Module: Security::WeakPasswords
- Defined in:
- lib/security/weak_passwords.rb
Constant Summary collapse
- FORBIDDEN_WORDS =
These words are predictable in GitLab’s specific context, and therefore cannot occur anywhere within a password.
Set['gitlab', 'devops'].freeze
- MINIMUM_SUBSTRING_SIZE =
Substrings shorter than this may appear legitimately in a truly random password.
4
- PASSWORD_SUBSTRING_CHECK_MAX_LENGTH =
Passwords of 64+ characters are more likely to randomly include a forbidden substring.
This length was chosen somewhat arbitrarily, balancing security, usability, and skipping checks on ‘::User.random_password` which is 128 chars. See gitlab.com/gitlab-org/gitlab/-/merge_requests/105755
64
Class Method Summary collapse
-
.weak_for_user?(password, user) ⇒ Boolean
Returns true when the password is on a list of weak passwords, or contains predictable substrings derived from user attributes.
Class Method Details
.weak_for_user?(password, user) ⇒ Boolean
Returns true when the password is on a list of weak passwords, or contains predictable substrings derived from user attributes. Case insensitive.
24 25 26 27 28 29 30 |
# File 'lib/security/weak_passwords.rb', line 24 def weak_for_user?(password, user) forbidden_word_appears_in_password?(password) || name_appears_in_password?(password, user) || username_appears_in_password?(password, user) || email_appears_in_password?(password, user) || password_on_weak_list?(password) end |