Module: Security::WeakPasswords

Defined in:: lib/security/weak_passwords.rb

Constant Summary collapse

FORBIDDEN_WORDS = These words are predictable in GitLab’s specific context, and therefore cannot occur anywhere within a password.

Set['gitlab', 'devops'].freeze

MINIMUM_SUBSTRING_SIZE = Substrings shorter than this may appear legitimately in a truly random password.

PASSWORD_SUBSTRING_CHECK_MAX_LENGTH = Passwords of 64+ characters are more likely to randomly include a forbidden substring. This length was chosen somewhat arbitrarily, balancing security, usability, and skipping checks on ‘::User.random_password` which is 128 chars. See gitlab.com/gitlab-org/gitlab/-/merge_requests/105755

Class Method Summary collapse

.weak_for_user?(password, user) ⇒ Boolean

Returns true when the password is on a list of weak passwords, or contains predictable substrings derived from user attributes.

Class Method Details

.weak_for_user?(password, user) ⇒ `Boolean`

Returns true when the password is on a list of weak passwords, or contains predictable substrings derived from user attributes. Case insensitive.

Returns:

(Boolean)

# File 'lib/security/weak_passwords.rb', line 24

def weak_for_user?(password, user)
  forbidden_word_appears_in_password?(password) ||
    name_appears_in_password?(password, user) ||
    username_appears_in_password?(password, user) ||
    email_appears_in_password?(password, user) ||
    password_on_weak_list?(password)
end

Module: Security::WeakPasswords

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.weak_for_user?(password, user) ⇒ Boolean

.weak_for_user?(password, user) ⇒ `Boolean`