devise-pwned_password 0.1.4 → 0.1.5

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/devise/pwned_password/model.rb +10 -27
  3. data/lib/devise/pwned_password/version.rb +1 -1
  4. metadata +22 -8
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9034d6a6d49339f92023d27ef40b8633a2332ded
4
- data.tar.gz: 1e429adc52ffb2aff28985d9a1636aec657b686a
3
+ metadata.gz: a5cc8c72047671f8be965dcc4e94322e9292fbcc
4
+ data.tar.gz: 4ae9d2cd36c87f8fd9ab2f344fcd17bc7045828a
5
5
  SHA512:
6
- metadata.gz: 75aede6ba1404dc2065db2d404467071d1d00397da09ad141f760edb8d74617e750d8707e287ab2ebf088bb85cc1038acb36c7b6099c5dc73bc8372ebb66b067
7
- data.tar.gz: 0ca55ec7326ed19bde60f5bc4d5cc55ffaf09b68a65a7162372078641668f743134b1267940e5ecfe5a5263cbb3b39078f93a3a0b9fa912b4fee6dca8bceb4fc
6
+ metadata.gz: 9114747a1908818faa62153ba123eed62dfdbc9b013934b921558ce9ed529d5a2e998fdced6d5622d3b60926b7745bbac7c3c38b11902c5379a4e03a63c0fc36
7
+ data.tar.gz: 11fcd7b49313b6688ca3da6c73a51ffe2fc8a5e87115ad70f894e63c11684b7c029ddd6a022f593b02efa2f8e8e51e62f3ad0d8ddf5fe935653bfc47c6722274
data/lib/devise/pwned_password/model.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require "net/http"
3
+ require "pwned"
4
4
  require "devise/pwned_password/hooks/pwned_password"
5
5
 
6
6
  module Devise
@@ -31,22 +31,16 @@ module Devise
31
31
  # Implement retry behaviour described here https://haveibeenpwned.com/API/v2#RateLimiting
32
32
  def password_pwned?(password)
33
33
  @pwned = false
34
- hash = Digest::SHA1.hexdigest(password.to_s).upcase
35
- prefix, suffix = hash.slice!(0..4), hash
36
-
37
- userAgent = "devise_pwned_password"
38
-
39
- uri = URI.parse("https://api.pwnedpasswords.com/range/#{prefix}")
40
-
34
+ options = {
35
+ "User-Agent" => "devise_pwned_password",
36
+ read_timeout: self.class.pwned_password_read_timeout,
37
+ open_timeout: self.class.pwned_password_open_timeout
38
+ }
39
+ pwned_password = Pwned::Password.new(password.to_s, options)
41
40
  begin
42
- Net::HTTP.start(uri.host, uri.port, use_ssl: true, open_timeout: self.class.pwned_password_open_timeout, read_timeout: self.class.pwned_password_read_timeout) do |http|
43
- request = Net::HTTP::Get.new(uri.request_uri, "User-Agent" => userAgent)
44
- response = http.request request
45
- return false unless response.is_a?(Net::HTTPSuccess)
46
- @pwned = usage_count(response.read_body, suffix) >= self.class.min_password_matches
47
- return @pwned
48
- end
49
- rescue StandardError
41
+ @pwned = pwned_password.pwned_count >= self.class.min_password_matches
42
+ return @pwned
43
+ rescue Pwned::Error
50
44
  return false
51
45
  end
52
46
 
@@ -55,17 +49,6 @@ module Devise
55
49
 
56
50
  private
57
51
 
58
- def usage_count(response, suffix)
59
- count = 0
60
- response.each_line do |line|
61
- if line.start_with? suffix
62
- count = line.strip.split(":").last.to_i
63
- break
64
- end
65
- end
66
- count
67
- end
68
-
69
52
  def not_pwned_password
70
53
  # This deliberately fails silently on 500's etc. Most apps wont want to tie the ability to sign up customers to the availability of a third party API
71
54
  if password_pwned?(password)
data/lib/devise/pwned_password/version.rb CHANGED
@@ -2,6 +2,6 @@
2
2
 
3
3
  module Devise
4
4
  module PwnedPassword
5
- VERSION = "0.1.4"
5
+ VERSION = "0.1.5"
6
6
  end
7
7
  end
metadata CHANGED
@@ -1,43 +1,57 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: devise-pwned_password
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.4
4
+ version: 0.1.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Michael Banfield
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-03-12 00:00:00.000000000 Z
11
+ date: 2018-03-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- name: rails
14
+ name: devise
15
15
  requirement: !ruby/object:Gem::Requirement
16
16
  requirements:
17
17
  - - "~>"
18
18
  - !ruby/object:Gem::Version
19
- version: 5.1.2
19
+ version: '4'
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: 5.1.2
26
+ version: '4'
27
27
  - !ruby/object:Gem::Dependency
28
- name: devise
28
+ name: pwned
29
29
  requirement: !ruby/object:Gem::Requirement
30
30
  requirements:
31
31
  - - "~>"
32
32
  - !ruby/object:Gem::Version
33
- version: '4'
33
+ version: 1.2.1
34
34
  type: :runtime
35
35
  prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
- version: '4'
40
+ version: 1.2.1
41
+ - !ruby/object:Gem::Dependency
42
+ name: rails
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: 5.1.2
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: 5.1.2
41
55
  - !ruby/object:Gem::Dependency
42
56
  name: sqlite3
43
57
  requirement: !ruby/object:Gem::Requirement