view release on metacpan or  search on metacpan

lib/Data/Transpose/PasswordPolicy.pm  view on Meta::CPAN

Data::Transpose::PasswordPolicy - Perl extension to enforce password policy

=head1 SYNOPSIS

  use Data::Transpose::PasswordPolicy;

  my %credentials = (username => "marco",
                    password => "My.very.very.5strong.pzwd"
                   );

  my $pv = Data::Transpose::PasswordPolicy->new(\%credentials)
  
  if (my $password = $pv->is_valid) {
    print "$password is OK";
  }
  else {
    die $pv->error
  }



=head1 DESCRIPTION

This module enforces the password policy, doing a number of checking.
The author reccomends to use passphrases instead of password, using
some special character (like punctuation) as separator, with 4-5
words in mixed case and with numbers as a good measure.

You can add the policy to the constructor, where C<minlength> is the
minimum password length, C<maxlength> is the maximum password and
C<mindiffchars> is the minimum number of different characters in the
password. Read below for C<patternlength>

By default all checkings are enabled. If you want to configure the
policy, pass an hashref assigning to the disabled checking a true
value. This will leave only the length checks in place, which you can
tweak with the accessors. For example:




  my %validate = ( username => "marco",
                   password => "ciao",
                   minlength => 10,
                   maxlength => 50,
                   patternlength => 4,
                   mindiffchars => 5,
                   disabled => {
                                 digits => 1,
                                 mixed => 1,
                               }
  my $pv = Data::Transpose::PasswordPolicy->new(\%validate)
  $pv->is_valid ? "OK" : "not OK";


See below for the list of the available checkings.

B<Please note>: the purpose of this module is not to try to crack the
password provided, but to set a policy for the passwords, which should
have some minimum standards, and could be used on web services to stop
users to set trivial password (without keeping the server busy for
seconds while we check it). Nothing more.

=cut

=head1 METHODS

=cut

=head2 new(%credentials)

Create a new Data::Transpose::PasswordPolicy object using the
credentials provided to the constructor.

=cut

has username => (is => 'rw',
                 isa => Str);

has password => (is => 'rw',
                 isa => Str);

around password => \&_strip_space_on_around;
around username => \&_strip_space_on_around;

sub _strip_space_on_around {
    my $orig = shift;
    my $ret = $orig->(@_);
    if (not defined $ret) {
        return '';
    }
    else {
        $ret =~ s/^\s*//s;
        $ret =~ s/\s*$//s;
        return $ret;
    }
}


has maxlength => (is => 'rw',
                  isa => Int,
                  default => sub { 255 },
                 );

has minlength => (is => 'rw',
                  isa => Int,
                  default => sub { 12 },
                 );


has mindiffchars => (is => 'rw',
                     isa => Int,
                     default => sub { 6 },
                    );

has patternlength => (is => 'rw',
                      isa => Int,
                      default => sub { 3 },
                     );

has disabled => (is => 'rw',