1 package club.wpia.gigi.passwords;
3 import java.util.Arrays;
4 import java.util.regex.Pattern;
6 import club.wpia.gigi.GigiApiException;
7 import club.wpia.gigi.output.template.SprintfCommand;
9 public class PasswordStrengthChecker implements PasswordChecker {
11 private static Pattern digits = Pattern.compile("\\d");
13 private static Pattern lower = Pattern.compile("[a-z]");
15 private static Pattern upper = Pattern.compile("[A-Z]");
17 private static Pattern whitespace = Pattern.compile("\\s");
19 private static Pattern special = Pattern.compile("(?!\\s)\\W");
21 public PasswordStrengthChecker() {}
24 * @param pw The password.
25 * @return Estimate of the password’s strength (positive).
27 private int ratePasswordStrength(String pw) {
29 if (pw.length() > 15) {
32 if (pw.length() > 20) {
35 if (pw.length() > 25) {
38 if (pw.length() > 30) {
41 if (digits.matcher(pw).find()) {
44 if (lower.matcher(pw).find()) {
47 if (upper.matcher(pw).find()) {
50 if (special.matcher(pw).find()) {
53 if (whitespace.matcher(pw).find()) {
60 * @param pw The password.
61 * @param nameParts The name parts of the user.
62 * @param email The email address of the user.
63 * @return Estimate of the password’s weakness (negative).
65 private int ratePasswordWeakness(String pw, String[] nameParts, String email) {
67 if (contained(pw, email)) {
70 for (int i = 0; i < nameParts.length; i++) {
71 if (contained(pw, nameParts[i])) {
78 public int ratePassword(String pw, String[] nameParts, String email) {
79 return ratePasswordStrength(pw) + ratePasswordWeakness(pw, nameParts, email);
83 public GigiApiException checkPassword(String password, String[] nameParts, String email) {
84 int points = ratePassword(password, nameParts, email);
86 return new GigiApiException(new SprintfCommand(
87 "The password you submitted failed to contain enough differing characters and/or contained words from your name and/or email address. For the current requirements and to learn more, visit our {0}FAQ{1}.",
88 Arrays.asList("!(/kb/goodPassword", "!'</a>'")
95 private static boolean contained(String pw, String check) {
96 if (check == null || check.equals("")) {
99 if (pw.contains(check)) {
102 if (check.contains(pw)) {