devise-pwned_password 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: be89bb3c81bab360c6d6037b19467554f64351de218448a82cd6b0b1b539b5ae
|
4
|
+
data.tar.gz: 4c53a8b3a1d26d3810b1a85af91c8aecc53f6d42f22c50ea7d29a6942e137cc7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aebdde0d629534140a161ef2c0e5390aefd731253e0753ce833b616b89da8c0e74a1b0e8e7ecf02cd379460a3c856da1c922fbff057d347304ccbed1ad6c77e5
|
7
|
+
data.tar.gz: 384175a042d38bf567c27aec57563398f8b0f6768eb17e6dcddf208e26db19180cf72ee332f2cc1b0e005d44bf870f189264a85d84468c34c220fe42002b1eee
|
data/README.md
CHANGED
@@ -127,6 +127,11 @@ class ActiveAdmin::Devise::SessionsController
|
|
127
127
|
end
|
128
128
|
```
|
129
129
|
|
130
|
+
To prevent the default call to the HaveIBeenPwned API on user sign in, add the following to `config/initializers/devise.rb`:
|
131
|
+
|
132
|
+
```ruby
|
133
|
+
config.pwned_password_check_on_sign_in = false
|
134
|
+
```
|
130
135
|
|
131
136
|
## Considerations
|
132
137
|
|
@@ -4,9 +4,11 @@ require "devise"
|
|
4
4
|
require "devise/pwned_password/model"
|
5
5
|
|
6
6
|
module Devise
|
7
|
-
mattr_accessor :min_password_matches, :min_password_matches_warn, :
|
7
|
+
mattr_accessor :min_password_matches, :min_password_matches_warn, :pwned_password_check_on_sign_in,
|
8
|
+
:pwned_password_open_timeout, :pwned_password_read_timeout
|
8
9
|
@@min_password_matches = 1
|
9
10
|
@@min_password_matches_warn = nil
|
11
|
+
@@pwned_password_check_on_sign_in = true
|
10
12
|
@@pwned_password_open_timeout = 5
|
11
13
|
@@pwned_password_read_timeout = 5
|
12
14
|
|
@@ -1,6 +1,8 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
Warden::Manager.after_set_user except: :fetch do |user, auth, opts|
|
4
|
-
|
5
|
-
|
4
|
+
if user.class.respond_to?(:pwned_password_check_on_sign_in) && user.class.pwned_password_check_on_sign_in
|
5
|
+
password = auth.request.params.fetch(opts[:scope], {}).fetch(:password, nil)
|
6
|
+
password && auth.authenticated?(opts[:scope]) && user.respond_to?(:password_pwned?) && user.password_pwned?(password)
|
7
|
+
end
|
6
8
|
end
|
@@ -20,6 +20,7 @@ module Devise
|
|
20
20
|
module ClassMethods
|
21
21
|
Devise::Models.config(self, :min_password_matches)
|
22
22
|
Devise::Models.config(self, :min_password_matches_warn)
|
23
|
+
Devise::Models.config(self, :pwned_password_check_on_sign_in)
|
23
24
|
Devise::Models.config(self, :pwned_password_open_timeout)
|
24
25
|
Devise::Models.config(self, :pwned_password_read_timeout)
|
25
26
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: devise-pwned_password
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Michael Banfield
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-01-10 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: devise
|