Wt  4.0.2
Public Member Functions | Static Public Attributes | List of all members
Wt::Auth::PasswordStrengthValidator Class Reference

A default implementation for password strength validation. More...

#include <PasswordStrengthValidator.h>

Inheritance diagram for Wt::Auth::PasswordStrengthValidator:
Inheritance graph
[legend]

Public Member Functions

 PasswordStrengthValidator ()
 Default constructor.
 
void setMinimumLength (PasswordStrengthType type, int length)
 Sets the minimum length for a password of a certain type. More...
 
int minimumLength (PasswordStrengthType type)
 Returns the minimum length for a password of a certain type. More...
 
void setMinimumPassPhraseWords (int words)
 Sets the minimum number of words for a pass phrase. More...
 
int minimumPassPhraseWords () const
 Returns the minimum number of words for a pass phrase. More...
 
void setMinimumMatchLength (int length)
 Sets the minimum length for a match against a known sequence or the login name / email address. More...
 
int minimumMatchLength () const
 Returns the minimum length for a match against a known sequence. More...
 
virtual AbstractPasswordService::StrengthValidatorResult evaluateStrength (const WString &password, const WString &loginName, const std::string &email) const override
 Evaluates the strength of a password. More...
 
- Public Member Functions inherited from Wt::Auth::AbstractPasswordService::AbstractStrengthValidator
virtual Result validate (const WString &password, const WString &loginName, const std::string &email) const
 Validates a password. More...
 
virtual Result validate (const WString &password) const override
 Validates a password. More...
 
- Public Member Functions inherited from Wt::WValidator
 WValidator (bool mandatory=false)
 Creates a new validator. More...
 
virtual ~WValidator ()
 Destructor. More...
 
void setMandatory (bool how)
 Sets if input is mandatory. More...
 
bool isMandatory () const
 Returns if input is mandatory.
 
void setInvalidBlankText (const WString &text)
 Sets the message to display when a mandatory field is left blank. More...
 
WString invalidBlankText () const
 Returns the message displayed when a mandatory field is left blank. More...
 
virtual WString format () const
 Returns the validator format. More...
 
virtual std::string javaScriptValidate () const
 Creates a Javascript object that validates the input. More...
 
virtual std::string inputFilter () const
 Returns a regular expression that filters input. More...
 

Static Public Attributes

static const int Disabled = std::numeric_limits<int>::max()
 Sentinel value to disable a particular check.
 

Additional Inherited Members

- Public Types inherited from Wt::WValidator
typedef ValidationState State
 Typedef for enum Wt::ValidationState.
 

Detailed Description

A default implementation for password strength validation.

This implementation uses http://www.openwall.com/passwdqc/, a password checker commonly used to validate user account passwords in Linux/BSD distributions.

The default settings are not as restrictive as those used originally by passwdqc (which could be frustratingly restrictive for a web application). You may want to make it change the settings to demand stronger passwords for sensitive applications.

Member Function Documentation

AbstractPasswordService::StrengthValidatorResult Wt::Auth::PasswordStrengthValidator::evaluateStrength ( const WString password,
const WString loginName,
const std::string &  email 
) const
overridevirtual

Evaluates the strength of a password.

The result is an instance of StrengthValidatorResult which contains information on the validity and the strength (0 if invalid, 5 if valid) of the password together with possible messages.

The validator takes into account the user's login name and email address, to exclude passwords that are too similar to these.

Implements Wt::Auth::AbstractPasswordService::AbstractStrengthValidator.

int Wt::Auth::PasswordStrengthValidator::minimumLength ( PasswordStrengthType  type)

Returns the minimum length for a password of a certain type.

See also
setMinimumLength()
int Wt::Auth::PasswordStrengthValidator::minimumMatchLength ( ) const

Returns the minimum length for a match against a known sequence.

See also
setMinimumMatchLength()
int Wt::Auth::PasswordStrengthValidator::minimumPassPhraseWords ( ) const

Returns the minimum number of words for a pass phrase.

See also
setMinimumPassPhraseWords()
void Wt::Auth::PasswordStrengthValidator::setMinimumLength ( PasswordStrengthType  type,
int  length 
)

Sets the minimum length for a password of a certain type.

See the PasswordStrengthType documentation for defaults. You may disable a password of a certain class entirely using the special value Disabled.

void Wt::Auth::PasswordStrengthValidator::setMinimumMatchLength ( int  length)

Sets the minimum length for a match against a known sequence or the login name / email address.

Irrespective of other settings, a password may be checked not to contain common sequences.

This sets the minimum number of characters which is considered as a match of a password against a known sequence. A lower length setting is thus more stringent.

The default value is 4.

void Wt::Auth::PasswordStrengthValidator::setMinimumPassPhraseWords ( int  words)

Sets the minimum number of words for a pass phrase.

Sets the minimum number of words for a valid pass phrase.

The default value is 3.

See also
PassPhrase

Generated on Fri Nov 24 2017 for the C++ Web Toolkit (Wt) by doxygen 1.8.11