DGNum/demarches-normaliennes
15
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

inject more french dictionnaries to zxcvbn lib

Browse source
This commit is contained in:
Lisa Durand 2024-09-16 14:58:37 +02:00
parent 3a3993f2e1
commit fdb2ebd5d1
No known key found for this signature in database
GPG key ID: 0DF91F2CA1E8B816
12 changed files with 6430 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
config/initializers/zxcvbn.rb
View file

@ -1,9 +1,12 @@
# frozen_string_literal: true # frozen_string_literal: true
path = Rails.root.join("config/words_fr_frequency_list.txt") new_frequency_lists = ['words_fr', 'passwords_fr', 'surnames_fr', 'female_names_fr', 'male_names_fr'].index_with do |n|
lines = path.readlines.map(&:strip) Zxcvbn.file_enumerator(Rails.root.join("config/zxcvbn_frequency_lists/#{n}.txt"))
filename = File.basename(path, ".*") end
new_ranked_dictionary = new_frequency_lists.transform_values do |lst|
Zxcvbn::Matching.build_ranked_dict(lst)
end
new_ranked_dictionary = Hash[filename, Zxcvbn::Matching.build_ranked_dict(lines)]
# Zxcvbn::Matching::RANKED_DICTIONARIES.merge! new_ranked_dictionary # Zxcvbn::Matching::RANKED_DICTIONARIES.merge! new_ranked_dictionary
Zxcvbn::Matching::RANKED_DICTIONARIES = new_ranked_dictionary Zxcvbn::Matching::RANKED_DICTIONARIES = new_ranked_dictionary

4
config/words_fr_frequency_list.txt
View file

@ -1,4 +0,0 @@
password
00000000
test
azerty

100
config/zxcvbn_frequency_lists/female_names_fr.txt Normal file
View file

@ -0,0 +1,100 @@
Marie
Julie
Camille
Emilie
Aurélie
Léa
Manon
Elodie
Laura
Sarah
Chloé
Pauline
Anaïs
Céline
Audrey
Marine
Marion
Mélanie
Emma
Lucie
Mathilde
Charlotte
Amandine
Stéphanie
Sophie
Laetitia
Justine
Clara
Océane
Caroline
Inès
Claire
Amélie
Virginie
Morgane
Sabrina
Jessica
Fanny
Jade
Juliette
Mélissa
Jennifer
Eva
Vanessa
Cindy
Lisa
Louise
Alexandra
Clémence
Alice
Lola
Aurore
Cécile
Elise
Delphine
Noemie
Margaux
Coralie
Hélène
Célia
Maeva
Angelique
Romane
Sandra
Estelle
Adeline
Alicia
Zoé
Sandrine
Jeanne
Laure
Elisa
Christell
Anne
Léna
Nathalie
Margot
Julia
Ludivine
Ophélie
Sonia
Elsa
Agathe
Myriam
Emmanuelle
Lilou
Alexia
Charlène
Emeline
Marina
Ambre
Gaelle
Lina
Anna
Lou
Isabelle
Solène
Laurie
Nina
Maelys

100
config/zxcvbn_frequency_lists/male_names_fr.txt Normal file
View file

@ -0,0 +1,100 @@
Nicolas
Julien
Thomas
Alexandre
Maxime
Romain
Guillaume
Anthony
Kevin
Antoine
Lucas
Sébastien
Clément
Benjamin
Pierre
Mathieu
Quentin
Florian
Vincent
Alexis
David
Hugo
Jeremy
Théo
Jonathan
Damien
Adrien
Enzo
Valentin
Louis
Nathan
Paul
Baptiste
Mickael
Cedric
Raphaël
Arthur
Christophe
Loïc
Aurélien
Léo
Arnaud
Matthieu
Fabien
Tom
Mathis
Dylan
Axel
Ludovic
Jerome
Benoît
Simon
Gabriel
Frédéric
Olivier
Rémi
Samuel
Jules
Stéphane
Sylvain
Mohamed
Jean
Victor
Jordan
François
Corentin
Gregory
Cyril
Bastien
Florent
Yanis
Thibault
Maxence
Yann
Laurent
Michael
Mathéo
Martin
Gaëtan
Mehdi
Robin
William
Christopher
Ethan
Noah
Charles
Emmanuel
Xavier
Adam
Tristan
Yoann
Tony
Marc
Dimitri
Thibaut
Rémy
Evan
Steven
Dorian
Franck

1000
config/zxcvbn_frequency_lists/passwords_fr.txt Normal file
View file

File diff suppressed because it is too large Load diff

200
config/zxcvbn_frequency_lists/surnames_fr.txt Normal file
View file

@ -0,0 +1,200 @@
Martin
Bernard
Thomas
Petit
Robert
Richard
Dubois
Durand
Moreau
Laurent
Simon
Michel
Lefebvre
Leroy
David
Roux
Morel
Bertrand
Fournier
Girard
Fontaine
Lambert
Dupont
Bonnet
Rousseau
Vincent
Muller
Lefevre
Faure
Andre
Mercier
Guerin
Garcia
Boyer
Blanc
Garnier
Chevalier
Francois
Legrand
Gauthier
Perrin
Robin
Clement
Morin
Henry
Nicolas
Roussel
Gautier
Mathieu
Masson
Duval
Marchand
Denis
Lemaire
Dumont
Marie
Noel
Meyer
Dufour
Meunier
Martinez
Blanchard
Brun
Riviere
Lucas
Joly
Giraud
Brunet
Gaillard
Barbier
Gerard
Arnaud
Renard
Roche
Schmitt
Roy
Leroux
Caron
Colin
Vidal
Picard
Roger
Fabre
Aubert
Lemoine
Renaud
Dumas
Payet
Olivier
Lacroix
Philippe
Pierre
Bourgeois
Lopez
Benoit
Leclerc
Rey
Leclercq
Sanchez
Lecomte
Rolland
Guillaume
Jean
Hubert
Dupuy
Carpentier
Guillot
Berger
Perez
Dupuis
Louis
Moulin
Deschamps
Vasseur
Huet
Boucher
Fernandez
Fleury
Adam
Royer
Paris
Jacquet
Klein
Poirier
Charles
Aubry
Guyot
Carre
Renault
Menard
Maillard
Charpentier
Marty
Bertin
Baron
Da Silva
Bailly
Herve
Schneider
Le Gall
Collet
Leger
Bouvier
Julien
Prevost
Millet
Le Roux
Daniel
Perrot
Cousin
Germain
Breton
Rodriguez
Langlois
Remy
Besson
Leveque
Le Goff
Pelletier
Leblanc
Barre
Lebrun
Grondin
Perrier
Marchal
Weber
Boulanger
Mallet
Hamon
Jacob
Monnier
Michaud
Guichard
Poulain
Etienne
Gillet
Hoarau
Tessier
Chevallier
Collin
Lemaitre
Benard
Chauvin
Bouchet
Marechal
Gay
Humbert
Gonzalez
Antoine
Perret
Reynaud
Cordier
Lejeune
Barthelemy
Delaunay
Carlier
Pichon
Pasquier
Lamy
Gilbert

4999
config/zxcvbn_frequency_lists/words_fr.txt Normal file
View file

File diff suppressed because it is too large Load diff

4
spec/controllers/password_complexity_controller_spec.rb
View file

@ -3,7 +3,7 @@
describe PasswordComplexityController, type: :controller do describe PasswordComplexityController, type: :controller do
describe '#show' do describe '#show' do
let(:params) do let(:params) do
{ user: { password: 'moderately complex password' } } { user: { password: 'motDePasseTropFacile' } }
end end
subject { get :show, format: :turbo_stream, params: params } subject { get :show, format: :turbo_stream, params: params }
@ -15,7 +15,7 @@ describe PasswordComplexityController, type: :controller do
context 'with a different resource name' do context 'with a different resource name' do
let(:params) do let(:params) do
{ super_admin: { password: 'moderately complex password' } } { super_admin: { password: 'motDePasseTropFacile' } }
end end
it 'computes a password score' do it 'computes a password score' do

2
spec/models/user_spec.rb
View file

@ -390,7 +390,7 @@ describe User, type: :model do
# 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8) # 2 - somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10) # 3 - safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10) # 4 - very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)
passwords = ['000000000000', '123456789123', 'megapass2024', 'lesdémarches', '{My-$3cure-p4ssWord}'] passwords = ['000000000000', '123456789123', '123456789 123', 'lesdémarches', '{My-$3cure-p4ssWord}']
min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN min_complexity = PASSWORD_COMPLEXITY_FOR_ADMIN
subject do subject do

15
spec/services/zxcvbn_service_spec.rb
View file

@ -1,7 +1,7 @@
# frozen_string_literal: true # frozen_string_literal: true
describe ZxcvbnService do describe ZxcvbnService do
let(:password) { 'medium-strength-password' } let(:password) { SECURE_PASSWORD }
subject(:service) { ZxcvbnService.new(password) } subject(:service) { ZxcvbnService.new(password) }
describe '#score' do describe '#score' do
@ -10,9 +10,16 @@ describe ZxcvbnService do
end end
end end
describe '#complexity' do describe '#complexity for strong password' do
it 'returns the password score, vulnerability and length' do it 'returns the password score and length' do
expect(service.complexity).to eq [4, 24] expect(service.complexity).to eq [4, 20]
end
end
describe '#complexity for not strong password' do
let(:password) { 'motdepassefrançais' }
it 'returns the password score and length' do
expect(service.complexity).to eq [1, 18]
end end
end end

8
spec/system/users/managing_password_spec.rb
View file

@ -33,7 +33,7 @@ describe 'Managing password:', js: true do
context 'for admins' do context 'for admins' do
let(:administrateur) { administrateurs(:default_admin) } let(:administrateur) { administrateurs(:default_admin) }
let(:user) { administrateur.user } let(:user) { administrateur.user }
let(:weak_password) { '12345678' } let(:weak_password) { '000000000000' }
let(:strong_password) { 'a new, long, and complicated password!' } let(:strong_password) { 'a new, long, and complicated password!' }
scenario 'an admin can reset their password' do scenario 'an admin can reset their password' do
@ -72,7 +72,7 @@ describe 'Managing password:', js: true do
context 'for super-admins' do context 'for super-admins' do
let(:super_admin) { create(:super_admin) } let(:super_admin) { create(:super_admin) }
let(:weak_password) { '12345678' } let(:weak_password) { '000000000000' }
let(:strong_password) { 'a new, long, and complicated password!' } let(:strong_password) { 'a new, long, and complicated password!' }
scenario 'a super-admin can reset their password' do scenario 'a super-admin can reset their password' do
@ -109,8 +109,8 @@ describe 'Managing password:', js: true do
visit edit_user_password_path(reset_password_token: 'invalid-password-token') visit edit_user_password_path(reset_password_token: 'invalid-password-token')
expect(page).to have_content 'Changement de mot de passe' expect(page).to have_content 'Changement de mot de passe'
fill_in 'user_password', with: 'SomePassword' fill_in 'user_password', with: SECURE_PASSWORD
fill_in 'user_password_confirmation', with: 'SomePassword' fill_in 'user_password_confirmation', with: SECURE_PASSWORD
click_on 'Changer le mot de passe' click_on 'Changer le mot de passe'
expect(page).to have_content('Votre lien de nouveau mot de passe a expiré') expect(page).to have_content('Votre lien de nouveau mot de passe a expiré')
end end

12
spec/system/users/sign_up_spec.rb
View file

@ -1,6 +1,6 @@
# frozen_string_literal: true # frozen_string_literal: true
describe 'Signing up:' do describe 'Signing up:', js: true do
let(:user_email) { generate :user_email } let(:user_email) { generate :user_email }
let(:user_password) { SECURE_PASSWORD } let(:user_password) { SECURE_PASSWORD }
let(:procedure) { create :simple_procedure, :with_service } let(:procedure) { create :simple_procedure, :with_service }
@ -24,7 +24,7 @@ describe 'Signing up:' do
click_on "Créer un compte #{APPLICATION_NAME}" click_on "Créer un compte #{APPLICATION_NAME}"
expect(page).to have_selector('.suspect-email', visible: false) expect(page).to have_selector('.suspect-email', visible: false)
fill_in 'Adresse électronique', with: 'bidou@yahoo.rf' fill_in 'Adresse électronique', with: 'bidou@yahoo.rf'
fill_in 'Mot de passe', with: '12345' fill_in 'Mot de passe', with: '1 2 3 4 5 6 '
end end
scenario 'they can accept the suggestion', js: true do scenario 'they can accept the suggestion', js: true do
@ -51,12 +51,12 @@ describe 'Signing up:' do
scenario 'a new user cant sign-up with too short password when visiting a procedure' do scenario 'a new user cant sign-up with too short password when visiting a procedure' do
visit commencer_path(path: procedure.path) visit commencer_path(path: procedure.path)
click_on "Créer un compte #{APPLICATION_NAME}" click_on 'Créer un compte'
expect(page).to have_current_path new_user_registration_path expect(page).to have_current_path new_user_registration_path
sign_up_with user_email, '1234567' fill_in :user_email, with: user_email
expect(page).to have_current_path user_registration_path fill_in :user_password, with: '1234567'
expect(page).to have_content "Le champ « Mot de passe » est trop court. Saisir un mot de passe avec au moins 12 caractères" expect(page).to have_content "Le mot de passe doit faire au moins 12 caractères."
# Then with a good password # Then with a good password
sign_up_with user_email, user_password sign_up_with user_email, user_password