Merge branch 'master' into dependabot/npm_and_yarn/braces-3.0.3

Author: arpit-jn

.github/CODEOWNERS

@@ -1 +1 @@
-*	@auth0/dx-sdks-engineer
+*	@auth0/project-dx-sdks-engineer-codeowner

.github/workflows/semgrep.yml

@@ -3,7 +3,7 @@ name: Snyk
 on:
   merge_group:
   workflow_dispatch:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -21,16 +21,7 @@ concurrency:
   cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
 
 jobs:
-  authorize:
-    name: Authorize
-    environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-
   check:
-    needs: authorize
-
     name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 

.github/workflows/snyk.yml

@@ -1,5 +1,6 @@
 # Password Sheriff
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff?ref=badge_shield)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/auth0/password-sheriff)
 
 
 Node.js (and browserify supported) library to enforce password policies.
@@ -113,6 +114,16 @@ Password Sheriff includes some default rules:
   });
   ```
 
+  * `sequentialChars`: Passwords should not contain more than `max` sequential (increasing or decreasing) alphanumeric characters.
+  ```js
+  var sequentialCharsPolicy = new PasswordPolicy({
+    sequentialChars: { max: 3 }
+  });
+  // 'abcd' -> false (4 sequential > 3)
+  // 'dcba' -> false (4 sequential > 3)
+  // 'abce' -> true  (sequence breaks)
+  ```
+
 See the [default-rules example](examples/default-rules.js) section for more information.
 
 ## Issue Reporting
@@ -128,4 +139,4 @@ If you have found a bug or if you have a feature request, please report them at
 This project is licensed under the MIT license. See the [LICENSE](LICENSE) file for more info.
 
 
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff?ref=badge_large)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fauth0%2Fpassword-sheriff?ref=badge_large)

README.md

@@ -7,6 +7,7 @@ var PasswordPolicy = require('..').PasswordPolicy;
  *  * contains
  *  * containsAtLeast
  *  * identicalChars
+ *  * sequentialChars
 */
 
 /*
@@ -101,3 +102,18 @@ assert.equal(true, identitcalCharsPolicy.check('helllo'));
 assert.equal(false, identitcalCharsPolicy.check('hellllo'));
 assert.equal(false, identitcalCharsPolicy.check('123333334'));
 
+/*
+ * sequentialChars
+ *
+ * Parameters: max :: Integer
+ *
+ * Passwords should not contain more than `max` sequential (increasing or decreasing) characters.
+ */
+var sequentialCharsPolicy = new PasswordPolicy({
+  sequentialChars: { max: 3 }
+});
+
+assert.equal(true, sequentialCharsPolicy.check('abce'));      // sequence breaks before exceeding 3
+assert.equal(true, sequentialCharsPolicy.check('cbaZ'));      // descending sequence of length 3 allowed
+assert.equal(false, sequentialCharsPolicy.check('abcd'));     // ascending length 4 not allowed
+assert.equal(false, sequentialCharsPolicy.check('dcba1'));    // descending length 4 not allowed

examples/default-rules.js

@@ -11,6 +11,7 @@ var defaultRuleset = {
   contains:         require('./rules/contains'),
   containsAtLeast:  require('./rules/containsAtLeast'),
   identicalChars:   require('./rules/identicalChars'),
+  sequentialChars:  require('./rules/sequentialChars')
 };
 
 function flatDescriptions (descriptions, index) {

lib/policy.js

@@ -0,0 +1,145 @@
+var _ = require('../helper');
+
+/**
+ * @readonly
+ * @enum {number}
+ */
+var Direction = {
+  Ascending: 1,
+  Descending: -1,
+  None: 0
+};
+
+/**
+ * @readonly
+ * @enum {number}
+ */
+var CharacterCodes = {
+  LowerCaseA: 'a'.charCodeAt(0),
+  LowerCaseZ: 'z'.charCodeAt(0),
+  Zero: '0'.charCodeAt(0),
+  Nine: '9'.charCodeAt(0),
+  UpperCaseA: 'A'.charCodeAt(0),
+  UpperCaseZ: 'Z'.charCodeAt(0),
+};
+
+/**
+ * Determines if a character is alphanumeric
+ *
+ * @param {number} code character code
+ * @return {boolean}
+ */
+function isAlphanumeric(code) {
+  if (!_.isNumber(code) || _.isNaN(code)) {
+    return false;
+  }
+
+  if (code >= CharacterCodes.LowerCaseA && code <= CharacterCodes.LowerCaseZ) {
+    return true;
+  } else if (code >= CharacterCodes.UpperCaseA && code <= CharacterCodes.UpperCaseZ) {
+    return true;
+  } else if (code >= CharacterCodes.Zero && code <= CharacterCodes.Nine) {
+    return true;
+  }
+
+  return false;
+}
+
+/**
+ * Returns true if password has more sequential characters the configured max allowed
+ *
+ * @param {{max: number}} options
+ * @param {string} password
+ * @return {boolean}
+ */
+function assert(options, password) {
+  if (!password) {
+    return false;
+  }
+
+  var prevCode = password.charCodeAt(0);
+  var seqLen = isAlphanumeric(prevCode) ? 1 : 0;
+  var currentDirection = Direction.None;
+
+  for (var i = 1; i < password.length; i++) {
+    var currentCode = password.charCodeAt(i);
+    if (!isAlphanumeric(currentCode) || !isAlphanumeric(prevCode)) {
+      currentDirection = Direction.None;
+      seqLen = 1;
+      prevCode = currentCode;
+      continue;
+    }
+
+    var diff = currentCode - prevCode;
+    prevCode = currentCode;
+
+    if (diff === Direction.Ascending || diff === Direction.Descending) {
+      if (currentDirection === diff) {
+        seqLen += 1;
+      } else {
+        // start a new potential sequence of length 2 (prev + current)
+        currentDirection = diff;
+        seqLen = 2;
+      }
+    } else {
+      currentDirection = Direction.None;
+      seqLen = 1;
+    }
+
+    if (seqLen > options.max) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+/**
+ * @param {{max: number}} options
+ * @param {boolean} verified
+ * @return {boolean}
+ */
+function explain(options, verified) {
+  var example = '';
+  for (var i = 0; i < options.max + 1; i++) {
+    example += String.fromCharCode('a'.charCodeAt(0) + i);
+  }
+  var d = {
+    message: 'No more than %d sequential alphanumeric characters (e.g., "%s" not allowed)', // updated
+    code: 'sequentialChars',
+    format: [options.max, example]
+  };
+  if (verified !== undefined) {
+    d.verified = verified;
+  }
+  return d;
+}
+
+/**
+ * @param {{max: number}} options
+ * @return {boolean}
+ */
+function validate(options) {
+  if (!_.isObject(options)) {
+    throw new Error('options should be an object');
+  }
+
+  if (!_.isNumber(options.max) || _.isNaN(options.max) || options.max < 2) {
+    throw new Error('max should be a number greater than or equal to 2');
+  }
+
+  if (!_.isNumber(options.max) || _.isNaN(options.max) || options.max > 26) {
+    throw new Error('max should be a number less than or equal to 26');
+  }
+
+  return true;
+}
+
+module.exports = {
+  validate,
+  explain,
+  missing: function (options, password) {
+    return explain(options, assert(options, password));
+  },
+  assert
+};