		@@ -1,155 +0,171 @@
		(function(exports) {
		/* globals define */
		(function (root, factory) {

		if (typeof define === 'function' && define.amd) {
		define([], factory);
		} else if (typeof exports === 'object') {
		module.exports = factory();
		} else {
		root.owaspPasswordStrengthTest = factory();
		}

		// These are configuration settings that will be used when testing password
		// strength
		exports.configs = {
		allowPassphrases : true,
		maxLength : 128,
		minLength : 10,
		minPhraseLength : 20,
		minOptionalTestsToPass : 4,
		};
		}(this, function () {

		// This method makes it more convenient to set config parameters
		exports.config = function(params) {
		for (var prop in params) {
		if (params.hasOwnProperty(prop) && this.configs.hasOwnProperty(prop)) {
		this.configs[prop] = params[prop];
		}
		}
		};
		var owasp = {};

		// This is an object containing the tests to run against all passwords.
		exports.tests = {
		// These are configuration settings that will be used when testing password
		// strength
		owasp.configs = {
		allowPassphrases : true,
		maxLength : 128,
		minLength : 10,
		minPhraseLength : 20,
		minOptionalTestsToPass : 4,
		};

		// An array of required tests. A password must pass these tests in order
		// to be considered strong.
		required: [
		// enforce a minimum length
		function(password) {
		if (password.length < exports.configs.minLength) {
		return 'The password must be at least ' + exports.configs.minLength + ' characters long.';
		// This method makes it more convenient to set config parameters
		owasp.config = function(params) {
		for (var prop in params) {
		if (params.hasOwnProperty(prop) && this.configs.hasOwnProperty(prop)) {
		this.configs[prop] = params[prop];
		}
		},

		// enforce a maximum length
		function(password) {
		if (password.length > exports.configs.maxLength) {
		return 'The password must be fewer than ' + exports.configs.maxLength + ' characters.';
		}
		},
		}
		};

		// forbid repeating characters
		function(password) {
		if (/(.)\1{2,}/.test(password)) {
		return 'The password may not contain sequences of three or more repeated characters.';
		}
		},
		],
		// This is an object containing the tests to run against all passwords.
		owasp.tests = {

		// An array of optional tests. These tests are "optional" in two senses:
		//
		// 1. Passphrases (passwords whose length exceeds
		// this.configs.minPhraseLength) are not obligated to pass these tests
		// provided that this.configs.allowPassphrases is set to Boolean true
		// (which it is by default).
		//
		// 2. A password need only to pass this.configs.minOptionalTestsToPass
		// number of these optional tests in order to be considered strong.
		optional: [
		// An array of required tests. A password must pass these tests in order
		// to be considered strong.
		required: [
		// enforce a minimum length
		function(password) {
		if (password.length < owasp.configs.minLength) {
		return 'The password must be at least ' + owasp.configs.minLength + ' characters long.';
		}
		},

		// require at least one lowercase letter
		function(password) {
		if (!/[a-z]/.test(password)) {
		return 'The password must contain at least one lowercase letter.';
		}
		},
		// enforce a maximum length
		function(password) {
		if (password.length > owasp.configs.maxLength) {
		return 'The password must be fewer than ' + owasp.configs.maxLength + ' characters.';
		}
		},

		// require at least one uppercase letter
		function(password) {
		if (!/[A-Z]/.test(password)) {
		return 'The password must contain at least one uppercase letter.';
		}
		},
		// forbid repeating characters
		function(password) {
		if (/(.)\1{2,}/.test(password)) {
		return 'The password may not contain sequences of three or more repeated characters.';
		}
		},
		],

		// require at least one number
		function(password) {
		if (!/[0-9]/.test(password)) {
		return 'The password must contain at least one number.';
		}
		},
		// An array of optional tests. These tests are "optional" in two senses:
		//
		// 1. Passphrases (passwords whose length exceeds
		// this.configs.minPhraseLength) are not obligated to pass these tests
		// provided that this.configs.allowPassphrases is set to Boolean true
		// (which it is by default).
		//
		// 2. A password need only to pass this.configs.minOptionalTestsToPass
		// number of these optional tests in order to be considered strong.
		optional: [

		// require at least one special character
		function(password) {
		if (!/[^A-Za-z0-9 ]/.test(password)) {
		return 'The password must contain at least one special character.';
		}
		},
		],
		};
		// require at least one lowercase letter
		function(password) {
		if (!/[a-z]/.test(password)) {
		return 'The password must contain at least one lowercase letter.';
		}
		},

		// This method tests password strength
		exports.test = function(password) {
		// require at least one uppercase letter
		function(password) {
		if (!/[A-Z]/.test(password)) {
		return 'The password must contain at least one uppercase letter.';
		}
		},

		// create an object to store the test results
		var result = {
		errors : [],
		failedTests : [],
		passedTests : [],
		isPassphrase : false,
		strong : true,
		optionalTestsPassed : 0,
		// require at least one number
		function(password) {
		if (!/[0-9]/.test(password)) {
		return 'The password must contain at least one number.';
		}
		},

		// require at least one special character
		function(password) {
		if (!/[^A-Za-z0-9 ]/.test(password)) {
		return 'The password must contain at least one special character.';
		}
		},
		],
		};

		// Always submit the password/passphrase to the required tests
		var i = 0;
		this.tests.required.forEach(function(test) {
		var err = test(password);
		if (typeof err === 'string') {
		result.strong = false;
		result.errors.push(err);
		result.failedTests.push(i);
		} else {
		result.passedTests.push(i);
		}
		i++;
		});

		// If configured to allow passphrases, and if the password is of a
		// sufficient length to consider it a passphrase, exempt it from the
		// optional tests.
		if (
		this.configs.allowPassphrases === true &&
		password.length >= this.configs.minPhraseLength
		) {
		result.isPassphrase = true;
		}
		// This method tests password strength
		owasp.test = function(password) {

		if (!result.isPassphrase) {
		var j = this.tests.required.length;
		this.tests.optional.forEach(function(test) {
		// create an object to store the test results
		var result = {
		errors : [],
		failedTests : [],
		passedTests : [],
		isPassphrase : false,
		strong : true,
		optionalTestsPassed : 0,
		};

		// Always submit the password/passphrase to the required tests
		var i = 0;
		this.tests.required.forEach(function(test) {
		var err = test(password);
		if (typeof err === 'string') {
		result.strong = false;
		result.errors.push(err);
		result.failedTests.push(j);
		result.failedTests.push(i);
		} else {
		result.optionalTestsPassed++;
		result.passedTests.push(j);
		result.passedTests.push(i);
		}
		j++;
		i++;
		});
		}

		// If the password is not a passphrase, assert that it has passed a
		// sufficient number of the optional tests, per the configuration
		if (
		!result.isPassphrase &&
		result.optionalTestsPassed < this.configs.minOptionalTestsToPass
		) {
		result.strong = false;
		}
		// If configured to allow passphrases, and if the password is of a
		// sufficient length to consider it a passphrase, exempt it from the
		// optional tests.
		if (
		this.configs.allowPassphrases === true &&
		password.length >= this.configs.minPhraseLength
		) {
		result.isPassphrase = true;
		}

		// return the result
		return result;
		};
		})(typeof exports === 'undefined' ? window.owaspPasswordStrengthTest = {} : exports );
		if (!result.isPassphrase) {
		var j = this.tests.required.length;
		this.tests.optional.forEach(function(test) {
		var err = test(password);
		if (typeof err === 'string') {
		result.errors.push(err);
		result.failedTests.push(j);
		} else {
		result.optionalTestsPassed++;
		result.passedTests.push(j);
		}
		j++;
		});
		}

		// If the password is not a passphrase, assert that it has passed a
		// sufficient number of the optional tests, per the configuration
		if (
		!result.isPassphrase &&
		result.optionalTestsPassed < this.configs.minOptionalTestsToPass
		) {
		result.strong = false;
		}

		// return the result
		return result;
		};

		return owasp;
		}
		));

package.json

		{
		"name": "owasp-password-strength-test",
		"version": "1.1.0",
		"version": "1.2.0",
		"description": "A password-strength tester based upon the OWASP guidelines for enforcing strong passwords.",
		"main": "owasp-password-strength-test.js",
		"devDependencies": {
		"coffee-script": "1.7.1",
		"grunt-contrib-jshint": "0.8.0",
		"grunt-mocha-test": "0.9.0",
		"jshint": "2.6.3",
		"mocha": "2.2.4",
		"should": "3.1.2"
		},
		"directories": {
		"test": "test"
		},
		"jshintConfig": {
		"expr": true,
		"laxbreak": true
		},
		"scripts": {
		"test": "test"
		"test": "mocha --recursive --reporter spec test.js",
		"lint": "jshint *.js"
		},
		"repository": {
		"type": "git",
		"url": "https://github.com/viaforensics/owasp-password-strength-test.git"
		"url": "https://github.com/nowsecure/owasp-password-strength-test.git"
		},
		@@ -22,0 +23,0 @@ "keywords": [

Gruntfile.js

test.coffee

owasp-password-strength-test - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics