Re: Efficient way to verify scalar contents (updated x3)

in reply to Efficient way to verify scalar contents

See also How to ask better questions using Test::More and sample data. You can do it all in a single regex, see perlretut (and perlre) in regards to alternations, character classes, and lookaheads. However, perhaps my test cases below will give a hint that these password rules aren't necessarily good indicators of password quality; perhaps use one of the other established methods like Data::Password::zxcvbn instead. If this happens to be for a website, note there's also a JavaScript version of the "zxcvbn" algorithm that allows you to give live feedback to the user when and why a password isn't good, so they can know while choosing one; of course it should still be verified on the server in case they have JS disabled.

Update: Note that given/when are unforunately still experimental, in this case I'd suggest normal ifs instead.

Update 2: The talk on the library is great: https://youtu.be/vf37jh3dV2I (even just the first five minutes on the issues)

Update 3: A slightly optimized version of the regex below, that turns out to be pretty fast:

my $pw_re = qr{ \A (?: .{20,} | (?=.*[a-z]) (?=.*[A-Z])
        (?: .{16,19} | (?=.*[0-9]) (?: .{12,15}
            | (?=.*[\x21-\x2F\x3A-\x40\x5B-\x60\x7B-\x7E]) .{8,11}
    ) ) ) \z }msx;
[download]

Original code:

use warnings;
use strict;

my $pw_re =
    qr{ \A (?:
          .{20,}
        | (?=.*[a-z]) (?=.*[A-Z])
          .{16,19}
        | (?=.*[a-z]) (?=.*[A-Z]) (?=.*[0-9])
          .{12,15}
        | (?=.*[a-z]) (?=.*[A-Z]) (?=.*[0-9])
          (?=.*[\x21-\x2F\x3A-\x40\x5B-\x60\x7B-\x7E])
          .{8,11}
    ) \z }msx;

use Test::More;
unlike '', $pw_re;
unlike 'aA0-', $pw_re;
unlike 'aA0-aA0', $pw_re;
  like 'aA0-aA0-', $pw_re;
  like 'aaaaaA0-', $pw_re;
  like 'aaaaaaaaA0-', $pw_re;
unlike 'aaaaaaaaa0-', $pw_re;
unlike 'aaaaaaaaAA-', $pw_re;
unlike 'AAAAAAAAA0-', $pw_re;
unlike 'aaaaaaaaA00', $pw_re;
  like 'aaaaaaaaaaA0', $pw_re;
  like 'aaaaaaaaa-A0', $pw_re;
  like 'aaaaaaaaaaaaaA0', $pw_re;
unlike 'aaaaaaaaaaaaaaA', $pw_re;
unlike 'aaaaaaaaaaaaaa0', $pw_re;
unlike 'AAAAAAAAAAAAAA0', $pw_re;
unlike 'aaaaaaaaaaaaa-A', $pw_re;
unlike 'aaaaaaaaaaaaa-0', $pw_re;
  like 'aaaaaaaaaaaaaaaA', $pw_re;
  like 'aaaaaaaaaaaaaa0A', $pw_re;
  like 'aaaaaaaaaaaaa-0A', $pw_re;
  like 'aaaaaaaaaaaaaaaaaaA', $pw_re;
unlike 'aaaaaaaaaaaaaaaaaaa', $pw_re;
unlike 'AAAAAAAAAAAAAAAAAAA', $pw_re;
unlike 'aaaaaaaaaaaaaaaaaa0', $pw_re;
unlike 'aaaaaaaaaaaaaaaaaa-', $pw_re;
  like 'aaaaaaaaaaaaaaaaaaaa', $pw_re;
  like 'aaaaaaaaaaaaaaaaaA0-', $pw_re;
  like 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', $pw_re;
done_testing;
[download]

Comment on Re: Efficient way to verify scalar contents (updated x3) Select or Download Code

Replies are listed 'Best First'.
Re^2: Efficient way to verify scalar contents (updated x3) by ikegami (Patriarch) on Jun 23, 2020 at 18:28 UTC
Note that given/when are unforunately still experimental That's a good thing. Their design is broken. The only reason they haven't been removed is that too many people are using them despite that problems with them X_X.	[reply]
Re^3: Efficient way to verify scalar contents (updated x3) by ikegami (Patriarch) on Jun 23, 2020 at 18:35 UTC
Correction, smart-matching is the one with the broken design. I think given/when's only problem is that they sometimes use smart-matching. But without smart-matching, there's not much point to given/when. For example, the OP would avoid given/when by making nothing but the following changes: given ⇒ for first when ⇒ if other when ⇒ elsif default ⇒ else	[reply]
Re^4: Efficient way to verify scalar contents (updated x3) by Anonymous Monk on Jun 23, 2020 at 19:29 UTC
'given' has a return value, 'for' doesnt	[reply]

In Section Seekers of Perl Wisdom