Smalltalk › Instantiations

Checking password strength with RegEx [ VA 4.02 ]

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

9 messages Options

Sreenath

Checking password strength with RegEx [ VA 4.02 ]

Hi,

I have to enforce a password strength check with the following rules.

Passwords must contain characters from each of the following categories:
- lower case letters (a-z)
- upper case letters (A-Z)
- numbers (0-9)
- special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length

To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [

( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [

( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [

( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

Any suggestions let me know.

best Regards,

Sreenath

--
You received this message because you are subscribed to the Google Groups "VA Smalltalk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at http://groups.google.com/group/va-smalltalk.
For more options, visit https://groups.google.com/d/optout.

Richard Sargent

Re: Checking password strength with RegEx [ VA 4.02 ]

Administrator

On Tuesday, October 13, 2015 at 5:32:51 AM UTC-7, Sreenath G K wrote:

Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)
upper case letters (A-Z)
numbers (0-9)
special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length
To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

My eyes! :-)

I suggest you write Smalltalk. Those rules are so trivial. Count by "character class". Ensure each class is represented. Ensure the string is long enough. Why would you want to add unreadable expressions into a Smalltalk program?

Any suggestions let me know.

best Regards,
Sreenath

jtuchel

Re: Checking password strength with RegEx [ VA 4.02 ]

Richard,

I am glad you wrote that, because that is what I had in mind as well. A hand full of detect: or anySatisfy: would be much easier to read and (much more important) maintain and I guess also be faster (although probably in rather irrelevant dimensions).

Am Donnerstag, 15. Oktober 2015 21:38:42 UTC+2 schrieb Richard Sargent:

On Tuesday, October 13, 2015 at 5:32:51 AM UTC-7, Sreenath G K wrote:
Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)

myString anySatisfy: [:c| c isLetter and: [c isLowercase]]. "Not sure, but maybe you can even drop the isLetter test"

upper case letters (A-Z)

myString anySatisfy: [:c| c isLetter and: [c isUppercase]]. "Not sure, but maybe you can even drop the isLetter test"

numbers (0-9)

myString anySatisfy: [:c| c isDigit].

special characters, that is any of the following: !,@#$%\^&*?_~

myString anySatisfy: [:c| listOfSpecialChars includes: c ].

Passwords must be at least 8 characters in length

myString size >= 8

This is all that's needed...

Marten Feldtmann-4

Re: Checking password strength with RegEx [ VA 4.02 ]

regular expressions have their good usages and there are people out there, who have no problems reading those statements (I am NOT one of those) - and they are configurable, which is not possible with static Smalltalk expressions.

I rather would investiagate, why there are problems with specific expressions ...

jtuchel

Re: Checking password strength with RegEx [ VA 4.02 ]

Marten,

there are many good uses for Regexes, like sharing them between your server app and reusing them for html5 input fields.
OTOH, there are so many subtle differences in what certain parsers interpret how, that it can get hard to really reuse them if they get really smart (not that I could write or even read these ;-) ).

BUT if the only purpose here is to check these simple rules in a Smalltalk application, I'd rather forget about Regex. Especially since most Smalltalk implementations miss important functionalities (most are based on Vasilly's implementation which is about a decade old or so).

Joachim

Am Freitag, 16. Oktober 2015 12:33:53 UTC+2 schrieb Marten Feldtmann:

regular expressions have their good usages and there are people out there, who have no problems reading those statements (I am NOT one of those) - and they are configurable, which is not possible with static Smalltalk expressions.

I rather would investiagate, why there are problems with specific expressions ...

Louis LaBrunda

Re: Checking password strength with RegEx [ VA 4.02 ]

In reply to this post by Sreenath

Hi Sreenath,

On Tuesday, October 13, 2015 at 8:32:51 AM UTC-4, Sreenath G K wrote:

Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)
upper case letters (A-Z)
numbers (0-9)
special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length
To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

Any suggestions let me know.

best Regards,
Sreenath

Hi All,

I'm with my Smalltalk friends on thinking this should be done in Smalltalk if it can be run in the server. I'm also of no help with regex. The question got me thinking about how to do this in Smalltalk and came up with this:

	| password passwordAsSet pwOk critera minLength |

	password := 'Magic1Password5$$%\678&?_'.
	passwordAsSet := password asSet.
	minLength := 8.
	critera := Array with: 'abcdefghijklmnopqrstuvwxyz' asSet
		with: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' asSet
		with: '0123456789' asSet with: '!,@#$%\^&*?_~' asSet.

	pwOk := critera inject: (password size >= minLength) into: [:ok :c |
		ok & (passwordAsSet intersection: c) notEmpty].
	pwOk.
 

I also tried a simple version that would come up with a rank of the password. It is not a very good ranking, I just wanted to get the structure.

	| password passwordAsSet rank critera minLength |

	password := 'Magic1Password5$$%\678&?_'.
	passwordAsSet := password asSet.
	minLength := 8.
	critera := Array with: 'abcdefghijklmnopqrstuvwxyz' asSet
		with: 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' asSet
		with: '0123456789' asSet with: '!,@#$%\^&*?_~' asSet.

	rank := (critera inject: (((password size - minLength) // 2) min: 4) into: [:r :c |
		(r > 0) ifTrue: [(((passwordAsSet intersection: c) size // 2) min: 4) + r] ifFalse: [0].
	]) // 4.
	rank.
 

Lou

Sreenath

Re: Checking password strength with RegEx [ VA 4.02 ]

In reply to this post by Sreenath

Hi All,

I appreciate all your above comments..Thanks.

What i was asking is that in java for example we can do that with a single line of regEx expression.

^(?=.*[A-Z])(?=.*[!@#$&*])(?=.*[0-9])(?=.*[a-z]).{8}$

^                         Start anchor
(?=.*[A-Z])        	  Ensure string has auppercase letters.
(?=.*[!@#$&*])            Ensure string has one special case letter.
(?=.*[0-9])     	  Ensure string has two digits.
(?=.*[a-z]) 		  Ensure string has three lowercase letters.
.{8}                      Ensure string is of length 8.
$                         End anchor.

So simple right. I belive I have done that in VW 7.XX. I was asking for this and I hope I was enough in communicating this to the group.

The problem for me is that if I put a "?" immediatitely the regEx gives me an error.

Once again I appreciate and will consider your views.

Best Regards,

Sree

On Tuesday, October 13, 2015 at 6:02:51 PM UTC+5:30, Sreenath G K wrote:

Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)
upper case letters (A-Z)
numbers (0-9)
special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length
To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

Any suggestions let me know.

best Regards,
Sreenath

Richard Sargent

Re: Checking password strength with RegEx [ VA 4.02 ]

Administrator

In reply to this post by Sreenath

On Tuesday, October 13, 2015 at 5:32:51 AM UTC-7, Sreenath G K wrote:

Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)
upper case letters (A-Z)
numbers (0-9)
special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length
To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

I think the issue is one of standards. In scanning https://en.wikipedia.org/wiki/Regular_expression, I see there is a section called Standards. It begins "The IEEE POSIX standard has three sets of compliance: BRE,^[24] ERE, and SRE for Basic, Extended, and Simple Regular Expressions."

I am guessing that the VA implementation is BRE rather than ERE, if it conforms to the standard at all.

Any suggestions let me know.

Reiterating my original point, stick to Smalltalk, and keep it readable. Regular expressions might as well be APL (my second favourite language) where readability is concerned.

best Regards,
Sreenath

Sreenath

Re: Checking password strength with RegEx [ VA 4.02 ]

In reply to this post by Sreenath

HI All.

I have changed the code from regex to Smalltalk..!!! Thanks everyone

Bets Regards,

Sree

On Tuesday, October 13, 2015 at 6:02:51 PM UTC+5:30, Sreenath G K wrote:

Hi,

I have to enforce a password strength check with the following rules.
Passwords must contain characters from each of the following categories:
lower case letters (a-z)
upper case letters (A-Z)
numbers (0-9)
special characters, that is any of the following: !,@#$%\^&*?_~
Passwords must be at least 8 characters in length
To archive the above what I have tried is

( ( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[a-z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[A-Z]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[0-9]+[\w!,@#$%^&*?_~_/-]*' ) and: [
( aPassword prefixMatchesRegex: '[\w!,@#$%^&*?_~_/-]*[!,@#$%^&*?_~_/-]+[\w!,@#$%^&*?_~_/-]*' ) ]] ])

I know its a clumsy code.. But I have tried to add using a single regex statement with ? and all.. but as soon as the regEx seems a $? it throws an error.

Any suggestions let me know.

best Regards,
Sreenath