From 5f21ee93f70719cf5c97d9e0cb5570571e8f5533 Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Sat, 14 Dec 2019 00:47:12 +0530 Subject: [PATCH 1/7] Password strength meter endpoints added --- passwordstrengthmeter/doc.go | 30 ++++++++++ passwordstrengthmeter/handler.go | 84 +++++++++++++++++++++++++++ passwordstrengthmeter/handler_test.go | 56 ++++++++++++++++++ 3 files changed, 170 insertions(+) create mode 100644 passwordstrengthmeter/doc.go create mode 100644 passwordstrengthmeter/handler.go create mode 100644 passwordstrengthmeter/handler_test.go diff --git a/passwordstrengthmeter/doc.go b/passwordstrengthmeter/doc.go new file mode 100644 index 00000000..d11aeb06 --- /dev/null +++ b/passwordstrengthmeter/doc.go @@ -0,0 +1,30 @@ +/* + * Copyright © 2015-2018 Aeneas Rekkas + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @author Aeneas Rekkas + * @copyright 2015-2018 Aeneas Rekkas + * @license Apache-2.0 + */ + +// Package healthx providers helpers for returning health status information via HTTP. +package passwordstrengthmeter + +// swagger:model healthStatus +type swaggerPasswordStrengthMeter struct { + // Status always contains "ok". + Score string `json:"score"` +} + + diff --git a/passwordstrengthmeter/handler.go b/passwordstrengthmeter/handler.go new file mode 100644 index 00000000..84b0493c --- /dev/null +++ b/passwordstrengthmeter/handler.go @@ -0,0 +1,84 @@ +/* + * Copyright © 2015-2018 Aeneas Rekkas + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @author Aeneas Rekkas + * @copyright 2015-2018 Aeneas Rekkas + * @license Apache-2.0 + */ + +package passwordstrengthmeter + +import ( + "net/http" + + "github.com/julienschmidt/httprouter" + + "github.com/ory/herodot" +) + +const ( + // PasswordStrengthPath is the path where you can check strength of password + PasswordStrengthPath = "/password/strength/meter" +) + +// RoutesToObserve returns a string of all the available routes of this module. +func RoutesToObserve() []string { + return []string{ + PasswordStrengthPath, + } +} + +// Handler handles HTTP requests to password strength . +type Handler struct { + H herodot.Writer + VersionString string +} + +// NewHandler instantiates a handler. +func NewHandler( + h herodot.Writer, + version string, +) *Handler { + return &Handler{ + H: h, + VersionString: version, + } +} + +// SetRoutes registers this handler's routes. +func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { + r.POST(PasswordStrengthPath, h.PasswordStrengthPath) +} + +// PasswordStrengthPath returns a number from 0-10 +// +// swagger:route GET /password/strength/meter strength of a password +// +// Check password strength +// +// This endpoint returns a 200 status code when the HTTP server is up running. +// +// +// +// Produces: +// - application/json +// +// Responses: +// 200: passwordStrength +// 500: genericError +func (h *Handler) PasswordStrengthPath(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { + +} + diff --git a/passwordstrengthmeter/handler_test.go b/passwordstrengthmeter/handler_test.go new file mode 100644 index 00000000..f34db88c --- /dev/null +++ b/passwordstrengthmeter/handler_test.go @@ -0,0 +1,56 @@ +/* + * Copyright © 2015-2018 Aeneas Rekkas + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @author Aeneas Rekkas + * @Copyright 2017-2018 Aeneas Rekkas + * @license Apache-2.0 + */ + +package passwordstrengthmeter + +import ( + "encoding/json" + "errors" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + + "github.com/julienschmidt/httprouter" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + "github.com/ory/herodot" +) + +func TestPasswordStrengthMeter(t *testing.T) { + alive := errors.New("not alive") + handler := &Handler{ + H: herodot.NewJSONWriter(nil), + VersionString: "test version", + } + router := httprouter.New() + handler.SetRoutes(router, true) + ts := httptest.NewServer(router) + c := http.DefaultClient + + var passwordStrengthPath swaggerPasswordStrengthMeter + response, err := c.Get(ts.URL + PasswordStrengthPath) + require.NoError(t, err) + require.EqualValues(t, http.StatusOK, response.StatusCode) + require.NoError(t, json.NewDecoder(response.Body).Decode(&passwordStrengthPath)) + // TO-DO : Write logic to verify test + +} From e2594ad498c0f99e953a81d2f91b29b3768204ad Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Sat, 14 Dec 2019 00:59:22 +0530 Subject: [PATCH 2/7] Add zxcvbn-go package to go.mod --- go.mod | 1 + go.sum | 2 ++ passwordstrengthmeter/doc.go | 11 +++++++++-- passwordstrengthmeter/handler.go | 12 +++++++++++- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a9fb6219..7d84b1ec 100644 --- a/go.mod +++ b/go.mod @@ -27,6 +27,7 @@ require ( github.com/luna-duclos/instrumentedsql v1.1.2 github.com/mattn/goveralls v0.0.2 github.com/mitchellh/go-homedir v1.1.0 + github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d github.com/opencontainers/go-digest v1.0.0-rc1 // indirect github.com/opencontainers/image-spec v1.0.1 // indirect github.com/opencontainers/runc v0.1.1 // indirect diff --git a/go.sum b/go.sum index 508770af..75fb0732 100644 --- a/go.sum +++ b/go.sum @@ -390,6 +390,8 @@ github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwd github.com/monoculum/formam v0.0.0-20180901015400-4e68be1d79ba/go.mod h1:RKgILGEJq24YyJ2ban8EO0RUVSJlF1pGsEvoLEACr/Q= github.com/moul/http2curl v0.0.0-20170919181001-9ac6cf4d929b/go.mod h1:8UbvGypXm98wA/IqH45anm5Y2Z6ep6O31QGOAZ3H0fQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E= +github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= github.com/nicksnyder/go-i18n v1.10.0/go.mod h1:HrK7VCrbOvQoUAQ7Vpy7i87N7JZZZ7R2xBGjv0j365Q= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/oleiade/reflections v1.0.0 h1:0ir4pc6v8/PJ0yw5AEtMddfXpWBXg9cnG7SgSoJuCgY= diff --git a/passwordstrengthmeter/doc.go b/passwordstrengthmeter/doc.go index d11aeb06..c4e55790 100644 --- a/passwordstrengthmeter/doc.go +++ b/passwordstrengthmeter/doc.go @@ -18,13 +18,20 @@ * @license Apache-2.0 */ -// Package healthx providers helpers for returning health status information via HTTP. +// Package passwordstrengthmeter providers helpers for returning password strength information via HTTP. package passwordstrengthmeter -// swagger:model healthStatus +// swagger:model PasswordStrengthMeter type swaggerPasswordStrengthMeter struct { // Status always contains "ok". Score string `json:"score"` } +// swagger:model PasswordStrengthMeter Body +type swaggerPasswordStrengthMeterBody struct { + // Status always contains "ok". + Password string `json:"password"` +} + + diff --git a/passwordstrengthmeter/handler.go b/passwordstrengthmeter/handler.go index 84b0493c..bb69261d 100644 --- a/passwordstrengthmeter/handler.go +++ b/passwordstrengthmeter/handler.go @@ -26,6 +26,12 @@ import ( "github.com/julienschmidt/httprouter" "github.com/ory/herodot" + + "github.com/pkg/errors" + + "github.com/ory/x/jsonx" + + "github.com/nbutton23/zxcvbn-go" ) const ( @@ -79,6 +85,10 @@ func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { // 200: passwordStrength // 500: genericError func (h *Handler) PasswordStrengthPath(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { - + var p swaggerPasswordStrengthMeterBody + if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&p)); err != nil { + h.r.Writer().WriteError(w, r, err) + return + } } From b2f438bb5045ef5af7f96b2ec7fcad3a201b6337 Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Sat, 14 Dec 2019 01:19:44 +0530 Subject: [PATCH 3/7] Typo error fix --- passwordstrengthmeter/handler.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/passwordstrengthmeter/handler.go b/passwordstrengthmeter/handler.go index bb69261d..e6e97b4f 100644 --- a/passwordstrengthmeter/handler.go +++ b/passwordstrengthmeter/handler.go @@ -65,10 +65,10 @@ func NewHandler( // SetRoutes registers this handler's routes. func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { - r.POST(PasswordStrengthPath, h.PasswordStrengthPath) + r.POST(PasswordStrengthPath, h.PasswordStrength) } -// PasswordStrengthPath returns a number from 0-10 +// PasswordStrength returns a number from 0-10 // // swagger:route GET /password/strength/meter strength of a password // @@ -84,7 +84,7 @@ func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { // Responses: // 200: passwordStrength // 500: genericError -func (h *Handler) PasswordStrengthPath(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { +func (h *Handler) PasswordStrength(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { var p swaggerPasswordStrengthMeterBody if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&p)); err != nil { h.r.Writer().WriteError(w, r, err) From 58ac04b1961a033f97b72591f16eb9a47d793022 Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Sat, 14 Dec 2019 01:21:25 +0530 Subject: [PATCH 4/7] Typo error fix --- passwordstrengthmeter/handler_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/passwordstrengthmeter/handler_test.go b/passwordstrengthmeter/handler_test.go index f34db88c..1ff49b86 100644 --- a/passwordstrengthmeter/handler_test.go +++ b/passwordstrengthmeter/handler_test.go @@ -46,11 +46,11 @@ func TestPasswordStrengthMeter(t *testing.T) { ts := httptest.NewServer(router) c := http.DefaultClient - var passwordStrengthPath swaggerPasswordStrengthMeter + var passwordStrengthh swaggerPasswordStrengthMeter response, err := c.Get(ts.URL + PasswordStrengthPath) require.NoError(t, err) require.EqualValues(t, http.StatusOK, response.StatusCode) - require.NoError(t, json.NewDecoder(response.Body).Decode(&passwordStrengthPath)) + require.NoError(t, json.NewDecoder(response.Body).Decode(&passwordStrengthh)) // TO-DO : Write logic to verify test } From 43cdc27ea603cda51c1d3042776493da759114b1 Mon Sep 17 00:00:00 2001 From: Yuvraj <10830562+evalsocket@users.noreply.github.com> Date: Sat, 14 Dec 2019 01:58:55 +0530 Subject: [PATCH 5/7] Remove version from the route --- passwordstrengthmeter/handler.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/passwordstrengthmeter/handler.go b/passwordstrengthmeter/handler.go index e6e97b4f..bbe2b9e6 100644 --- a/passwordstrengthmeter/handler.go +++ b/passwordstrengthmeter/handler.go @@ -49,17 +49,14 @@ func RoutesToObserve() []string { // Handler handles HTTP requests to password strength . type Handler struct { H herodot.Writer - VersionString string } // NewHandler instantiates a handler. func NewHandler( h herodot.Writer, - version string, ) *Handler { return &Handler{ H: h, - VersionString: version, } } From 55ef9cc966dff96900443ca20383e60f921c4288 Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Thu, 19 Dec 2019 04:09:12 +0530 Subject: [PATCH 6/7] Password Check Logic added --- passwordstrengthmeter/doc.go | 5 +---- passwordstrengthmeter/handler.go | 29 +++++++++------------------ passwordstrengthmeter/handler_test.go | 19 ++++++++++-------- 3 files changed, 22 insertions(+), 31 deletions(-) diff --git a/passwordstrengthmeter/doc.go b/passwordstrengthmeter/doc.go index c4e55790..841cc782 100644 --- a/passwordstrengthmeter/doc.go +++ b/passwordstrengthmeter/doc.go @@ -24,14 +24,11 @@ package passwordstrengthmeter // swagger:model PasswordStrengthMeter type swaggerPasswordStrengthMeter struct { // Status always contains "ok". - Score string `json:"score"` + Score int `json:"score"` } - // swagger:model PasswordStrengthMeter Body type swaggerPasswordStrengthMeterBody struct { // Status always contains "ok". Password string `json:"password"` } - - diff --git a/passwordstrengthmeter/handler.go b/passwordstrengthmeter/handler.go index e6e97b4f..fff699c2 100644 --- a/passwordstrengthmeter/handler.go +++ b/passwordstrengthmeter/handler.go @@ -30,36 +30,26 @@ import ( "github.com/pkg/errors" "github.com/ory/x/jsonx" - + "github.com/nbutton23/zxcvbn-go" ) const ( // PasswordStrengthPath is the path where you can check strength of password - PasswordStrengthPath = "/password/strength/meter" + PasswordStrengthPath = "/passwordstrength/meter" ) -// RoutesToObserve returns a string of all the available routes of this module. -func RoutesToObserve() []string { - return []string{ - PasswordStrengthPath, - } -} - // Handler handles HTTP requests to password strength . type Handler struct { H herodot.Writer - VersionString string } // NewHandler instantiates a handler. func NewHandler( h herodot.Writer, - version string, ) *Handler { return &Handler{ H: h, - VersionString: version, } } @@ -68,11 +58,11 @@ func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { r.POST(PasswordStrengthPath, h.PasswordStrength) } -// PasswordStrength returns a number from 0-10 +// PasswordStrength returns a number from 0-10 // // swagger:route GET /password/strength/meter strength of a password // -// Check password strength +// Check password strength // // This endpoint returns a 200 status code when the HTTP server is up running. // @@ -85,10 +75,11 @@ func (h *Handler) SetRoutes(r *httprouter.Router, shareErrors bool) { // 200: passwordStrength // 500: genericError func (h *Handler) PasswordStrength(rw http.ResponseWriter, r *http.Request, _ httprouter.Params) { - var p swaggerPasswordStrengthMeterBody - if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&p)); err != nil { - h.r.Writer().WriteError(w, r, err) + passwordStrengthMeterResponse := swaggerPasswordStrengthMeter{} + passwordStrengthBody := swaggerPasswordStrengthMeterBody{} + if err := errors.WithStack(jsonx.NewStrictDecoder(r.Body).Decode(&passwordStrengthBody)); err != nil { + passwordStrengthMeterResponse.Score = zxcvbn.PasswordStrength(passwordStrengthBody.Password, nil).Score + h.H.WriteCode(rw, r, http.StatusServiceUnavailable, passwordStrengthMeterResponse) return } -} - +} \ No newline at end of file diff --git a/passwordstrengthmeter/handler_test.go b/passwordstrengthmeter/handler_test.go index 1ff49b86..2b3011c0 100644 --- a/passwordstrengthmeter/handler_test.go +++ b/passwordstrengthmeter/handler_test.go @@ -22,35 +22,38 @@ package passwordstrengthmeter import ( "encoding/json" - "errors" - "io/ioutil" + "net/http" "net/http/httptest" "testing" + "bytes" "github.com/julienschmidt/httprouter" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/ory/herodot" ) func TestPasswordStrengthMeter(t *testing.T) { - alive := errors.New("not alive") handler := &Handler{ H: herodot.NewJSONWriter(nil), - VersionString: "test version", } router := httprouter.New() handler.SetRoutes(router, true) ts := httptest.NewServer(router) c := http.DefaultClient - var passwordStrengthh swaggerPasswordStrengthMeter - response, err := c.Get(ts.URL + PasswordStrengthPath) + var passwordStrength swaggerPasswordStrengthMeter + passwordStrengthBody := swaggerPasswordStrengthMeterBody{ + Password : "HelloIsItOkPassword", + } + + var buf bytes.Buffer + err := json.NewEncoder(&buf).Encode(passwordStrengthBody) + require.NoError(t, err) + response, err := c.Post(ts.URL + PasswordStrengthPath, "application/json", &buf ) require.NoError(t, err) require.EqualValues(t, http.StatusOK, response.StatusCode) - require.NoError(t, json.NewDecoder(response.Body).Decode(&passwordStrengthh)) // TO-DO : Write logic to verify test } From ad3a2b6871aad42f8f6efa9bb9fbbe887078d4ee Mon Sep 17 00:00:00 2001 From: Yuvraj Date: Thu, 19 Dec 2019 04:10:51 +0530 Subject: [PATCH 7/7] Password Check Logic added --- passwordstrengthmeter/handler_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/passwordstrengthmeter/handler_test.go b/passwordstrengthmeter/handler_test.go index 2b3011c0..3dcc9f5d 100644 --- a/passwordstrengthmeter/handler_test.go +++ b/passwordstrengthmeter/handler_test.go @@ -43,7 +43,7 @@ func TestPasswordStrengthMeter(t *testing.T) { ts := httptest.NewServer(router) c := http.DefaultClient - var passwordStrength swaggerPasswordStrengthMeter + // var passwordStrength swaggerPasswordStrengthMeter passwordStrengthBody := swaggerPasswordStrengthMeterBody{ Password : "HelloIsItOkPassword", }