line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Password::Policy; |
2
|
|
|
|
|
|
|
$Password::Policy::VERSION = '0.03'; |
3
|
|
|
|
|
|
|
# ABSTRACT: Make managing multiple password strength profiles easy |
4
|
|
|
|
|
|
|
|
5
|
4
|
|
|
4
|
|
87206
|
use strict; |
|
4
|
|
|
|
|
9
|
|
|
4
|
|
|
|
|
168
|
|
6
|
4
|
|
|
4
|
|
20
|
use warnings; |
|
4
|
|
|
|
|
5
|
|
|
4
|
|
|
|
|
125
|
|
7
|
|
|
|
|
|
|
|
8
|
4
|
|
|
4
|
|
1974
|
use Class::Load; |
|
4
|
|
|
|
|
97749
|
|
|
4
|
|
|
|
|
236
|
|
9
|
4
|
|
|
4
|
|
1678
|
use Clone qw/clone/; |
|
4
|
|
|
|
|
9358
|
|
|
4
|
|
|
|
|
249
|
|
10
|
4
|
|
|
4
|
|
1862
|
use Config::Any; |
|
4
|
|
|
|
|
30946
|
|
|
4
|
|
|
|
|
143
|
|
11
|
4
|
|
|
4
|
|
34
|
use Try::Tiny; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
251
|
|
12
|
|
|
|
|
|
|
|
13
|
4
|
|
|
4
|
|
1706
|
use Password::Policy::Exception; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
84
|
|
14
|
4
|
|
|
4
|
|
1438
|
use Password::Policy::Exception::EmptyPassword; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
89
|
|
15
|
4
|
|
|
4
|
|
1367
|
use Password::Policy::Exception::InvalidAlgorithm; |
|
4
|
|
|
|
|
6
|
|
|
4
|
|
|
|
|
82
|
|
16
|
4
|
|
|
4
|
|
1372
|
use Password::Policy::Exception::InvalidProfile; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
87
|
|
17
|
4
|
|
|
4
|
|
1345
|
use Password::Policy::Exception::InvalidRule; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
96
|
|
18
|
4
|
|
|
4
|
|
1418
|
use Password::Policy::Exception::NoAlgorithm; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
81
|
|
19
|
4
|
|
|
4
|
|
1503
|
use Password::Policy::Exception::ReusedPassword; |
|
4
|
|
|
|
|
9
|
|
|
4
|
|
|
|
|
2742
|
|
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
|
23
|
|
|
|
|
|
|
sub new { |
24
|
3
|
|
|
3
|
1
|
40
|
my ($class, %args) = @_; |
25
|
|
|
|
|
|
|
|
26
|
3
|
|
|
|
|
7
|
my $config_file = $args{config}; |
27
|
3
|
|
100
|
|
|
16
|
my $previous = $args{previous} || []; |
28
|
|
|
|
|
|
|
|
29
|
3
|
|
|
|
|
37
|
my $config = Config::Any->load_files({ files => [ $config_file ], use_ext => 1 }); |
30
|
3
|
|
|
|
|
94566
|
my $rules = {}; |
31
|
|
|
|
|
|
|
|
32
|
3
|
|
|
|
|
12
|
$config = $config->[0]->{$config_file}; |
33
|
3
|
|
|
|
|
7
|
my @profiles = keys(%{$config}); |
|
3
|
|
|
|
|
14
|
|
34
|
|
|
|
|
|
|
|
35
|
3
|
|
|
|
|
25
|
my $self = bless { |
36
|
|
|
|
|
|
|
_config => $config, |
37
|
|
|
|
|
|
|
_rules => $rules, |
38
|
|
|
|
|
|
|
_previous => $previous, |
39
|
|
|
|
|
|
|
_profiles => \@profiles, |
40
|
|
|
|
|
|
|
} => $class; |
41
|
|
|
|
|
|
|
|
42
|
3
|
|
|
|
|
8
|
foreach my $key (@profiles) { |
43
|
12
|
|
|
|
|
24
|
$rules->{$key} = $self->_parse_rules($key); |
44
|
|
|
|
|
|
|
} |
45
|
|
|
|
|
|
|
|
46
|
3
|
|
|
|
|
5
|
$self->{_rules} = $rules; |
47
|
3
|
|
|
|
|
14
|
return $self; |
48
|
|
|
|
|
|
|
} |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
sub _parse_rules { |
51
|
21
|
|
|
21
|
|
25
|
my ($self, $profile_name) = @_; |
52
|
21
|
|
|
|
|
15
|
my $rules; |
53
|
|
|
|
|
|
|
|
54
|
21
|
|
|
|
|
30
|
my $profile = clone $self->config->{$profile_name}; |
55
|
21
|
100
|
|
|
|
52
|
if(my $parent = delete $profile->{inherit}) { |
56
|
9
|
|
|
|
|
21
|
$rules = $self->_parse_rules($parent); |
57
|
|
|
|
|
|
|
} |
58
|
21
|
|
|
|
|
21
|
foreach my $key (keys(%{$profile})) { |
|
21
|
|
|
|
|
45
|
|
59
|
57
|
100
|
|
|
|
85
|
if($key eq 'algorithm') { |
60
|
15
|
|
|
|
|
28
|
$rules->{algorithm} = $profile->{$key}; |
61
|
15
|
|
|
|
|
21
|
next; |
62
|
|
|
|
|
|
|
} |
63
|
42
|
100
|
|
|
|
56
|
if($rules->{$key}) { |
64
|
9
|
50
|
|
|
|
34
|
$rules->{$key} = $profile->{$key} if($profile->{$key} > $rules->{$key}); |
65
|
|
|
|
|
|
|
} else { |
66
|
33
|
|
|
|
|
62
|
$rules->{$key} = $profile->{$key}; |
67
|
|
|
|
|
|
|
} |
68
|
|
|
|
|
|
|
} |
69
|
21
|
|
|
|
|
55
|
return $rules; |
70
|
|
|
|
|
|
|
} |
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
sub config { |
73
|
21
|
|
|
21
|
0
|
189
|
return (shift)->{_config}; |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
sub profiles { |
77
|
0
|
|
|
0
|
0
|
0
|
return (shift)->{_profiles}; |
78
|
|
|
|
|
|
|
} |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
sub previous { |
81
|
16
|
|
|
16
|
0
|
47
|
return (shift)->{_previous}; |
82
|
|
|
|
|
|
|
} |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
sub rules { |
85
|
16
|
|
|
16
|
0
|
26
|
my $self = shift; |
86
|
16
|
|
100
|
|
|
64
|
my $profile = shift || 'default'; |
87
|
16
|
|
|
|
|
25
|
my $rules = $self->{_rules}; |
88
|
16
|
|
33
|
|
|
72
|
return $rules->{$profile} || Password::Policy::Exception::InvalidProfile->throw; |
89
|
|
|
|
|
|
|
} |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
sub process { |
93
|
12
|
|
|
12
|
1
|
277
|
my ($self, $args) = @_; |
94
|
12
|
|
33
|
|
|
36
|
my $password = $args->{password} || Password::Policy::Exception::EmptyPassword->throw; |
95
|
|
|
|
|
|
|
|
96
|
12
|
|
|
|
|
40
|
my $rules = $self->rules($args->{profile}); |
97
|
12
|
|
33
|
|
|
37
|
my $algorithm = $rules->{algorithm} || Password::Policy::Exception::NoAlgorithm->throw; |
98
|
12
|
|
50
|
|
|
50
|
my $algorithm_args = $rules->{algorithm_args} || {}; |
99
|
12
|
|
|
|
|
14
|
foreach my $rule (sort keys(%{$rules})) { |
|
12
|
|
|
|
|
73
|
|
100
|
33
|
100
|
|
|
|
66
|
next if($rule eq 'algorithm'); |
101
|
|
|
|
|
|
|
|
102
|
21
|
|
|
|
|
69
|
my $rule_class = 'Password::Policy::Rule::' . ucfirst($rule); |
103
|
|
|
|
|
|
|
try { |
104
|
21
|
|
|
21
|
|
544
|
Class::Load::load_class($rule_class); |
105
|
|
|
|
|
|
|
} catch { |
106
|
0
|
|
|
0
|
|
0
|
Password::Policy::Exception::InvalidRule->throw; |
107
|
21
|
|
|
|
|
131
|
}; |
108
|
21
|
|
|
|
|
1485
|
my $rule_obj = $rule_class->new($rules->{$rule}); |
109
|
21
|
|
|
|
|
64
|
my $check = $rule_obj->check($password); |
110
|
17
|
50
|
|
|
|
79
|
unless($check) { |
111
|
|
|
|
|
|
|
# no idea what failed if we didn't get a more specific exception, so |
112
|
|
|
|
|
|
|
# throw a generic error |
113
|
0
|
|
|
|
|
0
|
Password::Policy::Exception->throw; |
114
|
|
|
|
|
|
|
} |
115
|
|
|
|
|
|
|
} |
116
|
|
|
|
|
|
|
|
117
|
8
|
|
|
|
|
43
|
my $enc_password = $self->encrypt({ |
118
|
|
|
|
|
|
|
password => $password, |
119
|
|
|
|
|
|
|
algorithm => $algorithm, |
120
|
|
|
|
|
|
|
algorithm_args => $algorithm_args |
121
|
|
|
|
|
|
|
}); |
122
|
|
|
|
|
|
|
|
123
|
|
|
|
|
|
|
# This is a post-encryption rule, so it's a special case. |
124
|
8
|
50
|
|
|
|
26
|
if($self->previous) { |
125
|
8
|
|
|
|
|
10
|
foreach my $previous_password (@{$self->previous}) { |
|
8
|
|
|
|
|
13
|
|
126
|
5
|
100
|
|
|
|
19
|
Password::Policy::Exception::ReusedPassword->throw if($enc_password eq $previous_password); |
127
|
|
|
|
|
|
|
} |
128
|
|
|
|
|
|
|
} |
129
|
6
|
|
|
|
|
43
|
return $enc_password; |
130
|
|
|
|
|
|
|
} |
131
|
|
|
|
|
|
|
|
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
sub encrypt { |
134
|
8
|
|
|
8
|
1
|
11
|
my ($self, $args) = @_; |
135
|
|
|
|
|
|
|
|
136
|
8
|
|
33
|
|
|
21
|
my $password = $args->{password} ||Password::Policy::Exception::EmptyPassword->throw; |
137
|
8
|
|
33
|
|
|
16
|
my $algorithm = $args->{algorithm} ||Password::Policy::Exception::NoAlgorithm->throw; |
138
|
8
|
|
50
|
|
|
19
|
my $algorithm_args = $args->{algorithm_args} || {}; |
139
|
|
|
|
|
|
|
|
140
|
8
|
|
|
|
|
17
|
my $enc_class = 'Password::Policy::Encryption::' . $algorithm; |
141
|
|
|
|
|
|
|
try { |
142
|
8
|
|
|
8
|
|
202
|
Class::Load::load_class($enc_class); |
143
|
|
|
|
|
|
|
} catch { |
144
|
0
|
|
|
0
|
|
0
|
Password::Policy::Exception::InvalidAlgorithm->throw; |
145
|
8
|
|
|
|
|
49
|
}; |
146
|
8
|
|
|
|
|
453
|
my $enc_obj = $enc_class->new($algorithm_args); |
147
|
8
|
|
|
|
|
22
|
my $new_password = $enc_obj->enc($password); |
148
|
8
|
|
|
|
|
66
|
return $new_password; |
149
|
|
|
|
|
|
|
} |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
1; |
153
|
|
|
|
|
|
|
|
154
|
|
|
|
|
|
|
__END__ |