devise-pwned_password 0.1.4 → 0.1.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/devise/pwned_password/model.rb +10 -27
- data/lib/devise/pwned_password/version.rb +1 -1
- metadata +22 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: a5cc8c72047671f8be965dcc4e94322e9292fbcc
|
|
4
|
+
data.tar.gz: 4ae9d2cd36c87f8fd9ab2f344fcd17bc7045828a
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9114747a1908818faa62153ba123eed62dfdbc9b013934b921558ce9ed529d5a2e998fdced6d5622d3b60926b7745bbac7c3c38b11902c5379a4e03a63c0fc36
|
|
7
|
+
data.tar.gz: 11fcd7b49313b6688ca3da6c73a51ffe2fc8a5e87115ad70f894e63c11684b7c029ddd6a022f593b02efa2f8e8e51e62f3ad0d8ddf5fe935653bfc47c6722274
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require "
|
|
3
|
+
require "pwned"
|
|
4
4
|
require "devise/pwned_password/hooks/pwned_password"
|
|
5
5
|
|
|
6
6
|
module Devise
|
|
@@ -31,22 +31,16 @@ module Devise
|
|
|
31
31
|
# Implement retry behaviour described here https://haveibeenpwned.com/API/v2#RateLimiting
|
|
32
32
|
def password_pwned?(password)
|
|
33
33
|
@pwned = false
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
34
|
+
options = {
|
|
35
|
+
"User-Agent" => "devise_pwned_password",
|
|
36
|
+
read_timeout: self.class.pwned_password_read_timeout,
|
|
37
|
+
open_timeout: self.class.pwned_password_open_timeout
|
|
38
|
+
}
|
|
39
|
+
pwned_password = Pwned::Password.new(password.to_s, options)
|
|
41
40
|
begin
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
return false unless response.is_a?(Net::HTTPSuccess)
|
|
46
|
-
@pwned = usage_count(response.read_body, suffix) >= self.class.min_password_matches
|
|
47
|
-
return @pwned
|
|
48
|
-
end
|
|
49
|
-
rescue StandardError
|
|
41
|
+
@pwned = pwned_password.pwned_count >= self.class.min_password_matches
|
|
42
|
+
return @pwned
|
|
43
|
+
rescue Pwned::Error
|
|
50
44
|
return false
|
|
51
45
|
end
|
|
52
46
|
|
|
@@ -55,17 +49,6 @@ module Devise
|
|
|
55
49
|
|
|
56
50
|
private
|
|
57
51
|
|
|
58
|
-
def usage_count(response, suffix)
|
|
59
|
-
count = 0
|
|
60
|
-
response.each_line do |line|
|
|
61
|
-
if line.start_with? suffix
|
|
62
|
-
count = line.strip.split(":").last.to_i
|
|
63
|
-
break
|
|
64
|
-
end
|
|
65
|
-
end
|
|
66
|
-
count
|
|
67
|
-
end
|
|
68
|
-
|
|
69
52
|
def not_pwned_password
|
|
70
53
|
# This deliberately fails silently on 500's etc. Most apps wont want to tie the ability to sign up customers to the availability of a third party API
|
|
71
54
|
if password_pwned?(password)
|
metadata
CHANGED
|
@@ -1,43 +1,57 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: devise-pwned_password
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Michael Banfield
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-03-
|
|
11
|
+
date: 2018-03-25 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
|
-
name:
|
|
14
|
+
name: devise
|
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
|
16
16
|
requirements:
|
|
17
17
|
- - "~>"
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: '4'
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: '4'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
|
-
name:
|
|
28
|
+
name: pwned
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version:
|
|
33
|
+
version: 1.2.1
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version:
|
|
40
|
+
version: 1.2.1
|
|
41
|
+
- !ruby/object:Gem::Dependency
|
|
42
|
+
name: rails
|
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
|
44
|
+
requirements:
|
|
45
|
+
- - "~>"
|
|
46
|
+
- !ruby/object:Gem::Version
|
|
47
|
+
version: 5.1.2
|
|
48
|
+
type: :development
|
|
49
|
+
prerelease: false
|
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
51
|
+
requirements:
|
|
52
|
+
- - "~>"
|
|
53
|
+
- !ruby/object:Gem::Version
|
|
54
|
+
version: 5.1.2
|
|
41
55
|
- !ruby/object:Gem::Dependency
|
|
42
56
|
name: sqlite3
|
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|