NAME
Data::Transpose::PasswordPolicy - Perl extension to enforce password policy
SYNOPSIS
use Data::Transpose::PasswordPolicy;
my %credentials = (username => "marco",
password => "My.very.very.5strong.pzwd"
);
my $pv = Data::Transpose::PasswordPolicy->new(\%credentials)
if (my $password = $pv->is_valid) {
print "$password is OK";
}
else {
die $pv->error
}
DESCRIPTION
This module enforces the password policy, doing a number of checking. The author reccomends to use passphrases instead of password, using some special character (like punctuation) as separator, with 4-5 words in mixed case and with numbers as a good measure.
You can add the policy to the constructor, where minlength
is the minimum password length, maxlength
is the maximum password and mindiffchars
is the minimum number of different characters in the password. Read below for patternlength
By default all checkings are enabled. If you want to configure the policy, pass an hashref assigning to the disabled checking a true value. This will leave only the length checks in place, which you can tweak with the accessors. For example:
my %validate = ( username => "marco",
password => "ciao",
minlength => 10,
maxlength => 50,
patternlength => 4,
mindiffchars => 5,
disabled => {
digits => 1,
mixed => 1,
}
my $pv = Data::Transpose::PasswordPolicy->new(\%validate)
$pv->is_valid ? "OK" : "not OK";
See below for the list of the available checkings.
Please note: the purpose of this module is not to try to crack the password provided, but to set a policy for the passwords, which should have some minimum standards, and could be used on web services to stop users to set trivial password (without keeping the server busy for seconds while we check it). Nothing more.
METHODS
new(\%credentials)
Create a new Data::Transpose::PasswordPolicy object using the credentials provided as hashref.
ACCESSORS
$obj->password($newpassword)
Set and return the new password. If no argument is provided, returns the current. It will strip leading and trailing spaces.
$obj->username($username)
Set and return the new username. If no argument is provided, returns the current. It will strip leading and trailing spaces.
$obj->password_length
It returns the length of the password;
$obj->minlength
Returns the minimum length required. If a numeric argument is provided, set that limit. Defaults to 255;
$obj->maxlength
As above, but for the maximum. Defaults to 12;
$obj->mindiffchars
As above, but set the minimum of different characters (to avoid things like 00000000000000000ciao00000000000.
Defaults to 6;
$obj->patternlength
As above, but set the length of the common patterns we will search in the password, like "abcd", or "1234", or "asdf". By default it's 3, so a password which merely contains "abc" will be discarded.
This option can also be set in the constructor.
Internal algorithms
All the following methods operate on $obj->password and return the message of the error if something if not OK, while returning false if nothing suspicious was found.
password_length_ok
Check if the password is in the range of permitted lengths.
password_has_username
Check if the password contains the username, even if obfuscated.
Disable keyword: username
password_has_common_password
Check if the password contains, even obfuscated, common password like "password" et similia.
Disable keyword: common
password_has_enough_different_char
Check if the password has enough different characters.
Disable keyword: varchars
password_has_mixed_chars
Check if the password has mixed cases
Disable keyword: mixed
password_has_specials
Check if the password has non-word characters
Disable keyword: specials
password_has_digits
Check if the password has digits
Disable keyword: digits
password_has_letters
Check if the password has letters
Disable keyword: letters
password_has_patterns
Check if the password contains usual patterns like 12345, abcd, or asdf (like in the qwerty keyboard).
Disable keyword: patterns
Main methods
$obj->is_valid
Return the password if matches the policy or a false value if not.
For convenience, this method can accept the password to validate as argument, which will overwrite the one provided with the password
method (if it was set).
$obj->error
With argument, set the error. Without, return the errors found in the password.
In list context, we pass the array with the error codes and the strings. In scalar context, we return the concatenated error strings.
Inherited from Data::Transpose::Validator::Base;
error_codes
Return a list of the error codes found in the password. The error codes match the options. (e.g. mixed
, patterns
).
If you want the verbose string, you need the error
method.
$obj->reset_errors
Clear the object from previous errors, in case you want to reuse it.
$obj->disable("mixed", "letters", "digits", [...])
Disable the checking(s) passed as list of strings.
$obj->enable("mixed", "letters", [...])
Same as above, but enable the checking
$obj->is_disabled("checking")
Return true if the checking is disable.
EXPORT
None by default.
SEE ALSO
AUTHOR
Marco Pessotto, <melmothx@gmail.com>
COPYRIGHT AND LICENSE
Copyright (C) 2013 by Marco Pessotto
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.16.2 or, at your option, any later version of Perl 5 you may have available.