default list containing 95,000 passwords.

This very simple Ruby library can be integrated into your registration/authentication system to prevent users from setting commonly used (and easy to guess) passwords.

This gem has a tiny memory footprint with an execution cost of approximately 1 ms for the default list size. A memory persistence option is available to further reduce execution time.

## Installation

Gemfile:

```ruby
gem 'password_blocklist'
```

Or install it yourself:

$ gem install password_blocklist

## Usage

```ruby
$ irb
require 'password_blocklist'

PasswordBlocklist.blocklisted?("pokemon")
=> true

PasswordBlocklist.blocklisted?("AccurateUnicornCoalPaperclip")
=> false
```
### Optional list size selection

Pass a `list_size` parameter to select a different list than the default (medium) size

```ruby
PasswordBlocklist.blocklisted?('pokemon', :lg)
```

| list_size | File name | File size | Passwords
| ---- | ---- | ---- | ----
| xs | `Top1575-probable-v2.txt` | 12 KB | 1,575
| sm | `Top12Thousand-probable-v2.txt` | 100 KB | 12,645
| md (default) | `Top95Thousand-probable.txt` | 822 KB | 94,988
| lg | `Top304Thousand-probable-v2.txt` | 2.8 MB | 303,872
| xl | `Top1pt6Million-probable-v2.txt` | 15.9 MB | 1,667,462

Note the list size you select will use more memory and linearly affect
the processing time.

### Test multiple passwords

The blocklist file is loaded on every call to `PasswordBlocklist.blocklisted?`. Use `PasswordBlocklist::Checker` to persist the blocklist in memory (approximately 0.8MB) if you would like to perform lots of password tests in quick succession.

```ruby
require 'password_blocklist'

checker = PasswordBlocklist::Checker.new
=> #

checker.blocklisted?("pokemon")
=> true

checker.blocklisted?("AccurateUnicornCoalPaperclip")
=> false
```

You can also use a list size other than the default 'md' list

```ruby
checker = PasswordBlocklist::Checker.new(:xl)
=> #

checker.blocklisted?("pokemon")
=> true
```

## Supported Ruby versions

password_blocklist supports MRI Ruby 2.5+ and Ruby 3.x. The specific Ruby versions we build and test on can be found on this Github Action [workflow file](https://github.com/gchan/password_blocklist/blob/main/.github/workflows/ruby.yml).

## Migrating to v0.5.0

This library was renamed to password_blocklist in v0.5.0

To easily migrate across:

1. Update your Gemfile to use `password_blocklist` and run `bundle`
2. Rename all instances of original Module
```bash
sed -i s/PasswordBlacklist/PasswordBlocklist/g ./**/*.rb
```
3. Rename all method calls
```bash
sed -i s/blacklisted?/blocklisted?/g ./**/*.rb
```
4. One last rename
```bash
sed -i s/password_blacklist/password_blocklist/g ./**/*.rb
```
5. Verify the correct files have been updated and your code remains
functional

## Development

After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` or `rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. Use `bin/benchmark` to run some benchmarks.

To install this gem onto your local machine, run `bundle exec rake install`.

To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).

Run `bundle exec rake spec` to manually launch specs.

## Contributing

Bug reports and pull requests are welcome on GitHub at https://www.github.com/gchan/password_blocklist.

1. Fork it ( https://github.com/gchan/password_blocklist/fork )
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request

## Licenses

password_blocklist is Copyright (c) 2017 Gordon Chan and is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).

The [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists) data files are licensed under CC BY-SA 4.0 (Creative Commons Attribution-ShareAlike 4.0 International)

[![Analytics](https://ga-beacon.appspot.com/UA-70790190-2/password_blocklist/README.md?flat)](https://github.com/igrigorik/ga-beacon)