Expand description
Rust parser for the HTML passwordrules
attribute, a proposal for an
HTML attribute that allows services to specify their password requirements in a machine-readable format.
This spec is primarily being backed by Apple, and their tools and docs can be found here.
§Password Rules
A password rule consists of the following:
max-consecutive
- The maximum number of consecutive identical characters allowed in the passwordminlength
- The minimum length of the passwordmaxlength
- The maximum length of the passwordallowed
- A set of character classes whose characters the password is allowed to be generated with- Note that
allowed: digit, upper;
is equivalent toallowed: digit; allowed: upper;
- Note that
required
- A set of character classes where at least one character from eachrequired
set must appear in the password- Note that
required: digit, upper;
is not equivalent torequired: digit; required: upper;
. The first (required: digit, upper;
) means that the password must contain adigit
or anupper
(case) character, while the second (required: digit; required: upper;
) means the password must contain adigit
AND anupper
(case) character.
- Note that
Rules are separated by a semicolon (;
), while character classes are separated by a comma (,
).
An example of a password rule:
max-consecutive: 2; minlength: 10; maxlength: 15; allowed: upper; required: digit, special;
§Character Classes
There are several different types of character classes:
Upper
- All ASCII uppercase characters (ABCDEFGHIJKLMNOPQRSTUVWXZY
)Lower
- All ASCII lowercase characters (abcdefghijklmnopqrstuvwxzy
)Digit
- All ASCII digits (0123456789
)Special
- ASCII special characters (-~!@#$%^&*_+=``|(){}[:;"'<>,.?]
)AsciiPrintable
- All ASCII printable charactersUnicode
- All unicode characters- Note: In this implementation this class is equivalent to
AsciiPrintable
- Note: In this implementation this class is equivalent to
Custom
- Contains a set of custom ASCII printable characters in the format[-abc]]
where -, a, b, c, and ] are the characters.- Note:
-
and]
are special characters in a character class where-
must be the first character in the set and]
must be the last character.
- Note:
§Example
This example can be run via cargo run --example parse
.
use password_rules_parser::{parse_password_rules, CharacterClass};
let password_rules = "minlength: 8; maxlength: 32; required: lower, upper; required: digit; allowed: [-_./\\@$*&!#];";
let parsed_rules =
parse_password_rules(password_rules, true).expect("failed to parse password rules");
assert_eq!(parsed_rules.min_length.unwrap(), 8);
assert_eq!(parsed_rules.max_length.unwrap(), 32);
// This password rule does not place a restriction on consecutive characters
assert!(parsed_rules.max_consecutive.is_none());
assert_eq!(
parsed_rules.allowed,
vec![CharacterClass::Custom(vec![
'!', '#', '$', '&', '*', '-', '.', '/', '@', '\\', '_',
])]
);
assert_eq!(
parsed_rules.required,
vec![
vec![CharacterClass::Upper, CharacterClass::Lower],
vec![CharacterClass::Digit]
]
);
// The above information can be used to make informed decisions about what password
// to generate for use with a specific service
You can try parsing arbitrary rules with this tool via cargo run --example cli
.
Modules§
- Errors that can be returned from the parsing process
Structs§
- The various parsed password rules
Enums§
- Character classes that the password can be allowed or required to use
Functions§
- Parse a password rules string and return its parts