Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gchan/password_blocklist
Ruby gem to check a password against a blocklist of commonly used passwords
https://github.com/gchan/password_blocklist
password-blocklist pasword ruby ruby-gem ruby-on-rails rubygem security
Last synced: about 2 months ago
JSON representation
Ruby gem to check a password against a blocklist of commonly used passwords
- Host: GitHub
- URL: https://github.com/gchan/password_blocklist
- Owner: gchan
- License: mit
- Created: 2017-01-19T09:44:41.000Z (almost 8 years ago)
- Default Branch: main
- Last Pushed: 2023-06-01T04:58:08.000Z (over 1 year ago)
- Last Synced: 2024-10-11T23:20:01.877Z (2 months ago)
- Topics: password-blocklist, pasword, ruby, ruby-gem, ruby-on-rails, rubygem, security
- Language: Ruby
- Homepage:
- Size: 6.89 MB
- Stars: 13
- Watchers: 1
- Forks: 5
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE.txt
- Code of conduct: CODE_OF_CONDUCT.md
Awesome Lists containing this project
README
# password_blocklist
[![Gem Version](https://badge.fury.io/rb/password_blocklist.svg)](http://badge.fury.io/rb/password_blocklist) ![License](https://img.shields.io/badge/license-MIT-blue.svg)[![Ruby Tests on Github Actions](https://github.com/gchan/password_blocklist/actions/workflows/ruby.yml/badge.svg)](https://github.com/gchan/password_blocklist/actions/workflows/ruby.yml) [![Coverage Status](https://coveralls.io/repos/github/gchan/password_blocklist/badge.svg?branch=main)](https://coveralls.io/github/gchan/password_blocklist?branch=main) [![Code Climate](https://codeclimate.com/github/gchan/password_blocklist/badges/gpa.svg)](https://codeclimate.com/github/gchan/password_blocklist)
Check the presence of a string in a blocklist of the most commonly used passwords (sourced from berzerk0
's [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists)). Different sized lists are
supported, with the default list containing 95,000 passwords.This very simple Ruby library can be integrated into your registration/authentication system to prevent users from setting commonly used (and easy to guess) passwords.
This gem has a tiny memory footprint with an execution cost of approximately 1 ms for the default list size. A memory persistence option is available to further reduce execution time.
## Installation
Gemfile:
```ruby
gem 'password_blocklist'
```Or install it yourself:
$ gem install password_blocklist
## Usage
```ruby
$ irb
require 'password_blocklist'PasswordBlocklist.blocklisted?("pokemon")
=> truePasswordBlocklist.blocklisted?("AccurateUnicornCoalPaperclip")
=> false
```
### Optional list size selectionPass a `list_size` parameter to select a different list than the default (medium) size
```ruby
PasswordBlocklist.blocklisted?('pokemon', :lg)
```| list_size | File name | File size | Passwords
| ---- | ---- | ---- | ----
| xs | `Top1575-probable-v2.txt` | 12 KB | 1,575
| sm | `Top12Thousand-probable-v2.txt` | 100 KB | 12,645
| md (default) | `Top95Thousand-probable.txt` | 822 KB | 94,988
| lg | `Top304Thousand-probable-v2.txt` | 2.8 MB | 303,872
| xl | `Top1pt6Million-probable-v2.txt` | 15.9 MB | 1,667,462Note the list size you select will use more memory and linearly affect
the processing time.### Test multiple passwords
The blocklist file is loaded on every call to `PasswordBlocklist.blocklisted?`. Use `PasswordBlocklist::Checker` to persist the blocklist in memory (approximately 0.8MB) if you would like to perform lots of password tests in quick succession.
```ruby
require 'password_blocklist'checker = PasswordBlocklist::Checker.new
=> #checker.blocklisted?("pokemon")
=> truechecker.blocklisted?("AccurateUnicornCoalPaperclip")
=> false
```You can also use a list size other than the default 'md' list
```ruby
checker = PasswordBlocklist::Checker.new(:xl)
=> #checker.blocklisted?("pokemon")
=> true
```## Supported Ruby versions
password_blocklist supports MRI Ruby 2.5+ and Ruby 3.x. The specific Ruby versions we build and test on can be found on this Github Action [workflow file](https://github.com/gchan/password_blocklist/blob/main/.github/workflows/ruby.yml).
## Migrating to v0.5.0
This library was renamed to password_blocklist in v0.5.0
To easily migrate across:
1. Update your Gemfile to use `password_blocklist` and run `bundle`
2. Rename all instances of original Module
```bash
sed -i s/PasswordBlacklist/PasswordBlocklist/g ./**/*.rb
```
3. Rename all method calls
```bash
sed -i s/blacklisted?/blocklisted?/g ./**/*.rb
```
4. One last rename
```bash
sed -i s/password_blacklist/password_blocklist/g ./**/*.rb
```
5. Verify the correct files have been updated and your code remains
functional## Development
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` or `rspec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. Use `bin/benchmark` to run some benchmarks.
To install this gem onto your local machine, run `bundle exec rake install`.
To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
Run `bundle exec rake spec` to manually launch specs.
## Contributing
Bug reports and pull requests are welcome on GitHub at https://www.github.com/gchan/password_blocklist.
1. Fork it ( https://github.com/gchan/password_blocklist/fork )
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request## Licenses
password_blocklist is Copyright (c) 2017 Gordon Chan and is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
The [Probable-Wordlists](https://github.com/berzerk0/Probable-Wordlists) data files are licensed under CC BY-SA 4.0 (Creative Commons Attribution-ShareAlike 4.0 International)
[![Analytics](https://ga-beacon.appspot.com/UA-70790190-2/password_blocklist/README.md?flat)](https://github.com/igrigorik/ga-beacon)