|
Wt
3.3.5
|
A default implementation for password strength validation. More...
Public Types | |
| enum | PasswordType { OneCharClass, TwoCharClass, PassPhrase, ThreeCharClass, FourCharClass } |
| Enumeration for a password type. More... | |
 Public Types inherited from Wt::WValidator | |
| enum | State { Invalid, InvalidEmpty, Valid } |
| The state in which validated input can exist. More... | |
| Public Types inherited from Wt::WObject | |
| typedef void(WObject::* | Method) () |
| Typedef for a WObject method without arguments. | |
Public Member Functions | |
| PasswordStrengthValidator () | |
| Default constructor. | |
| void | setMinimumLength (PasswordType type, int length) |
| Sets the minimum length for a password of a certain type. More... | |
| int | minimumLength (PasswordType type) |
| Returns the minimum length for a password of a certain type. More... | |
| void | setMinimumPassPhraseWords (int words) |
| Sets the minimum number of words for a pass phrase. More... | |
| int | minimumPassPhraseWords () const |
| Returns the minimum number of words for a pass phrase. More... | |
| void | setMinimumMatchLength (int length) |
| Sets the minimum length for a match against a known sequence or the login name / email address. More... | |
| int | minimumMatchLength () const |
| Returns the minimum length for a match against a known sequence. More... | |
| virtual AbstractPasswordService::StrengthValidatorResult | evaluateStrength (const WString &password, const WString &loginName, const std::string &email) const |
| Evaluates the strength of a password. More... | |
| Public Member Functions inherited from Wt::Auth::AbstractPasswordService::AbstractStrengthValidator | |
| virtual Result | validate (const WString &password, const WString &loginName, const std::string &email) const |
| Validates a password. More... | |
| virtual Result | validate (const WString &password) const |
| Validates a password. More... | |
| Public Member Functions inherited from Wt::WValidator | |
| WValidator (WObject *parent=0) | |
| Creates a new validator. | |
| WValidator (bool mandatory, WObject *parent=0) | |
| Creates a new validator. More... | |
| ~WValidator () | |
| Destructor. More... | |
| void | setMandatory (bool how) |
| Sets if input is mandatory. More... | |
| bool | isMandatory () const |
| Returns if input is mandatory. | |
| void | setInvalidBlankText (const WString &text) |
| Sets the message to display when a mandatory field is left blank. More... | |
| WString | invalidBlankText () const |
| Returns the message displayed when a mandatory field is left blank. More... | |
| virtual WString | format () const |
| Returns the validator format. More... | |
| virtual void | createExtConfig (std::ostream &config) const |
| Provides Ext-compatible config options for client-side validation. | |
| virtual std::string | javaScriptValidate () const |
| Creates a Javascript object that validates the input. More... | |
| virtual std::string | inputFilter () const |
| Returns a regular expression that filters input. More... | |
| Public Member Functions inherited from Wt::WObject | |
| WObject (WObject *parent=0) | |
| Create a WObject with a given parent object. More... | |
| virtual | ~WObject () |
| Destructor. More... | |
| virtual const std::string | id () const |
| Returns the (unique) identifier for this object. More... | |
| virtual void | setObjectName (const std::string &name) |
| Sets an object name. More... | |
| virtual std::string | objectName () const |
| Returns the object name. More... | |
| void | resetLearnedSlots () |
| Resets learned stateless slot implementations. More... | |
| template<class T > | |
| void | resetLearnedSlot (void(T::*method)()) |
| Resets a learned stateless slot implementation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)()) |
| Declares a slot to be stateless and learn client-side behaviour on first invocation. More... | |
| template<class T > | |
| WStatelessSlot * | implementStateless (void(T::*method)(), void(T::*undoMethod)()) |
| Declares a slot to be stateless and learn client-side behaviour in advance. More... | |
| template<class T > | |
| WStatelessSlot * | implementJavaScript (void(T::*method)(), const std::string &jsCode) |
| Provides a JavaScript implementation for a method. More... | |
| void | addChild (WObject *child) |
| Adds a child object. More... | |
| virtual void | removeChild (WObject *child) |
| Removes a child object. More... | |
| const std::vector< WObject * > & | children () const |
| Returns the children. | |
| WObject * | parent () const |
| Returns the parent object. | |
Static Public Attributes | |
| static const int | Disabled = std::numeric_limits<int>::max() |
| Sentinel value to disable a particular check. | |
Additional Inherited Members | |
| Protected Member Functions inherited from Wt::WObject | |
| virtual WStatelessSlot * | getStateless (Method method) |
| On-demand stateless slot implementation. More... | |
| Static Protected Member Functions inherited from Wt::WObject | |
| static WObject * | sender () |
| Returns the sender of the current slot call. More... | |
A default implementation for password strength validation.
This implementation uses http://www.openwall.com/passwdqc/, a password checker commonly used to validate user account passwords in Linux/BSD distributions.
The default settings are not as restrictive as those used originally by passwdqc (which could be frustratingly restrictive for a web application). You may want to make it change the settings to demand stronger passwords for sensitive applications.
|
virtual |
Evaluates the strength of a password.
The result is an instance of StrengthValidatorResult which contains information on the validity and the strength (0 if invalid, 5 if valid) of the password together with possible messages.
The validator takes into account the user's login name and email address, to exclude passwords that are too similar to these.
Implements Wt::Auth::AbstractPasswordService::AbstractStrengthValidator.
| int Wt::Auth::PasswordStrengthValidator::minimumLength | ( | PasswordType | type | ) |
Returns the minimum length for a password of a certain type.
| int Wt::Auth::PasswordStrengthValidator::minimumMatchLength | ( | ) | const |
Returns the minimum length for a match against a known sequence.
| int Wt::Auth::PasswordStrengthValidator::minimumPassPhraseWords | ( | ) | const |
Returns the minimum number of words for a pass phrase.
| void Wt::Auth::PasswordStrengthValidator::setMinimumLength | ( | PasswordType | type, |
| int | length | ||
| ) |
Sets the minimum length for a password of a certain type.
See the PasswordType documentation for defaults. You may disable a password of a certain class entirely using the special value Disabled.
| void Wt::Auth::PasswordStrengthValidator::setMinimumMatchLength | ( | int | length | ) |
Sets the minimum length for a match against a known sequence or the login name / email address.
Irrespective of other settings, a password may be checked not to contain common sequences.
This sets the minimum number of characters which is considered as a match of a password against a known sequence. A lower length setting is thus more stringent.
The default value is 4.
| void Wt::Auth::PasswordStrengthValidator::setMinimumPassPhraseWords | ( | int | words | ) |
Sets the minimum number of words for a pass phrase.
Sets the minimum number of words for a valid pass phrase.
The default value is 3.
1.8.9.1
