A default implementation for password strength validation. More...
#include <PasswordStrengthValidator.h>
Public Member Functions | |
| PasswordStrengthValidator () | |
| Default constructor. | |
| void | setMinimumLength (PasswordStrengthType type, int length) |
| Sets the minimum length for a password of a certain type. More... | |
| int | minimumLength (PasswordStrengthType type) |
| Returns the minimum length for a password of a certain type. More... | |
| void | setMinimumPassPhraseWords (int words) |
| Sets the minimum number of words for a pass phrase. More... | |
| int | minimumPassPhraseWords () const |
| Returns the minimum number of words for a pass phrase. More... | |
| void | setMinimumMatchLength (int length) |
| Sets the minimum length for a match against a known sequence or the login name / email address. More... | |
| int | minimumMatchLength () const |
| Returns the minimum length for a match against a known sequence. More... | |
| virtual AbstractPasswordService::StrengthValidatorResult | evaluateStrength (const WString &password, const WString &loginName, const std::string &email) const override |
| Evaluates the strength of a password. More... | |
 Public Member Functions inherited from Wt::Auth::AbstractPasswordService::AbstractStrengthValidator | |
| AbstractStrengthValidator () | |
| Constructor. | |
| virtual Result | validate (const WString &password, const WString &loginName, const std::string &email) const |
| Validates a password. More... | |
| virtual Result | validate (const WString &password) const override |
| Validates a password. More... | |
| Public Member Functions inherited from Wt::WValidator | |
| WValidator (bool mandatory=false) | |
| Creates a new validator. More... | |
| virtual | ~WValidator () |
| Destructor. More... | |
| void | setMandatory (bool how) |
| Sets if input is mandatory. More... | |
| bool | isMandatory () const |
| Returns if input is mandatory. | |
| void | setInvalidBlankText (const WString &text) |
| Sets the message to display when a mandatory field is left blank. More... | |
| WString | invalidBlankText () const |
| Returns the message displayed when a mandatory field is left blank. More... | |
| virtual WString | format () const |
| Returns the validator format. More... | |
| virtual std::string | javaScriptValidate () const |
| Creates a Javascript object that validates the input. More... | |
| virtual std::string | inputFilter () const |
| Returns a regular expression that filters input. More... | |
Static Public Attributes | |
| static const int | Disabled = std::numeric_limits<int>::max() |
| Sentinel value to disable a particular check. | |
Additional Inherited Members | |
| Public Types inherited from Wt::WValidator | |
| typedef ValidationState | State |
| Typedef for enum Wt::ValidationState. | |
Detailed Description
A default implementation for password strength validation.
This implementation uses http://www.openwall.com/passwdqc/, a password checker commonly used to validate user account passwords in Linux/BSD distributions.
The default settings are not as restrictive as those used originally by passwdqc (which could be frustratingly restrictive for a web application). You may want to make it change the settings to demand stronger passwords for sensitive applications.
Member Function Documentation
◆ evaluateStrength()
|
overridevirtual |
Evaluates the strength of a password.
The result is an instance of StrengthValidatorResult which contains information on the validity and the strength (0 if invalid, 5 if valid) of the password together with possible messages.
The validator takes into account the user's login name and email address, to exclude passwords that are too similar to these.
Implements Wt::Auth::AbstractPasswordService::AbstractStrengthValidator.
◆ minimumLength()
| int Wt::Auth::PasswordStrengthValidator::minimumLength | ( | PasswordStrengthType | type | ) |
Returns the minimum length for a password of a certain type.
- See also
- setMinimumLength()
◆ minimumMatchLength()
| int Wt::Auth::PasswordStrengthValidator::minimumMatchLength | ( | ) | const |
Returns the minimum length for a match against a known sequence.
- See also
- setMinimumMatchLength()
◆ minimumPassPhraseWords()
| int Wt::Auth::PasswordStrengthValidator::minimumPassPhraseWords | ( | ) | const |
Returns the minimum number of words for a pass phrase.
- See also
- setMinimumPassPhraseWords()
◆ setMinimumLength()
| void Wt::Auth::PasswordStrengthValidator::setMinimumLength | ( | PasswordStrengthType | type, |
| int | length | ||
| ) |
Sets the minimum length for a password of a certain type.
See the PasswordStrengthType documentation for defaults. You may disable a password of a certain class entirely using the special value Disabled.
◆ setMinimumMatchLength()
| void Wt::Auth::PasswordStrengthValidator::setMinimumMatchLength | ( | int | length | ) |
Sets the minimum length for a match against a known sequence or the login name / email address.
Irrespective of other settings, a password may be checked not to contain common sequences.
This sets the minimum number of characters which is considered as a match of a password against a known sequence. A lower length setting is thus more stringent.
The default value is 4.
◆ setMinimumPassPhraseWords()
| void Wt::Auth::PasswordStrengthValidator::setMinimumPassPhraseWords | ( | int | words | ) |
Sets the minimum number of words for a pass phrase.
Sets the minimum number of words for a valid pass phrase.
The default value is 3.
- See also
- PassPhrase
