Class: Zxcvbn::Omnimatch Private

Inherits:
Object
  • Object
show all
Defined in:
lib/zxcvbn/omnimatch.rb,
sig/zxcvbn/omnimatch.rbs

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Runs all registered matchers against a password and aggregates results.

Includes dictionary, l33t, spatial, digit, repeat, sequence, year, date, and reverse-dictionary matchers. User-supplied word lists are wrapped in transient matchers for each call to #matches.

Instance Method Summary collapse

Constructor Details

#initialize(data) ⇒ Omnimatch

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns a new instance of Omnimatch.

Parameters:

  • data (Data)

    loaded frequency lists and adjacency graphs



23
24
25
26
27
28
29
30
# File 'lib/zxcvbn/omnimatch.rb', line 23

def initialize(data)
  @data = data
  dicts = data.dictionaries
  @dictionary_matchers = dicts.ranked.map do |name, dictionary|
    Matchers::Dictionary.new(name, dictionary, dicts.tries[name]).freeze
  end.freeze
  @matchers = build_matchers.each(&:freeze).freeze
end

Instance Method Details

#build_matchersArray[untyped]

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns:

  • (Array[untyped])


94
95
96
97
98
99
100
101
102
103
104
# File 'lib/zxcvbn/omnimatch.rb', line 94

def build_matchers
  @dictionary_matchers + [
    Matchers::L33t.new(@dictionary_matchers),
    Matchers::Spatial.new(@data.adjacency_graphs),
    Matchers::Digits.new,
    Matchers::Repeat.new,
    Matchers::Sequences.new,
    Matchers::Year.new,
    Matchers::Date.new
  ]
end

#matches(password, user_inputs = [], reference_year: Time.now.year) ⇒ Array<MatchBuilder>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns all matches found in the password across every registered matcher.

Parameters:

  • password (String)

    the password to analyse

  • user_inputs (Array<String>) (defaults to: [])

    caller-supplied words to add as a dictionary

  • reference_year (Integer) (defaults to: Time.now.year)

    year used by the date matcher to pick the closest candidate; shared with the scorer so both phases agree even across midnight

  • reference_year: (Integer) (defaults to: Time.now.year)

Returns:



39
40
41
42
43
44
45
46
47
48
49
50
51
52
# File 'lib/zxcvbn/omnimatch.rb', line 39

def matches(password, user_inputs = [], reference_year: Time.now.year)
  user_dictionary =
    user_inputs.any? && Matchers::Dictionary.new('user_inputs', DictionaryRanker.rank_dictionary(user_inputs))
  matchers = @matchers + user_input_matchers(user_dictionary)
  all_matches = matchers.flat_map do |matcher|
    case matcher
    when Matchers::Date
      matcher.matches(password, reference_year:)
    else
      matcher.matches(password)
    end
  end
  all_matches + reverse_dictionary_matches(password, user_dictionary)
end

#reverse_dictionary_matches(password, user_dictionary) ⇒ Array<MatchBuilder>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Run dictionary matchers on the reversed password and flip match positions back to the original password's coordinate space.

This catches passwords like "drowssap" (reversed "password"). Each returned match has reversed: true and its token restored to the original (un-reversed) form.

Parameters:

  • password (String)

    the original password

  • user_dictionary (Matchers::Dictionary, nil)

    pre-built user input matcher

  • user_inputs (Array[untyped])

Returns:

  • (Array<MatchBuilder>)

    dictionary matches found in the reversed password



72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# File 'lib/zxcvbn/omnimatch.rb', line 72

def reverse_dictionary_matches(password, user_dictionary)
  reversed = password.reverse
  n = password.length

  matchers = @dictionary_matchers
  matchers += [user_dictionary] if user_dictionary

  matches = []
  matchers.each do |matcher|
    matcher.matches(reversed).each do |match|
      match.token    = match.token.reverse
      match.reversed = true
      old_i  = match.i
      old_j  = match.j
      match.i = n - 1 - old_j
      match.j = n - 1 - old_i
      matches << match
    end
  end
  matches
end

#user_input_matchers(user_dictionary) ⇒ Array[untyped]

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Parameters:

  • user_inputs (Array[untyped])

Returns:

  • (Array[untyped])


56
57
58
59
60
# File 'lib/zxcvbn/omnimatch.rb', line 56

def user_input_matchers(user_dictionary)
  return [] unless user_dictionary

  [user_dictionary, Matchers::L33t.new([user_dictionary])]
end