Code Coverage for D:\Apache2.4.33\htdocs\iaLib\inc

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 10	CRAP	0.00% covered (danger)	0.00%	0 / 68
iaPwd	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 10	930.00	0.00% covered (danger)	0.00%	0 / 68
__construct				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 4
get_policy					n/a	0 / 0	1		n/a	0 / 0
set_policy				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 2
set_irregularSequences				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 2
passwordPolicyCheck				0.00% covered (danger)	0.00%	0 / 1	210.00	0.00% covered (danger)	0.00%	0 / 23
has_sequence				0.00% covered (danger)	0.00%	0 / 1	42.00	0.00% covered (danger)	0.00%	0 / 15
get_rules				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 12
passwordHash				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 1
passwordVerify				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 1
passwordNeedsRehash				0.00% covered (danger)	0.00%	0 / 1	2.00	0.00% covered (danger)	0.00%	0 / 1
costRecomended				0.00% covered (danger)	0.00%	0 / 1	6.00	0.00% covered (danger)	0.00%	0 / 7

1	<?php
2	namespace ia\Lib;
3
4	use ia\Util\Str;
5	use URLify;
6
7
8	//@TODO
9	// check max wrong attempts 30, block for x time? in caller
10	// check vs last n pwds ($gsqlClass, $table, $pk)?
11	// invalid list
12
13	// reading
14	//https://www.networkworld.com/article/3199607/linux/dealing-with-nists-about-face-on-password-complexity.html
15	//the maximum length for passwords be set to 64 characters min 8
16	//passwords be checked against known bad passwords, banned lists, etc
17	//passwords only be changed when forgotten
18	//http://world.std.com/~reinhold/diceware.html
19	//https://www.grc.com/haystack.htm
20	//*** https://github.com/danielmiessler/SecLists
21	//**** https://github.com/ircmaxell/password-policy
22	// minLength: 0 } o 1
23
24
25	/**
26	* iaPwd Check password vs characters policy, hashit and check hash vs password
27	*
28	*/
29	class iaPwd {
30	protected $options = ['cost' => 10];
31	protected $algorithm = PASSWORD_DEFAULT;
32
33	protected $policy = [
34	'pwd_min_chars' => 12,
35	'pwd_max_chars' => 60,
36	'pwd_min_digitos' => 1,
37	'pwd_min_minusculas' => 1,
38	'pwd_min_mayusculas' => 1,
39	'pwd_min_simbolos' => 1,
40	'pwd_max_sequenciales' => 4,
41	];
42
43	protected $irregularSequences = [
44	'qwertyuiop',
45	'asdfghijkl',
46	'zxcvbnm',
47	'poiuytrewq',
48	'lkjhgfdsa',
49	'mnbvcxz',
50	'986532',
51	];
52
53	/**
54	* iaPwd::__construct()
55	*
56	* @param int $algorithm php's algorithm constant
57	* @param integer $cost
58	* @param array $policy
59	*/
60	public function __construct($algorithm = PASSWORD_DEFAULT, $cost = 10, $policy = []) {
61	$this->algorithm = $algorithm;
62	$this->options['cost'] = $cost;
63	$this->set_policy($policy);
64	}
65
66	/**
67	* Policy for min/max characters, digits, lowercase, uppercase, symbols, sequences
68	*
69	* @return array
70	*/
71	public function get_policy() {return $this->policy;}
72
73
74	/** check password policy */
75
76	/**
77	* Set policy for min/max characters, digits, lowercase, uppercase, symbols, sequences
78	*
79	* @param array $policy one or more keys from
80	* 'pwd_min_chars','pwd_max_chars', 'pwd_min_digitos', 'pwd_min_minusculas','pwd_min_mayusculas', 'pwd_min_simbolos', 'pwd_max_sequenciales'
81	*
82	*/
83	public function set_policy($policy) {
84	$this->policy = array_merge($this->policy, $policy);
85	}
86
87	public function set_irregularSequences($irregularSequences) {
88	$this->irregularSequences = $irregularSequences;
89	}
90
91	/**
92	* Check the passwords complies with character's policy
93	*
94	* @param string $pwd
95	* @return string error message or empty
96	*/
97	public function passwordPolicyCheck($pwd) {
98	if(empty($pwd)) {
99	return 'Falto la contresaña';
100	}
101	$trim = Str::strim($pwd);
102	if($trim !== $pwd) {
103	return "No puede comenzar ni terminar con espacio, ni tener 2 espacios juntos";
104	}
105
106	$str = URLify::downcode($trim);
107	if($str !== $trim) {
108	return "No puede llevar acentos, dierecis, eñes, ni ¿ ¡";
109	}
110	$rules = $this->get_rules();
111	foreach($rules as $i=>$r) {
112	$n = preg_match_all($r['regexp'], $str, $matches);
113	if(!empty($r['min']) && $n < $r['min']) {
114	return $r['msg'];
115	}
116	if(!empty($r['max']) && $n > $r['max']) {
117	return $r['msg'];
118	}
119	if($n > 0 && !empty($r['existe'])) {
120	return $r['msg'];
121	}
122	}
123
124	if($this->has_sequence($str, $this->policy['pwd_max_sequenciales'])) {
125	return "No puede tener $this->policy[pwd_max_sequenciales] o más letras o números consecutivos";
126	}
127
128	foreach($this->irregularSequences as $s) {
129	if(stripos($str, substr($s,0,$this->policy['pwd_min_chars']))!==false) {
130	return "La sequencia de carácteres $s es inválida";
131	}
132	}
133	return '';
134	}
135
136	/**
137	* has_sequence()
138	*
139	* @param string $str
140	* @param int $maxSecuenciales
141	* @return bool
142	*/
143	private function has_sequence($str, $maxSecuenciales) {
144	$maxSecuenciales--;
145	if($maxSecuenciales <= 0) {
146	return false;
147	}
148	$seguidos = 0;
149	$prev = 0;
150	$len = strlen($str);
151	for($i = 0; $i < $len; $i++) {
152	$c = ord( strtolower( $str[$i] ) );
153	if($c === $prev + 1 \|\| $c === $prev - 1) {
154	$seguidos++;
155	if($seguidos >= $maxSecuenciales) {
156	return true;
157	}
158	} else {
159	$seguidos = 0;
160	}
161	$prev = $c;
162	}
163	return false;
164	}
165
166
167	/**
168	* Rules for passwords [regexp=>'to full fill', 'min'=>1, 'max'=>8, 'msg'=>'Explain rule']
169	*
170	* @return array
171	*/
172	private function get_rules() {
173	return [
174	['regexp'=>'/./', 'min'=>$this->policy['pwd_min_chars'], 'max'=>$this->policy['pwd_max_chars'],
175	'msg'=>"al menos ".$this->policy['pwd_min_chars']." y máximo ".$this->policy['pwd_max_chars']." caracteres"],
176
177	['regexp'=>'/\\d/', 'min'=>$this->policy['pwd_min_digitos'],
178	'msg'=>"al menos ".$this->policy['pwd_min_digitos']." número"],
179
180	['regexp'=>'/[a-z]/', 'min'=>$this->policy['pwd_min_minusculas'],
181	'msg'=>"al menos ".$this->policy['pwd_min_minusculas']." minúscula"],
182
183	['regexp'=>'/[A-Z]/', 'min'=>$this->policy['pwd_min_mayusculas'],
184	'msg'=>"al menos ".$this->policy['pwd_min_mayusculas']." mayúscula"],
185
186	['regexp'=>'/[^a-zA-Z\\d\\s]/', 'min'=>$this->policy['pwd_min_simbolos'],
187	'msg'=>"al menos ".$this->policy['pwd_min_simbolos']." symbolo (! \" \' . , ; : ? = # $ % / ( ) - _ { } [ ] * + )"],
188
189	['regexp' => '/([a-zA-Z0-9])\1{'.($this->policy['pwd_max_sequenciales'] - 1).",}/", 'existe'=>true,
190	'msg'=>"máximo caracteres ".$this->policy['pwd_max_sequenciales']." iguales seguidos"],
191	];
192	}
193
194	/ Hash password /
195	/**
196	* Hash the password
197	*
198	* @param string $password
199	* @return string
200	*/
201	public function passwordHash($password) {
202	return password_hash($password, $this->algorithm, $this->options);
203	}
204
205	/**
206	* Check password matches hash
207	*
208	* @param string $password
209	* @param string $hash
210	* @return bool
211	*/
212	public function passwordVerify($password, $hash) {
213	return password_verify($password, $hash);
214	}
215
216	/**
217	* Rehash the pasword's hash, for example on cost, algorithm change
218	*
219	* @param string $hash
220	* @return string
221	*/
222	public function passwordNeedsRehash($hash) {
223	return password_needs_rehash($hash , $this->algorithm, $this->options);
224	}
225
226	/**
227	* Recomend best cost for time target in seconds
228	*
229	* @param float $timeTarget (seconds)
230	* @return int recomended password cost
231	*/
232	public function costRecomended($timeTarget = 0.1) {
233	$cost = 8;
234	do {
235	$cost++;
236	$start = microtime(true);
237	password_hash("test", $this->algorithm, ["cost" => $cost]);
238	$end = microtime(true);
239	} while (($end - $start) < $timeTarget);
240	return $cost;
241	}
242
243
244
245
246
247	}