search

bitzesty / devise_zxcvbn

Devise plugin to reject weak passwords using zxcvbn
MIT License
194 stars 38 forks source link

replace zxcvbn-js with alternative gem that won't load js engine. #41

Closed formigarafa closed 2 years ago

formigarafa commented 3 years ago

By using this gem, which is a 100% ruby rewrite of zxcvbn-js, you will get the same result as zxcvbn-js without loading execjs. With my own tests I could see a considerable gain in speed.

matthewford commented 3 years ago

Thanks, but the reason for this gem is to not do that, as there are differences in the algorithm which mean that users sometimes get validation errors when using zxcvbn js for client side validation.

formigarafa commented 3 years ago

@matthewford please do no get confused, I did not add zxcvbn-ruby which has the differences in the algorithm. This zxcvbn is another gem which produces the same result as the zxcvbn-js without using js engine. It is a complete rewrite based on the js version.

you can even compare the source codes, for example: https://github.com/dropbox/zxcvbn/blob/master/src/matching.coffee https://github.com/formigarafa/zxcvbn-rb/blob/master/lib/zxcvbn/matching.rb

matthewford commented 3 years ago

Hi Rafael,

Interesting I will try and make time next week to review this.

Thanks, Matt

On Fri, 28 May 2021 at 22:42, Rafael Santos @.***> wrote:

@matthewford https://github.com/matthewford please do no get confused, I did not add zxcvbn-ruby which has the differences in the algorithm. This zxcvbn is another gem which produces the same result as the zxcvbn-js without using js engine. It is a complete rewrite based on the js version.

you can even compare the source codes, for example: https://github.com/dropbox/zxcvbn/blob/master/src/matching.coffee https://github.com/formigarafa/zxcvbn-rb/blob/master/lib/zxcvbn/matching.rb

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/bitzesty/devise_zxcvbn/pull/41#issuecomment-850690540, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAABV7MKTZIDNQUIJYBKEDTQAE5FANCNFSM45WL3DIA .

-- Sent from my iPhone

-- Bit Zesty Ltd, a company incorporated in England & Wales with registered number 06883289. Our registered address is 94 White Lion Street, London, N1 9PF.

matthewford commented 3 years ago

I did some tests with the error cases mentioned in this issue: https://github.com/envato/zxcvbn-ruby/issues/18 and they seem to pass, as this is a major change will need to do a major version bump.