Ruby JavaScript CSS HTML
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
app/assets
lib
spec
.gitignore
Gemfile
Gemfile.lock
LICENSE
README.rdoc
Rakefile
pwdcalc.gemspec

README.rdoc

pwdcalc

Improve the user experience and security of your web application within just a few seconds by installing the pwdcalc gem. It extends your password fields with a strength bar and hint, enforcing a minimum complexity for security reasons.

Take no risk and help your users to choose good passwords!

Installation

Add pwdcalc to your Gemfile and bundle it up:

gem 'pwdcalc', :git => 'https://github.com/trimentor/pwdcalc.git'

Run the following command to install it:

bundle install

Run the installation generator:

rails g pwdcalc:install

Usage

Add the following directives to your JavaScript manifest file:

//= require jquery.YAPSM.min
//= require jquery.pwdcalc

Add the following directives to your CSS manifest file:

*= require pwdcalc

Use +Pwdcalc::FormBuilder+ to automatically create password field/-strength meter combinations:

<%= form_for @user, builder: Pwdcalc::FormBuilder do |f| %>
  <div class="field">
    <%= f.label :username %><br>
    <%= text_field :username %>
  </div>

  <div class="field pwdcalc-form-group">
    <%= f.label :password %><br>
    <%= f.password_field :password %>
  </div>

  <div class="actions">
    <%= f.submit %>
  </div>
<% end %>

NOTE: It's required to wrap the control in pwdcalc-form-group.

Localized Hints

Add the following line somewhere inside your view (e.g. at the bottom of your form):

<%= pwdcalc_translated_hints %>

Dictionary Attacks

Many people have a tendency to choose passwords which are short, single words found in dictionaries or simple, easily-predicted variations on words, vulnerable for dictionary attacks.

It's easy to provide a list of obvious passwords. Just add the data-dictionary attribute to the input field:

<%= f.password_field, :data => { :dictionary => 'obviousPasswords()' } %>

Keep in mind that the value should evaluate to an array.

Events

The pwdcalc-submit event is sent to the document when the user is attempting to submit the form.

$(document).on('pwdcalc-submit', handler(eventObject, origEventObject, field))

The pwdcalc-keyup-init event is sent to the document when the user releases a key on the keyboard and before a score and hint is shown or hidden.

$(document).on('pwdcalc-keyup-init', handler(eventObject, origEventObject, field))

The pwdcalc-keyup-complete event is sent to the document when the user releases a key on the keyboard and after a score and hint is shown or hidden.

$(document).on('pwdcalc-keyup-complete', handler(eventObject, origEventObject, field))

YAPSM (Yet Another Password Strength Meter)

The project page of this jQuery plugin can be found here on GitHub!

Bug Tracker

Have a bug? Please create an issue here on GitHub!

github.com/trimentor/pwdcalc/issues

Note on Patches/Pull Requests

  • Fork the project.

  • Make your feature addition or bug fix.

  • Add tests for it. This is important so I don't break it in a future version unintentionally.

  • Commit, do not mess with rakefile, version, or history.

  • Send me a pull request. Bonus points for topic branches.

Copyright

Copyright © 2012 Kjel Delaey, released under the MIT license.