Validating Passwords (#26)

* Add module for validating password

* Change the structure of PasswordPolicy

* Add maximum password length policy

* Add test for valid password

* Add test for validating invalid password

* Add haddock comments

* Move Arbitrary instances to test module

* Rename PasswordPolicy field, valid

* Use RecordWildCards, add backlash as special character

* Add test for defaultCharacterSet

* Remove charSet field from PasswordPolicy, introduce CharSetPredicate

* Apply changes based upon the comments

* Add function validateCharSetPredicate, introduce more test cases

* Remove maybe, edit haddock comments

* Introduce InvalidPolicyReason

* Some code adjustments. DRY-er and 'ValidationResult' hopefully makes for a nicer API

* Added @SInCE footers and made some tweaks to comments/documentation

* small fix

* adjusted tests for new structure and added some unit tests

* makes sure the tests also compile

* some comment adjustments

* added charSetPredicate to PasswordPolicy

* use type synonyms for the Invalid*Reasons and a few documentation tweaks

* Added 'ValidPasswordPolicy' type to mark an already checked PasswordPolicy

* exports and comments adjustments

* fixed tests to work with new way of validating policies

* added 2.1.0.0 entry to ChangeLog.md

* some more comment adjustments

* upped version in 'password.cabal'

* changed 'unValidatePasswordPolicy' to 'fromValidPasswordPolicy' and added Ord instance and documentation to 'ValidPasswordPolicy

* added enough documentation for a new user to get an idea in how to use this API

* added hie.yaml and linted a bit with HLS

* thought of a different way a policy can be invalid (CategoryAmountsAboveMaxLength)

* added 'testPolicy' for a TH consistency check

* added 'validatePasswordPolicyTH' to get 'ValidPasswordPolicy's at compile time, with a caveat (can't set 'charSetPredicate')

* added 'CategoryAmountAboveMaxLength' to tests and added TemplateHaskell tests to guarantee consistency

* update ALL the documentation (and export allButCSP for tests)

* added an extra regression test to make sure testPolicy isn't compromised

* updated Changelog to indicate I worked on this too

Co-authored-by: Hiroto Shioi <[email protected]>

.gitignore

@@ -20,3 +20,4 @@ cabal.project.local
 cabal.project.local~
 .HTF/
 .ghc.environment.*
+.stylish-haskell.yaml

hie.yaml

@@ -0,0 +1,14 @@
+cradle:
+    stack:
+        - path: "./password/src"
+          component: "password:lib"
+        - path: "./password/test/doctest"
+          component: "password:test:doctests"
+        - path: "./password/test/tasty"
+          component: "password:test:password-tasty"
+        - path: "./password-instances/src"
+          component: "password-instances:lib"
+        - path: "./password-instances/test/doctest"
+          component: "password-instances:test:doctests"
+        - path: "./password-instances/test/tasty"
+          component: "password-instances:test:password-instances-tasty"

password/ChangeLog.md

@@ -1,18 +1,28 @@
 # Changelog for password
 
+## 2.1.0.0
+
+-   A new `Validate` module has been added to dictate policies that passwords
+    should adhere to and the necessary API to verify that they do.
+    [#26](https://github.com/cdepillabout/password/pull/26)
+    Huge thanks to [@HirotoShioi](https://github.com/HirotoShioi) for picking
+    up the task of adding this functionality and doing most of the groundwork.
+    [#27](https://github.com/cdepillabout/password/pull/27)
+    Thanks to Felix Paulusma ([@Vlix](https://github.com/Vlix)) for finishing
+    up the API and documentation.
+
 ## 2.0.1.1
 
--   Fixed cross-module links in the haddocks
-    [#19](https://github.com/cdepillabout/password/pull/19).  Thanks to
+-   Fixed cross-module links in the haddocks.
+    [#19](https://github.com/cdepillabout/password/pull/19) Thanks to
     [@TristanCacqueray](https://github.com/TristanCacqueray) for fixing this.
 
 ## 2.0.1.0
 
 -   Switched checking hashes to using `Data.ByteArray.constEq`, instead of
     the default `(==)` method of `ByteString`. This is to make it more secure
     against timing attacks. [#16](https://github.com/cdepillabout/password/pull/16)
-    Thanks to maralorn ([@maralorn](https://github.com/maralorn)) for bringing
-    this up.
+    Thanks to [@maralorn](https://github.com/maralorn) for bringing this up.
 
 ## 2.0.0.1
 

password/password.cabal

@@ -1,7 +1,7 @@
 cabal-version: 1.12
 
 name:           password
-version:        2.0.1.1
+version:        2.1.0.0
 category:       Data
 synopsis:       Hashing and checking of passwords
 description:    A library providing functionality for working with plain-text and hashed passwords with different types of algorithms.
@@ -36,6 +36,7 @@ library
       Data.Password.Bcrypt
       Data.Password.PBKDF2
       Data.Password.Scrypt
+      Data.Password.Validate
   other-modules:
       Paths_password
       Data.Password.Internal
@@ -45,6 +46,7 @@ library
     , bytestring  >= 0.10.8.1 && < 0.11
     , cryptonite  >= 0.15.1   && < 0.28
     , memory      >= 0.14     && < 0.16
+    , template-haskell
     , text        >= 1.2.2    && < 1.3
   ghc-options:
       -Wall
@@ -84,6 +86,8 @@ test-suite password-tasty
     , Internal
     , PBKDF2
     , Scrypt
+    , TestPolicy
+    , Validate
     , Paths_password
   ghc-options:
       -threaded -O2 -rtsopts -with-rtsopts=-N
@@ -96,6 +100,7 @@ test-suite password-tasty
     , quickcheck-instances
     , scrypt
     , tasty
+    , tasty-hunit
     , tasty-quickcheck
     , text
   default-language:

password/src/Data/Password/Internal.hs

@@ -141,4 +141,3 @@ readT = readMaybe . T.unpack
 showT :: forall a. Show a => a -> Text
 showT = T.pack . show
 {-# INLINE showT #-}
-