password-sheriff/examples/default-rules.js at master · auth0/password-sheriff · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
var assert = require('assert');

var PasswordPolicy = require('..').PasswordPolicy;

/* The default Password Sheriff rules are:
 *  * length
 *  * contains
 *  * containsAtLeast
 *  * identicalChars
 *  * sequentialChars
 *  * maxLength
*/

/*
 * length
 *
 * Parameters:  minLength :: Integer
 *
 * Specify the minimum amount of characters a password must have using the
 * `minLength` argument.
 */
var lengthPolicy = new PasswordPolicy({length: {minLength: 3}});

assert.equal(false, lengthPolicy.check('f'));
assert.equal(false, lengthPolicy.check('fo'));
assert.equal(true, lengthPolicy.check('foo'));
assert.equal(true, lengthPolicy.check('foobar'));

/*
 * contains
 *
 * Parameters: expressions :: [Charset]
 *
 * Password should contain all of the charsets specified. There are
 * 4 predefined charsets: `upperCase`, `lowerCase`, `numbers` and
 * `specialCharacters` (`specialCharacters`are the ones defined in
 * OWASP Password Policy recommendation document).
 */

var charsets = require('../lib/rules/contains').charsets;

// var lowerCase         = charsets.lowerCase;
// var specialCharacters = charsets.specialCharacters;
var upperCase         = charsets.upperCase;
var numbers           = charsets.numbers;


var containsPolicy = new PasswordPolicy({contains: {
  expressions: [upperCase, numbers]
}});

assert.equal(false, containsPolicy.check('foo'));
assert.equal(false, containsPolicy.check('Bar'));
assert.equal(true, containsPolicy.check('Bar9'));
assert.equal(true, containsPolicy.check('B9'));

/*
 * containsAtLeast
 *
 * Parameters: expressions :: [Charset], atLeast :: Integer
 *
 * Passwords should contain at least `atLeast` of a total of `expressions.length`
 * groups.
 */

var charsets = require('../lib/rules/containsAtLeast').charsets;

var lowerCase         = charsets.lowerCase;
// var specialCharacters = charsets.specialCharacters;
upperCase         = charsets.upperCase;
numbers           = charsets.numbers;

var containsAtLeastPolicy = new PasswordPolicy({
  containsAtLeast: {
    atLeast: 2,
    expressions: [ lowerCase, upperCase, numbers ]
  }
});

assert.equal(false, containsAtLeastPolicy.check('hello'));
assert.equal(false, containsAtLeastPolicy.check('387'));
assert.equal(true,  containsAtLeastPolicy.check('387hello'));
assert.equal(true,  containsAtLeastPolicy.check('HELLOhello'));
assert.equal(true,  containsAtLeastPolicy.check('HELLOhello123'));


/*
 * identicalChars
 *
 * Parameters: max :: Integer
 *
 * Passwords should not contain any character repeated continuously `max + 1` times.
 */
var identitcalCharsPolicy = new PasswordPolicy({
  identicalChars: {
    max: 3
  }
});

assert.equal(true, identitcalCharsPolicy.check('hello'));
assert.equal(true, identitcalCharsPolicy.check('hellol'));
assert.equal(true, identitcalCharsPolicy.check('helllo'));
assert.equal(false, identitcalCharsPolicy.check('hellllo'));
assert.equal(false, identitcalCharsPolicy.check('123333334'));

/*
 * sequentialChars
 *
 * Parameters: max :: Integer
 *
 * Passwords should not contain more than `max` sequential (increasing or decreasing) characters.
 */
var sequentialCharsPolicy = new PasswordPolicy({
  sequentialChars: { max: 3 }
});

assert.equal(true, sequentialCharsPolicy.check('abce'));      // sequence breaks before exceeding 3
assert.equal(true, sequentialCharsPolicy.check('cbaZ'));      // descending sequence of length 3 allowed
assert.equal(false, sequentialCharsPolicy.check('abcd'));     // ascending length 4 not allowed
assert.equal(false, sequentialCharsPolicy.check('dcba1'));    // descending length 4 not allowed

/*
 * maxLength
 *
 * Parameters: maxBytes :: Integer
 *
 * Passwords should not exceed `maxBytes` bytes when encoded in UTF-8. Multi-byte characters (e.g. emoji) count as multiple bytes.
 */
var maxLengthPolicy = new PasswordPolicy({
  maxLength: { maxBytes: 8 }
});

assert.equal(true,  maxLengthPolicy.check('a'.repeat(8)));    // 8 bytes OK
assert.equal(false, maxLengthPolicy.check('a'.repeat(9)));    // 9 bytes > 8
assert.equal(true,  maxLengthPolicy.check('😀😀'));            // 2 emojis * 4 bytes = 8 OK
assert.equal(false, maxLengthPolicy.check('😀😀😀'));          // 12 bytes > 8
assert.equal(true,  maxLengthPolicy.check('éééé'));           // each 'é' 2 bytes => 8 bytes OK
assert.equal(false, maxLengthPolicy.check('ééééé'));          // 10 bytes > 8