Wt
3.7.1
|
A default implementation for password strength validation. More...
Public Types | |
enum | PasswordType { OneCharClass, TwoCharClass, PassPhrase, ThreeCharClass, FourCharClass } |
Enumeration for a password type. More... | |
Public Types inherited from Wt::WValidator | |
enum | State { Invalid, InvalidEmpty, Valid } |
The state in which validated input can exist. More... | |
Public Types inherited from Wt::WObject | |
typedef void(WObject::* | Method) () |
Typedef for a WObject method without arguments. | |
Public Member Functions | |
PasswordStrengthValidator () | |
Default constructor. | |
void | setMinimumLength (PasswordType type, int length) |
Sets the minimum length for a password of a certain type. More... | |
int | minimumLength (PasswordType type) |
Returns the minimum length for a password of a certain type. More... | |
void | setMinimumPassPhraseWords (int words) |
Sets the minimum number of words for a pass phrase. More... | |
int | minimumPassPhraseWords () const |
Returns the minimum number of words for a pass phrase. More... | |
void | setMinimumMatchLength (int length) |
Sets the minimum length for a match against a known sequence or the login name / email address. More... | |
int | minimumMatchLength () const |
Returns the minimum length for a match against a known sequence. More... | |
virtual AbstractPasswordService::StrengthValidatorResult | evaluateStrength (const WString &password, const WString &loginName, const std::string &email) const |
Evaluates the strength of a password. More... | |
Public Member Functions inherited from Wt::Auth::AbstractPasswordService::AbstractStrengthValidator | |
AbstractStrengthValidator () | |
Constructor. | |
virtual Result | validate (const WString &password, const WString &loginName, const std::string &email) const |
Validates a password. More... | |
virtual Result | validate (const WString &password) const |
Validates a password. More... | |
Public Member Functions inherited from Wt::WValidator | |
WValidator (WObject *parent=0) | |
Creates a new validator. | |
WValidator (bool mandatory, WObject *parent=0) | |
Creates a new validator. More... | |
~WValidator () | |
Destructor. More... | |
void | setMandatory (bool how) |
Sets if input is mandatory. More... | |
bool | isMandatory () const |
Returns if input is mandatory. | |
void | setInvalidBlankText (const WString &text) |
Sets the message to display when a mandatory field is left blank. More... | |
WString | invalidBlankText () const |
Returns the message displayed when a mandatory field is left blank. More... | |
virtual WString | format () const |
Returns the validator format. More... | |
virtual void | createExtConfig (std::ostream &config) const |
Provides Ext-compatible config options for client-side validation. | |
virtual std::string | javaScriptValidate () const |
Creates a Javascript object that validates the input. More... | |
virtual std::string | inputFilter () const |
Returns a regular expression that filters input. More... | |
Public Member Functions inherited from Wt::WObject | |
WObject (WObject *parent=0) | |
Create a WObject with a given parent object. More... | |
virtual | ~WObject () |
Destructor. More... | |
virtual const std::string | id () const |
Returns the (unique) identifier for this object. More... | |
virtual void | setObjectName (const std::string &name) |
Sets an object name. More... | |
virtual std::string | objectName () const |
Returns the object name. More... | |
void | resetLearnedSlots () |
Resets learned stateless slot implementations. More... | |
template<class T > | |
void | resetLearnedSlot (void(T::*method)()) |
Resets a learned stateless slot implementation. More... | |
template<class T > | |
WStatelessSlot * | implementStateless (void(T::*method)()) |
Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
template<class T > | |
WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
void | isNotStateless () |
Marks the current function as not stateless. More... | |
template<class T > | |
WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
Provides a JavaScript implementation for a method. More... | |
void | addChild (WObject *child) |
Adds a child object. More... | |
virtual void | removeChild (WObject *child) |
Removes a child object. More... | |
const std::vector< WObject * > & | children () const |
Returns the children. | |
WObject * | parent () const |
Returns the parent object. | |
Static Public Attributes | |
static const int | Disabled = std::numeric_limits<int>::max() |
Sentinel value to disable a particular check. | |
Additional Inherited Members | |
Protected Member Functions inherited from Wt::WObject | |
virtual WStatelessSlot * | getStateless (Method method) |
On-demand stateless slot implementation. More... | |
Static Protected Member Functions inherited from Wt::WObject | |
static WObject * | sender () |
Returns the sender of the current slot call. More... | |
A default implementation for password strength validation.
This implementation uses http://www.openwall.com/passwdqc/, a password checker commonly used to validate user account passwords in Linux/BSD distributions.
The default settings are not as restrictive as those used originally by passwdqc (which could be frustratingly restrictive for a web application). You may want to make it change the settings to demand stronger passwords for sensitive applications.
Enumeration for a password type.
An entered password will be classified as one of these types, based on the different characters used.
The classification uses the concept of character classes, and defines five classes:
For determining the number of classes, capitializaiton of the first letter of a word, or appending a number, does not count as an extra class.
Enumerator | |
---|---|
OneCharClass | A password with characters of only one class. The default minimum length required for this password type is 20 characters.
|
TwoCharClass | A password with characters of two classes. The default minimum length required for this password type is 15 characters.
|
PassPhrase | A password that consists of multiple words. The default minimum length required for this password type is 11 characters.
|
ThreeCharClass | A password with characters of three classes. The default minimum length required for this password type is 8 characters.
|
FourCharClass | A password with characters of four classes. The default minimum length required for this password type is 7 characters.
|
|
virtual |
Evaluates the strength of a password.
The result is an instance of StrengthValidatorResult which contains information on the validity and the strength (0 if invalid, 5 if valid) of the password together with possible messages.
The validator takes into account the user's login name and email address, to exclude passwords that are too similar to these.
Implements Wt::Auth::AbstractPasswordService::AbstractStrengthValidator.
int Wt::Auth::PasswordStrengthValidator::minimumLength | ( | PasswordType | type | ) |
Returns the minimum length for a password of a certain type.
int Wt::Auth::PasswordStrengthValidator::minimumMatchLength | ( | ) | const |
Returns the minimum length for a match against a known sequence.
int Wt::Auth::PasswordStrengthValidator::minimumPassPhraseWords | ( | ) | const |
Returns the minimum number of words for a pass phrase.
void Wt::Auth::PasswordStrengthValidator::setMinimumLength | ( | PasswordType | type, |
int | length | ||
) |
Sets the minimum length for a password of a certain type.
See the PasswordType documentation for defaults. You may disable a password of a certain class entirely using the special value Disabled.
void Wt::Auth::PasswordStrengthValidator::setMinimumMatchLength | ( | int | length | ) |
Sets the minimum length for a match against a known sequence or the login name / email address.
Irrespective of other settings, a password may be checked not to contain common sequences.
This sets the minimum number of characters which is considered as a match of a password against a known sequence. A lower length
setting is thus more stringent.
The default value is 4.
void Wt::Auth::PasswordStrengthValidator::setMinimumPassPhraseWords | ( | int | words | ) |
Sets the minimum number of words for a pass phrase.
Sets the minimum number of words for a valid pass phrase.
The default value is 3.