Crate password_rules_parser

Source
Expand description

Rust parser for the HTML passwordrules attribute, a proposal for an HTML attribute that allows services to specify their password requirements in a machine-readable format.

This spec is primarily being backed by Apple, and their tools and docs can be found here.

§Password Rules

A password rule consists of the following:

  • max-consecutive - The maximum number of consecutive identical characters allowed in the password
  • minlength - The minimum length of the password
  • maxlength - The maximum length of the password
  • allowed - A set of character classes whose characters the password is allowed to be generated with
    • Note that allowed: digit, upper; is equivalent to allowed: digit; allowed: upper;
  • required - A set of character classes where at least one character from each required set must appear in the password
    • Note that required: digit, upper; is not equivalent to required: digit; required: upper;. The first (required: digit, upper;) means that the password must contain a digit or an upper(case) character, while the second (required: digit; required: upper;) means the password must contain a digit AND an upper(case) character.

Rules are separated by a semicolon (;), while character classes are separated by a comma (,).

An example of a password rule:

max-consecutive: 2; minlength: 10; maxlength: 15; allowed: upper; required: digit, special;

§Character Classes

There are several different types of character classes:

  • Upper - All ASCII uppercase characters (ABCDEFGHIJKLMNOPQRSTUVWXZY)
  • Lower - All ASCII lowercase characters (abcdefghijklmnopqrstuvwxzy)
  • Digit - All ASCII digits (0123456789)
  • Special - ASCII special characters (-~!@#$%^&*_+=``|(){}[:;"'<>,.?])
  • AsciiPrintable - All ASCII printable characters
  • Unicode - All unicode characters
    • Note: In this implementation this class is equivalent to AsciiPrintable
  • Custom - Contains a set of custom ASCII printable characters in the format [-abc]] where -, a, b, c, and ] are the characters.
    • Note: - and ] are special characters in a character class where - must be the first character in the set and ] must be the last character.

§Example

This example can be run via cargo run --example parse.

use password_rules_parser::{parse_password_rules, CharacterClass};

let password_rules = "minlength: 8; maxlength: 32; required: lower, upper; required: digit; allowed: [-_./\\@$*&!#];";
let parsed_rules =
    parse_password_rules(password_rules, true).expect("failed to parse password rules");

assert_eq!(parsed_rules.min_length.unwrap(), 8);
assert_eq!(parsed_rules.max_length.unwrap(), 32);
// This password rule does not place a restriction on consecutive characters
assert!(parsed_rules.max_consecutive.is_none());
assert_eq!(
    parsed_rules.allowed,
    vec![CharacterClass::Custom(vec![
        '!', '#', '$', '&', '*', '-', '.', '/', '@', '\\', '_',
    ])]
);
assert_eq!(
    parsed_rules.required,
    vec![
        vec![CharacterClass::Upper, CharacterClass::Lower],
        vec![CharacterClass::Digit]
    ]
);

// The above information can be used to make informed decisions about what password
// to generate for use with a specific service

You can try parsing arbitrary rules with this tool via cargo run --example cli.

Modules§

  • Errors that can be returned from the parsing process

Structs§

Enums§

  • Character classes that the password can be allowed or required to use

Functions§