Wt  3.7.1
Public Types | Public Member Functions | Static Public Attributes | List of all members
Wt::Auth::PasswordStrengthValidator Class Reference

A default implementation for password strength validation. More...

Inheritance diagram for Wt::Auth::PasswordStrengthValidator:
Inheritance graph
[legend]

Public Types

enum  PasswordType {
  OneCharClass, TwoCharClass, PassPhrase, ThreeCharClass,
  FourCharClass
}
 Enumeration for a password type. More...
 
- Public Types inherited from Wt::WValidator
enum  State { Invalid, InvalidEmpty, Valid }
 The state in which validated input can exist. More...
 
- Public Types inherited from Wt::WObject
typedef void(WObject::* Method) ()
 Typedef for a WObject method without arguments.
 

Public Member Functions

 PasswordStrengthValidator ()
 Default constructor.
 
void setMinimumLength (PasswordType type, int length)
 Sets the minimum length for a password of a certain type. More...
 
int minimumLength (PasswordType type)
 Returns the minimum length for a password of a certain type. More...
 
void setMinimumPassPhraseWords (int words)
 Sets the minimum number of words for a pass phrase. More...
 
int minimumPassPhraseWords () const
 Returns the minimum number of words for a pass phrase. More...
 
void setMinimumMatchLength (int length)
 Sets the minimum length for a match against a known sequence or the login name / email address. More...
 
int minimumMatchLength () const
 Returns the minimum length for a match against a known sequence. More...
 
virtual AbstractPasswordService::StrengthValidatorResult evaluateStrength (const WString &password, const WString &loginName, const std::string &email) const
 Evaluates the strength of a password. More...
 
- Public Member Functions inherited from Wt::Auth::AbstractPasswordService::AbstractStrengthValidator
 AbstractStrengthValidator ()
 Constructor.
 
virtual Result validate (const WString &password, const WString &loginName, const std::string &email) const
 Validates a password. More...
 
virtual Result validate (const WString &password) const
 Validates a password. More...
 
- Public Member Functions inherited from Wt::WValidator
 WValidator (WObject *parent=0)
 Creates a new validator.
 
 WValidator (bool mandatory, WObject *parent=0)
 Creates a new validator. More...
 
 ~WValidator ()
 Destructor. More...
 
void setMandatory (bool how)
 Sets if input is mandatory. More...
 
bool isMandatory () const
 Returns if input is mandatory.
 
void setInvalidBlankText (const WString &text)
 Sets the message to display when a mandatory field is left blank. More...
 
WString invalidBlankText () const
 Returns the message displayed when a mandatory field is left blank. More...
 
virtual WString format () const
 Returns the validator format. More...
 
virtual void createExtConfig (std::ostream &config) const
 Provides Ext-compatible config options for client-side validation.
 
virtual std::string javaScriptValidate () const
 Creates a Javascript object that validates the input. More...
 
virtual std::string inputFilter () const
 Returns a regular expression that filters input. More...
 
- Public Member Functions inherited from Wt::WObject
 WObject (WObject *parent=0)
 Create a WObject with a given parent object. More...
 
virtual ~WObject ()
 Destructor. More...
 
virtual const std::string id () const
 Returns the (unique) identifier for this object. More...
 
virtual void setObjectName (const std::string &name)
 Sets an object name. More...
 
virtual std::string objectName () const
 Returns the object name. More...
 
void resetLearnedSlots ()
 Resets learned stateless slot implementations. More...
 
template<class T >
void resetLearnedSlot (void(T::*method)())
 Resets a learned stateless slot implementation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)())
 Declares a slot to be stateless and learn client-side behaviour on first invocation. More...
 
template<class T >
WStatelessSlot * implementStateless (void(T::*method)(), void(T::*undoMethod)())
 Declares a slot to be stateless and learn client-side behaviour in advance. More...
 
void isNotStateless ()
 Marks the current function as not stateless. More...
 
template<class T >
WStatelessSlot * implementJavaScript (void(T::*method)(), const std::string &jsCode)
 Provides a JavaScript implementation for a method. More...
 
void addChild (WObject *child)
 Adds a child object. More...
 
virtual void removeChild (WObject *child)
 Removes a child object. More...
 
const std::vector< WObject * > & children () const
 Returns the children.
 
WObjectparent () const
 Returns the parent object.
 

Static Public Attributes

static const int Disabled = std::numeric_limits<int>::max()
 Sentinel value to disable a particular check.
 

Additional Inherited Members

- Protected Member Functions inherited from Wt::WObject
virtual WStatelessSlot * getStateless (Method method)
 On-demand stateless slot implementation. More...
 
- Static Protected Member Functions inherited from Wt::WObject
static WObjectsender ()
 Returns the sender of the current slot call. More...
 

Detailed Description

A default implementation for password strength validation.

This implementation uses http://www.openwall.com/passwdqc/, a password checker commonly used to validate user account passwords in Linux/BSD distributions.

The default settings are not as restrictive as those used originally by passwdqc (which could be frustratingly restrictive for a web application). You may want to make it change the settings to demand stronger passwords for sensitive applications.

Member Enumeration Documentation

◆ PasswordType

Enumeration for a password type.

An entered password will be classified as one of these types, based on the different characters used.

The classification uses the concept of character classes, and defines five classes:

  • lower case letters
  • upper case letters
  • numbers
  • other ascii characters
  • unknowns (i.e. multi-byte UTF-8 sequences)

For determining the number of classes, capitializaiton of the first letter of a word, or appending a number, does not count as an extra class.

Enumerator
OneCharClass 

A password with characters of only one class.

The default minimum length required for this password type is 20 characters.

Note
the default of passwdqc is Disabled
TwoCharClass 

A password with characters of two classes.

The default minimum length required for this password type is 15 characters.

Note
the default of passwdqc is 24 characters
PassPhrase 

A password that consists of multiple words.

The default minimum length required for this password type is 11 characters.

See also
setMinimumPassPhraseWords()
Note
the default of passwdqc is also 11 characters
ThreeCharClass 

A password with characters of three classes.

The default minimum length required for this password type is 8 characters.

Note
the default of passwdqc is also 8 characters
FourCharClass 

A password with characters of four classes.

The default minimum length required for this password type is 7 characters.

Note
the default of passwdqc is also 7 characters

Member Function Documentation

◆ evaluateStrength()

AbstractPasswordService::StrengthValidatorResult Wt::Auth::PasswordStrengthValidator::evaluateStrength ( const WString password,
const WString loginName,
const std::string &  email 
) const
virtual

Evaluates the strength of a password.

The result is an instance of StrengthValidatorResult which contains information on the validity and the strength (0 if invalid, 5 if valid) of the password together with possible messages.

The validator takes into account the user's login name and email address, to exclude passwords that are too similar to these.

Implements Wt::Auth::AbstractPasswordService::AbstractStrengthValidator.

◆ minimumLength()

int Wt::Auth::PasswordStrengthValidator::minimumLength ( PasswordType  type)

Returns the minimum length for a password of a certain type.

See also
setMinimumLength()

◆ minimumMatchLength()

int Wt::Auth::PasswordStrengthValidator::minimumMatchLength ( ) const

Returns the minimum length for a match against a known sequence.

See also
setMinimumMatchLength()

◆ minimumPassPhraseWords()

int Wt::Auth::PasswordStrengthValidator::minimumPassPhraseWords ( ) const

Returns the minimum number of words for a pass phrase.

See also
setMinimumPassPhraseWords()

◆ setMinimumLength()

void Wt::Auth::PasswordStrengthValidator::setMinimumLength ( PasswordType  type,
int  length 
)

Sets the minimum length for a password of a certain type.

See the PasswordType documentation for defaults. You may disable a password of a certain class entirely using the special value Disabled.

◆ setMinimumMatchLength()

void Wt::Auth::PasswordStrengthValidator::setMinimumMatchLength ( int  length)

Sets the minimum length for a match against a known sequence or the login name / email address.

Irrespective of other settings, a password may be checked not to contain common sequences.

This sets the minimum number of characters which is considered as a match of a password against a known sequence. A lower length setting is thus more stringent.

The default value is 4.

◆ setMinimumPassPhraseWords()

void Wt::Auth::PasswordStrengthValidator::setMinimumPassPhraseWords ( int  words)

Sets the minimum number of words for a pass phrase.

Sets the minimum number of words for a valid pass phrase.

The default value is 3.

See also
PassPhrase

Generated on Tue Dec 15 2020 for the C++ Web Toolkit (Wt) by doxygen 1.8.13