From 9ebd6776ae92cb8047fd62c8a3048eb39eb3adb0 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sun, 9 Sep 2018 13:30:00 +0100
Subject: [PATCH 01/11] add password and username limit

---
 app/assets/javascripts/password_strength.js | 6 ++++--
 lib/password_strength/base.rb               | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/app/assets/javascripts/password_strength.js b/app/assets/javascripts/password_strength.js
index 5415e6f..94ea96a 100644
--- a/app/assets/javascripts/password_strength.js
+++ b/app/assets/javascripts/password_strength.js
@@ -3,6 +3,8 @@
   var MULTIPLE_SYMBOLS_RE = /[!@#$%^&*?_~].*?[!@#$%^&*?_~]/;
   var UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/;
   var SYMBOL_RE = /[!@#\$%^&*?_~]/;
+  var PASSWORD_LIMIT = 3000;
+  var USERNAME_LIMIT = 100000;
 
   function escapeForRegexp(string) {
     return (string || "").replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");
@@ -276,8 +278,8 @@
 
   PasswordStrength.test = function(username, password) {
     var strength = new PasswordStrength();
-    strength.username = username;
-    strength.password = password;
+    strength.username = username.substr(0, USERNAME_LIMIT);
+    strength.password = password.substr(0, PASSWORD_LIMIT);
     strength.test();
     return strength;
   };
diff --git a/lib/password_strength/base.rb b/lib/password_strength/base.rb
index b6f42be..5bf75ac 100644
--- a/lib/password_strength/base.rb
+++ b/lib/password_strength/base.rb
@@ -4,6 +4,8 @@ class Base
     MULTIPLE_SYMBOLS_RE = /[!@#\$%^&*?_~-].*?[!@#\$%^&*?_~-]/
     SYMBOL_RE = /[!@#\$%^&*?_~-]/
     UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/
+    PASSWORD_LIMIT = 3_000
+    USERNAME_LIMIT = 100_000
     INVALID = :invalid
     WEAK = :weak
     STRONG = :strong
@@ -61,8 +63,8 @@ def self.common_words
     end
 
     def initialize(username, password, options = {})
-      @username = username.to_s
-      @password = password.to_s
+      @username = username.to_s[0...USERNAME_LIMIT]
+      @password = password.to_s[0...PASSWORD_LIMIT]
       @score = 0
       @exclude = options[:exclude]
       @record = options[:record]

From 9ea2bcb5fc1142d9ae9c964ce7540da30cf3b9a2 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sun, 9 Sep 2018 13:38:49 +0100
Subject: [PATCH 02/11] bump version

---
 lib/password_strength/version.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/password_strength/version.rb b/lib/password_strength/version.rb
index de33b06..1f58d0f 100644
--- a/lib/password_strength/version.rb
+++ b/lib/password_strength/version.rb
@@ -2,7 +2,7 @@ module PasswordStrength
   module Version # :nodoc: all
     MAJOR = 1
     MINOR = 1
-    PATCH = 4
+    PATCH = 5
     STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
   end
 end

From edc480ee916fbb9fca4fc155125e870a76b1bf9d Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sat, 29 Sep 2018 14:41:35 +0100
Subject: [PATCH 03/11] add password/username limit + test

---
 lib/password_strength/base.rb  | 4 ++--
 test/password_strength_test.rb | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/lib/password_strength/base.rb b/lib/password_strength/base.rb
index 5bf75ac..70a7fd0 100644
--- a/lib/password_strength/base.rb
+++ b/lib/password_strength/base.rb
@@ -4,8 +4,8 @@ class Base
     MULTIPLE_SYMBOLS_RE = /[!@#\$%^&*?_~-].*?[!@#\$%^&*?_~-]/
     SYMBOL_RE = /[!@#\$%^&*?_~-]/
     UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/
-    PASSWORD_LIMIT = 3_000
-    USERNAME_LIMIT = 100_000
+    PASSWORD_LIMIT = 1_000
+    USERNAME_LIMIT = 50_000
     INVALID = :invalid
     WEAK = :weak
     STRONG = :strong
diff --git a/test/password_strength_test.rb b/test/password_strength_test.rb
index a0fe649..23c706d 100644
--- a/test/password_strength_test.rb
+++ b/test/password_strength_test.rb
@@ -237,6 +237,14 @@ def test_reject_long_passwords_using_same_character
     refute @strength.valid?
   end
 
+  def test_long_passwords_the_same_as_truncated
+    PasswordStrength::Base.send(:remove_const, :PASSWORD_LIMIT)
+    PasswordStrength::Base.const_set(:PASSWORD_LIMIT, 20)
+    @strength_20 = PasswordStrength.test("johndoe", "ab"*10)
+    @strength_200 = PasswordStrength.test("johndoe", "ab"*100)
+    assert @strength == @strength
+  end
+
   def test_exclude_option_as_regular_expression
     @strength = PasswordStrength.test("johndoe", "^Str0ng P4ssw0rd$", :exclude => /\s/)
     assert_equal :invalid, @strength.status

From 39c285ab320b2d77f87388ae3974a377cb17be1b Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sat, 29 Sep 2018 14:42:09 +0100
Subject: [PATCH 04/11] remove unnecessary $BREAKPOINT variable

---
 test/password_strength_test.rb | 2 --
 1 file changed, 2 deletions(-)

diff --git a/test/password_strength_test.rb b/test/password_strength_test.rb
index 23c706d..75d3d43 100644
--- a/test/password_strength_test.rb
+++ b/test/password_strength_test.rb
@@ -264,12 +264,10 @@ def test_loads_common_words
   end
 
   def test_reject_common_words
-    $BREAKPOINT = true
     password = PasswordStrength::Base.common_words.first
     @strength = PasswordStrength.test("johndoe", password)
     assert @strength.invalid?, "#{password} must be invalid"
     refute @strength.valid?
     assert_equal :invalid, @strength.status
-    $BREAKPOINT = false
   end
 end

From a83c6e01d1a9e7fccae54dd8fd34a4dcde4bb6bd Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sat, 29 Sep 2018 14:43:23 +0100
Subject: [PATCH 05/11] add password/username limit + test for JS

---
 app/assets/javascripts/password_strength.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/assets/javascripts/password_strength.js b/app/assets/javascripts/password_strength.js
index 94ea96a..a6615e9 100644
--- a/app/assets/javascripts/password_strength.js
+++ b/app/assets/javascripts/password_strength.js
@@ -3,8 +3,8 @@
   var MULTIPLE_SYMBOLS_RE = /[!@#$%^&*?_~].*?[!@#$%^&*?_~]/;
   var UPPERCASE_LOWERCASE_RE = /([a-z].*[A-Z])|([A-Z].*[a-z])/;
   var SYMBOL_RE = /[!@#\$%^&*?_~]/;
-  var PASSWORD_LIMIT = 3000;
-  var USERNAME_LIMIT = 100000;
+  var PASSWORD_LIMIT = 1000;
+  var USERNAME_LIMIT = 50000;
 
   function escapeForRegexp(string) {
     return (string || "").replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&");

From aa55e6b34f9f27ac463a16647723012bfb4a3ed6 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sun, 30 Sep 2018 18:30:26 +0100
Subject: [PATCH 06/11] update tests for truncating passwords & usernames

---
 test/password_strength_test.rb | 40 +++++++++++++++++++++++++++-------
 1 file changed, 32 insertions(+), 8 deletions(-)

diff --git a/test/password_strength_test.rb b/test/password_strength_test.rb
index 75d3d43..c34fd53 100644
--- a/test/password_strength_test.rb
+++ b/test/password_strength_test.rb
@@ -3,6 +3,13 @@
 class TestPasswordStrength < Minitest::Test
   def setup
     @strength = PasswordStrength::Base.new("johndoe", "mypass")
+    @password_limit = PasswordStrength::Base.const_get(:PASSWORD_LIMIT)
+    @username_limit = PasswordStrength::Base.const_get(:USERNAME_LIMIT)
+  end
+
+  def teardown
+    set_const(:PASSWORD_LIMIT, @password_limit)
+    set_const(:USERNAME_LIMIT, @username_limit)
   end
 
   def test_shortcut
@@ -237,14 +244,6 @@ def test_reject_long_passwords_using_same_character
     refute @strength.valid?
   end
 
-  def test_long_passwords_the_same_as_truncated
-    PasswordStrength::Base.send(:remove_const, :PASSWORD_LIMIT)
-    PasswordStrength::Base.const_set(:PASSWORD_LIMIT, 20)
-    @strength_20 = PasswordStrength.test("johndoe", "ab"*10)
-    @strength_200 = PasswordStrength.test("johndoe", "ab"*100)
-    assert @strength == @strength
-  end
-
   def test_exclude_option_as_regular_expression
     @strength = PasswordStrength.test("johndoe", "^Str0ng P4ssw0rd$", :exclude => /\s/)
     assert_equal :invalid, @strength.status
@@ -270,4 +269,29 @@ def test_reject_common_words
     refute @strength.valid?
     assert_equal :invalid, @strength.status
   end
+
+  def test_long_passwords_same_as_truncated
+    set_const(:PASSWORD_LIMIT, 20)
+    strength_20 = PasswordStrength.test("johndoe", "ab"*10)
+    strength_200 = PasswordStrength.test("johndoe", "ab"*100)
+    assert strength_20.score == strength_200.score
+    assert strength_20.password == strength_200.password
+    assert strength_20.username == strength_200.username
+    assert strength_20.status == strength_200.status
+  end
+
+  def test_long_usernames_same_as_truncatedd
+    set_const(:USERNAME_LIMIT, 20)
+    strength_20 = PasswordStrength.test("ab"*10, "^Str0ng P4ssw0rd$")
+    strength_200 = PasswordStrength.test("ab"*100, "^Str0ng P4ssw0rd$")
+    assert strength_20.score == strength_200.score
+    assert strength_20.password == strength_200.password
+    assert strength_20.username == strength_200.username
+    assert strength_20.status == strength_200.status
+  end
+
+  def set_const(const, value)
+    PasswordStrength::Base.send(:remove_const, const)
+    PasswordStrength::Base.const_set(const, value)
+  end
 end

From 52d963a9a7d40d8226c7460fdfa32cf1cedee458 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sun, 30 Sep 2018 18:54:30 +0100
Subject: [PATCH 07/11] update JS for long passwords/usernames tests

---
 app/assets/javascripts/password_strength.js |  8 ++++++--
 package-lock.json                           | 20 ++++++++++++++++++++
 test/password_strength_test.js              | 16 ++++++++++++++--
 3 files changed, 40 insertions(+), 4 deletions(-)
 create mode 100644 package-lock.json

diff --git a/app/assets/javascripts/password_strength.js b/app/assets/javascripts/password_strength.js
index a6615e9..d7f74c9 100644
--- a/app/assets/javascripts/password_strength.js
+++ b/app/assets/javascripts/password_strength.js
@@ -22,6 +22,10 @@
   PasswordStrength.fn.test = function() {
     var score;
     this.score = score = 0;
+    if (this.username)
+      this.username = this.username.substr(0, USERNAME_LIMIT);
+    if (this.password)
+      this.password = this.password.substr(0, PASSWORD_LIMIT);
 
     if (this.containInvalidMatches()) {
       this.status = "invalid";
@@ -278,8 +282,8 @@
 
   PasswordStrength.test = function(username, password) {
     var strength = new PasswordStrength();
-    strength.username = username.substr(0, USERNAME_LIMIT);
-    strength.password = password.substr(0, PASSWORD_LIMIT);
+    strength.username = username;
+    strength.password = password;
     strength.test();
     return strength;
   };
diff --git a/package-lock.json b/package-lock.json
new file mode 100644
index 0000000..3eff937
--- /dev/null
+++ b/package-lock.json
@@ -0,0 +1,20 @@
+{
+  "name": "@fnando/password_strength",
+  "version": "1.1.4",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "jquery": {
+      "version": "2.2.4",
+      "resolved": "https://registry.npmjs.org/jquery/-/jquery-2.2.4.tgz",
+      "integrity": "sha1-LInWiJterFIqfuoywUUhVZxsvwI=",
+      "dev": true
+    },
+    "qunitjs": {
+      "version": "1.23.1",
+      "resolved": "https://registry.npmjs.org/qunitjs/-/qunitjs-1.23.1.tgz",
+      "integrity": "sha1-GXHPl6yb4Bpk0jFVCNLkjm/U5xk=",
+      "dev": true
+    }
+  }
+}
diff --git a/test/password_strength_test.js b/test/password_strength_test.js
index 9ec4917..272b8f7 100644
--- a/test/password_strength_test.js
+++ b/test/password_strength_test.js
@@ -79,6 +79,20 @@ QUnit.test("test strong password", function(assert) {
   assert.equal(strength.status, "strong");
 });
 
+QUnit.test("test truncate long password", function(assert) {
+  strength.password = "a".repeat(5000);
+  assert.equal(strength.password.length, 5000);
+  strength.test();
+  assert.equal(strength.password.length, 1000);
+});
+
+QUnit.test("test truncate long username", function(assert) {
+  strength.username = "a".repeat(100000);
+  assert.equal(strength.username.length, 100000);
+  strength.test();
+  assert.equal(strength.username.length, 50000);
+});
+
 QUnit.test("test weak password", function(assert) {
   strength.password = "ytrewq";
   strength.test()
@@ -251,8 +265,6 @@ QUnit.test("reject long passwords using same character", function(assert) {
     strength.password = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
     strength.test();
     assert.equal(strength.status, "invalid");
-    // assert @strength.invalid?
-    // refute @strength.valid?
 });
 
 QUnit.module("PasswordStrength: jQuery integration", {

From b8114737d7387696062f2d84eb1a12b4820399cf Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Sun, 30 Sep 2018 18:55:27 +0100
Subject: [PATCH 08/11] remove package-lock.json

---
 package-lock.json | 20 --------------------
 1 file changed, 20 deletions(-)
 delete mode 100644 package-lock.json

diff --git a/package-lock.json b/package-lock.json
deleted file mode 100644
index 3eff937..0000000
--- a/package-lock.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "name": "@fnando/password_strength",
-  "version": "1.1.4",
-  "lockfileVersion": 1,
-  "requires": true,
-  "dependencies": {
-    "jquery": {
-      "version": "2.2.4",
-      "resolved": "https://registry.npmjs.org/jquery/-/jquery-2.2.4.tgz",
-      "integrity": "sha1-LInWiJterFIqfuoywUUhVZxsvwI=",
-      "dev": true
-    },
-    "qunitjs": {
-      "version": "1.23.1",
-      "resolved": "https://registry.npmjs.org/qunitjs/-/qunitjs-1.23.1.tgz",
-      "integrity": "sha1-GXHPl6yb4Bpk0jFVCNLkjm/U5xk=",
-      "dev": true
-    }
-  }
-}

From 1885a9b1ce79c90855fd93e2d6444a7ddfcbb139 Mon Sep 17 00:00:00 2001
From: Nando Vieira <me@fnando.com>
Date: Fri, 19 Oct 2018 17:22:13 -0700
Subject: [PATCH 09/11] Delete version.rb

---
 lib/password_strength/version.rb | 8 --------
 1 file changed, 8 deletions(-)
 delete mode 100644 lib/password_strength/version.rb

diff --git a/lib/password_strength/version.rb b/lib/password_strength/version.rb
deleted file mode 100644
index 1f58d0f..0000000
--- a/lib/password_strength/version.rb
+++ /dev/null
@@ -1,8 +0,0 @@
-module PasswordStrength
-  module Version # :nodoc: all
-    MAJOR = 1
-    MINOR = 1
-    PATCH = 5
-    STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
-  end
-end

From 5ca9ba6e9cacfb6d70b147219349bb8f2d61ce77 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Mon, 22 Oct 2018 22:16:37 +0100
Subject: [PATCH 10/11] add version.rb back

---
 lib/password_strength/version.rb | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 lib/password_strength/version.rb

diff --git a/lib/password_strength/version.rb b/lib/password_strength/version.rb
new file mode 100644
index 0000000..9d6c0f7
--- /dev/null
+++ b/lib/password_strength/version.rb
@@ -0,0 +1,8 @@
+module PasswordStrength 
+  module Version # :nodoc: all  
+    MAJOR = 1 
+    MINOR = 1 
+    PATCH = 5 
+    STRING = "#{MAJOR}.#{MINOR}.#{PATCH}" 
+  end 
+end

From 3755b27b8f124c24395ac46e60bf766d84b971a3 Mon Sep 17 00:00:00 2001
From: Cian McElhinney <cianmce@gmail.com>
Date: Mon, 22 Oct 2018 22:17:19 +0100
Subject: [PATCH 11/11] add version.rb back

---
 lib/password_strength/version.rb | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/lib/password_strength/version.rb b/lib/password_strength/version.rb
index 9d6c0f7..1f58d0f 100644
--- a/lib/password_strength/version.rb
+++ b/lib/password_strength/version.rb
@@ -1,8 +1,8 @@
-module PasswordStrength 
-  module Version # :nodoc: all  
-    MAJOR = 1 
-    MINOR = 1 
-    PATCH = 5 
-    STRING = "#{MAJOR}.#{MINOR}.#{PATCH}" 
-  end 
+module PasswordStrength
+  module Version # :nodoc: all
+    MAJOR = 1
+    MINOR = 1
+    PATCH = 5
+    STRING = "#{MAJOR}.#{MINOR}.#{PATCH}"
+  end
 end