pwned 1.2.0 → 2.1.0

data/lib/pwned/hashed_password.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+require "pwned/password_base"
+
+module Pwned
+  ##
+  # This class represents a hashed password. It does all the work of talking to the
+  # Pwned Passwords API to find out if the password has been pwned.
+  # @see https://haveibeenpwned.com/API/v2#PwnedPasswords
+  class HashedPassword
+    include PasswordBase
+    ##
+    # Creates a new hashed password object.
+    #
+    # @example A simple password with the default request options
+    #     password = Pwned::HashedPassword.new("ABC123")
+    # @example Setting the user agent and the read timeout of the request
+    #     password = Pwned::HashedPassword.new("ABC123", headers: { "User-Agent" => "My user agent" }, read_timout: 10)
+    #
+    # @param hashed_password [String] The hash of the password you want to check against the API.
+    # @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
+    #   calling the API
+    # @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
+    #   HTTP headers to include in the request
+    # @raise [TypeError] if the password is not a string.
+    # @since 2.1.0
+    def initialize(hashed_password, request_options={})
+      raise TypeError, "hashed_password must be of type String" unless hashed_password.is_a? String
+      @hashed_password = hashed_password.upcase
+      @request_options = Hash(request_options).dup
+      @request_headers = Hash(request_options.delete(:headers))
+      @request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
+    end
+  end
+end

data/lib/pwned/not_pwned_validator.rb

@@ -61,16 +61,30 @@ class NotPwnedValidator < ActiveModel::EachValidator
   # In the case of an API error the validator will either mark the
   # record as valid or invalid. Alternatively it will run an associated proc or
   # re-raise the original error.
+  #
+  # The validation will short circuit and return with no errors added if the
+  # password is blank. The +Pwned::Password+ initializer expects the password to
+  # be a string and will throw a +TypeError+ if it is +nil+. Also, technically
+  # the empty string is not a password that is reported to be found in data
+  # breaches, so returns +false+, short circuiting that using +value.blank?+
+  # saves us a trip to the API.
+  #
+  # @param record [ActiveModel::Validations] The object being validated
+  # @param attribute [Symbol] The attribute on the record that is currently
+  #   being validated.
+  # @param value [String] The value of the attribute on the record that is the
+  #   subject of the validation
   def validate_each(record, attribute, value)
+    return if value.blank?
     begin
       pwned_check = Pwned::Password.new(value, request_options)
       if pwned_check.pwned_count > threshold
-        record.errors.add(attribute, :not_pwned, options.merge(count: pwned_check.pwned_count))
+        record.errors.add(attribute, :not_pwned, **options.merge(count: pwned_check.pwned_count))
       end
     rescue Pwned::Error => error
       case on_error
       when :invalid
-        record.errors.add(attribute, :pwned_error, options.merge(message: options[:error_message]))
+        record.errors.add(attribute, :pwned_error, **options.merge(message: options[:error_message]))
       when :valid
         # Do nothing, consider the record valid
       when Proc
@@ -115,4 +129,4 @@ end
 #
 # @since 1.1.0
 class PwnedValidator < NotPwnedValidator
-end
+end

data/lib/pwned/password.rb

@@ -1,7 +1,6 @@
 # frozen_string_literal: true
 
-require "digest"
-require "open-uri"
+require "pwned/password_base"
 
 module Pwned
   ##
@@ -9,27 +8,7 @@ module Pwned
   # Pwned Passwords API to find out if the password has been pwned.
   # @see https://haveibeenpwned.com/API/v2#PwnedPasswords
   class Password
-    ##
-    # The base URL for the Pwned Passwords API
-    API_URL = "https://api.pwnedpasswords.com/range/"
-
-    ##
-    # The number of characters from the start of the hash of the password that
-    # are used to search for the range of passwords.
-    HASH_PREFIX_LENGTH = 5
-
-    ##
-    # The total length of a SHA1 hash
-    SHA1_LENGTH = 40
-
-    ##
-    # The default request options that are used to make HTTP requests to the
-    # API. A user agent is provided as requested in the documentation.
-    # @see https://haveibeenpwned.com/API/v2#UserAgent
-    DEFAULT_REQUEST_OPTIONS = {
-      "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}"
-    }.freeze
-
+    include PasswordBase
     ##
     # @return [String] the password that is being checked.
     # @since 1.0.0
@@ -40,88 +19,24 @@ module Pwned
     #
     # @example A simple password with the default request options
     #     password = Pwned::Password.new("password")
-    # @example Setting the user agent and the read timeout of the reques
-    #     password = Pwned::Password.new("password", "User-Agent" => "My user agent", :read_timout => 10)
+    # @example Setting the user agent and the read timeout of the request
+    #     password = Pwned::Password.new("password", headers: { "User-Agent" => "My user agent" }, read_timout: 10)
     #
     # @param password [String] The password you want to check against the API.
-    # @param [Hash] request_options Options that can be passed to +open+ when
+    # @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
     #   calling the API
-    # @option request_options [String] 'User-Agent' ("Ruby Pwned::Password #{Pwned::VERSION}")
-    #   The user agent used when making an API request.
+    # @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
+    #   HTTP headers to include in the request
     # @return [Boolean] Whether the password appears in the data breaches or not.
     # @raise [TypeError] if the password is not a string.
     # @since 1.1.0
     def initialize(password, request_options={})
       raise TypeError, "password must be of type String" unless password.is_a? String
       @password = password
-      @request_options = DEFAULT_REQUEST_OPTIONS.merge(request_options)
-    end
-
-    ##
-    # Returns the full SHA1 hash of the given password in uppercase.
-    # @return [String] The full SHA1 hash of the given password.
-    # @since 1.0.0
-    def hashed_password
-      @hashed_password ||= Digest::SHA1.hexdigest(password).upcase
-    end
-
-    ##
-    # @example
-    #     password = Pwned::Password.new("password")
-    #     password.pwned? #=> true
-    #
-    # @return [Boolean] +true+ when the password has been pwned.
-    # @raise [Pwned::Error] if there are errors with the HTTP request.
-    # @raise [Pwned::TimeoutError] if the HTTP request times out.
-    # @since 1.0.0
-    def pwned?
-      pwned_count > 0
-    end
-
-    ##
-    # @example
-    #     password = Pwned::Password.new("password")
-    #     password.pwned_count #=> 3303003
-    #
-    # @return [Integer] the number of times the password has been pwned.
-    # @raise [Pwned::Error] if there are errors with the HTTP request.
-    # @raise [Pwned::TimeoutError] if the HTTP request times out.
-    # @since 1.0.0
-    def pwned_count
-      @pwned_count ||= fetch_pwned_count
-    end
-
-    private
-
-    def fetch_pwned_count
-      for_each_response_line do |line|
-        next unless line.start_with?(hashed_password_suffix)
-        # Count starts after the suffix, followed by a colon
-        return line[(SHA1_LENGTH-HASH_PREFIX_LENGTH+1)..-1].to_i
-      end
-
-      # The hash was not found, we can assume the password is not pwned [yet]
-      0
-    end
-
-    def for_each_response_line(&block)
-      begin
-        open("#{API_URL}#{hashed_password_prefix}", @request_options) do |io|
-          io.each_line(&block)
-        end
-      rescue Timeout::Error => e
-        raise Pwned::TimeoutError, e.message
-      rescue => e
-        raise Pwned::Error, e.message
-      end
-    end
-
-    def hashed_password_prefix
-      hashed_password[0...HASH_PREFIX_LENGTH]
-    end
-
-    def hashed_password_suffix
-      hashed_password[HASH_PREFIX_LENGTH..-1]
+      @hashed_password = Pwned.hash_password(password)
+      @request_options = Hash(request_options).dup
+      @request_headers = Hash(request_options.delete(:headers))
+      @request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
     end
   end
 end

data/lib/pwned/password_base.rb

@@ -0,0 +1,133 @@
+# frozen_string_literal: true
+
+require "digest"
+require "net/http"
+
+module Pwned
+  ##
+  # This class represents a password. It does all the work of talking to the
+  # Pwned Passwords API to find out if the password has been pwned.
+  # @see https://haveibeenpwned.com/API/v2#PwnedPasswords
+  module PasswordBase
+    ##
+    # The base URL for the Pwned Passwords API
+    API_URL = "https://api.pwnedpasswords.com/range/"
+
+    ##
+    # The number of characters from the start of the hash of the password that
+    # are used to search for the range of passwords.
+    HASH_PREFIX_LENGTH = 5
+
+    ##
+    # The total length of a SHA1 hash
+    SHA1_LENGTH = 40
+
+    ##
+    # The default request headers that are used to make HTTP requests to the
+    # API. A user agent is provided as requested in the documentation.
+    # @see https://haveibeenpwned.com/API/v2#UserAgent
+    DEFAULT_REQUEST_HEADERS = {
+      "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}"
+    }.freeze
+
+    ##
+    # @example
+    #     password = Pwned::Password.new("password")
+    #     password.pwned? #=> true
+    #     password.pwned? #=> true
+    #
+    # @return [Boolean] +true+ when the password has been pwned.
+    # @raise [Pwned::Error] if there are errors with the HTTP request.
+    # @raise [Pwned::TimeoutError] if the HTTP request times out.
+    # @since 1.0.0
+    def pwned?
+      pwned_count > 0
+    end
+
+    ##
+    # @example
+    #     password = Pwned::Password.new("password")
+    #     password.pwned_count #=> 3303003
+    #
+    # @return [Integer] the number of times the password has been pwned.
+    # @raise [Pwned::Error] if there are errors with the HTTP request.
+    # @raise [Pwned::TimeoutError] if the HTTP request times out.
+    # @since 1.0.0
+    def pwned_count
+      @pwned_count ||= fetch_pwned_count
+    end
+
+    ##
+    # Returns the full SHA1 hash of the given password in uppercase.
+    # @return [String] The full SHA1 hash of the given password.
+    # @since 1.0.0
+    attr_reader :hashed_password
+
+    private
+
+    attr_reader :request_options, :request_headers
+
+    def fetch_pwned_count
+      for_each_response_line do |line|
+        next unless line.start_with?(hashed_password_suffix)
+        # Count starts after the suffix, followed by a colon
+        return line[(SHA1_LENGTH-HASH_PREFIX_LENGTH+1)..-1].to_i
+      end
+
+      # The hash was not found, we can assume the password is not pwned [yet]
+      0
+    end
+
+    def for_each_response_line(&block)
+      begin
+        with_http_response "#{API_URL}#{hashed_password_prefix}" do |response|
+          response.value # raise if request was unsuccessful
+          stream_response_lines(response, &block)
+        end
+      rescue Timeout::Error => e
+        raise Pwned::TimeoutError, e.message
+      rescue => e
+        raise Pwned::Error, e.message
+      end
+    end
+
+    def hashed_password_prefix
+      @hashed_password[0...HASH_PREFIX_LENGTH]
+    end
+
+    def hashed_password_suffix
+      @hashed_password[HASH_PREFIX_LENGTH..-1]
+    end
+
+    # Make a HTTP GET request given the url and headers.
+    # Yields a `Net::HTTPResponse`.
+    def with_http_response(url, &block)
+      uri = URI(url)
+
+      request = Net::HTTP::Get.new(uri)
+      request.initialize_http_header(request_headers)
+      request_options[:use_ssl] = true
+
+      Net::HTTP.start(uri.host, uri.port, request_options) do |http|
+        http.request(request, &block)
+      end
+    end
+
+    # Stream a Net::HTTPResponse by line, handling lines that cross chunks.
+    def stream_response_lines(response, &block)
+      last_line = ""
+
+      response.read_body do |chunk|
+        chunk_lines = (last_line + chunk).lines
+        # This could end with half a line, so save it for next time. If
+        # chunk_lines is empty, pop returns nil, so this also ensures last_line
+        # is always a string.
+        last_line = chunk_lines.pop || ""
+        chunk_lines.each(&block)
+      end
+
+      yield last_line unless last_line.empty?
+    end
+
+  end
+end

data/lib/pwned/version.rb

@@ -3,5 +3,5 @@
 module Pwned
   ##
   # The current version of the +pwned+ gem.
-  VERSION = "1.2.0"
+  VERSION = "2.1.0"
 end

data/pwned.gemspec

@@ -13,13 +13,22 @@ Gem::Specification.new do |spec|
   spec.homepage      = "https://github.com/philnash/pwned"
   spec.license       = "MIT"
 
+  spec.metadata      = {
+    "bug_tracker_uri"   => "https://github.com/philnash/pwned/issues",
+    "change_log_uri"    => "https://github.com/philnash/pwned/blob/master/CHANGELOG.md",
+    "documentation_uri" => "https://www.rubydoc.info/gems/pwned",
+    "homepage_uri"      => "https://github.com/philnash/pwned",
+    "source_code_uri"   => "https://github.com/philnash/pwned"
+  }
+
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|
     f.match(%r{^(test|spec|features)/})
   end
   spec.require_paths = ["lib"]
+  spec.executables = ["pwned"]
 
-  spec.add_development_dependency "bundler", "~> 1.16"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "bundler", ">= 1.16", "< 3.0"
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.0"
   spec.add_development_dependency "webmock", "~> 3.3"
   spec.add_development_dependency "yard", "~> 0.9.12"

metadata

@@ -1,43 +1,49 @@
 --- !ruby/object:Gem::Specification
 name: pwned
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 2.1.0
 platform: ruby
 authors:
 - Phil Nash
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-15 00:00:00.000000000 Z
+date: 2020-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.16'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -83,13 +89,15 @@ dependencies:
 description: Tools to use the Pwned Passwords API.
 email:
 - philnash@gmail.com
-executables: []
+executables:
+- pwned
 extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- ".yardopts"
 - CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
@@ -97,38 +105,26 @@ files:
 - README.md
 - Rakefile
 - bin/console
+- bin/pwned
 - bin/setup
-- docs/NotPwnedValidator.html
-- docs/Pwned.html
-- docs/Pwned/Error.html
-- docs/Pwned/Password.html
-- docs/Pwned/TimeoutError.html
-- docs/PwnedValidator.html
-- docs/_index.html
-- docs/class_list.html
-- docs/css/common.css
-- docs/css/full_list.css
-- docs/css/style.css
-- docs/file.README.html
-- docs/file_list.html
-- docs/frames.html
-- docs/index.html
-- docs/js/app.js
-- docs/js/full_list.js
-- docs/js/jquery.js
-- docs/method_list.html
-- docs/top-level-namespace.html
 - lib/locale/en.yml
 - lib/pwned.rb
 - lib/pwned/error.rb
+- lib/pwned/hashed_password.rb
 - lib/pwned/not_pwned_validator.rb
 - lib/pwned/password.rb
+- lib/pwned/password_base.rb
 - lib/pwned/version.rb
 - pwned.gemspec
 homepage: https://github.com/philnash/pwned
 licenses:
 - MIT
-metadata: {}
+metadata:
+  bug_tracker_uri: https://github.com/philnash/pwned/issues
+  change_log_uri: https://github.com/philnash/pwned/blob/master/CHANGELOG.md
+  documentation_uri: https://www.rubydoc.info/gems/pwned
+  homepage_uri: https://github.com/philnash/pwned
+  source_code_uri: https://github.com/philnash/pwned
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -144,8 +140,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.3
 signing_key: 
 specification_version: 4
 summary: Tools to use the Pwned Passwords API.