pwned 2.1.0 → 2.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/.github/workflows/tests.yml +39 -0
- data/CHANGELOG.md +7 -0
- data/README.md +20 -6
- data/lib/pwned/hashed_password.rb +1 -0
- data/lib/pwned/password.rb +1 -0
- data/lib/pwned/password_base.rb +10 -2
- data/lib/pwned/version.rb +1 -1
- metadata +8 -7
- data/.travis.yml +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1790330e2068217b48ba0929c4b2409dfecd939e76f7d231acc872ef9802320a
|
|
4
|
+
data.tar.gz: afa13cc83a53df1be859a74876e00992b15eed757e571bec652168d85b3ab73e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23482aeeab95bb130ba04f1fdc57f769282d78c7c4c56c594f15652c472ffce9573967d8a31d539548a325c85f54aa038d65bb023aded41352147ad9a906534e
|
|
7
|
+
data.tar.gz: d31fb7ad5171adc4cc8ee28ed97d125fbd19c93bc68e65e7921076d1fb586748a1a4f12007e70cbfe6378e3c868effa756efaa08e627bfa82b2c73166e0b7dd1
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
github: philnash
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
name: tests
|
|
2
|
+
|
|
3
|
+
on: [push, pull_request]
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
fail-fast: false
|
|
10
|
+
matrix:
|
|
11
|
+
ruby: [2.5, 2.6, 2.7, 3.0, head]
|
|
12
|
+
rails: [4.2.11.3, 5.0.7.2, 5.1.7, 5.2.4.4, 6.0.3.4, 6.1.0]
|
|
13
|
+
exclude:
|
|
14
|
+
# Ruby 3.0 and Rails 5 do not get along together.
|
|
15
|
+
- ruby: 3.0
|
|
16
|
+
rails: 5.0.7.2
|
|
17
|
+
- ruby: 3.0
|
|
18
|
+
rails: 5.1.7
|
|
19
|
+
- ruby: 3.0
|
|
20
|
+
rails: 5.2.4.4
|
|
21
|
+
- ruby: head
|
|
22
|
+
rails: 5.0.7.2
|
|
23
|
+
- ruby: head
|
|
24
|
+
rails: 5.1.7
|
|
25
|
+
- ruby: head
|
|
26
|
+
rails: 5.2.4.4
|
|
27
|
+
continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}
|
|
28
|
+
env:
|
|
29
|
+
RAILS_VERSION: ${{ matrix.rails }}
|
|
30
|
+
steps:
|
|
31
|
+
- uses: actions/checkout@v2
|
|
32
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
|
33
|
+
uses: ruby/setup-ruby@v1
|
|
34
|
+
with:
|
|
35
|
+
ruby-version: ${{ matrix.ruby }}
|
|
36
|
+
- name: "Install dependencies (rails: ${{matrix.rails}})"
|
|
37
|
+
run: bundle install
|
|
38
|
+
- name: Run tests
|
|
39
|
+
run: bundle exec rspec
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.0.2...master)
|
|
4
4
|
|
|
5
|
+
## 2.2.0 (March 27, 2021) [☰](https://github.com/philnash/pwned/compare/v2.1.0...v2.2.0)
|
|
6
|
+
|
|
7
|
+
- Minor updates
|
|
8
|
+
|
|
9
|
+
- Adds `:proxy` option to `request_options` to directly set a proxy on the
|
|
10
|
+
request. Fixes #21, thanks [dparpyani](https://github.com/dparpyani).
|
|
11
|
+
|
|
5
12
|
## 2.1.0 (July 8, 2020) [☰](https://github.com/philnash/pwned/compare/v2.0.2...v2.1.0)
|
|
6
13
|
|
|
7
14
|
- Minor updates
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
An easy, Ruby way to use the Pwned Passwords API.
|
|
4
4
|
|
|
5
|
-
[](https://rubygems.org/gems/pwned)
|
|
5
|
+
[](https://rubygems.org/gems/pwned)  [](https://codeclimate.com/github/philnash/pwned/maintainability) [](https://inch-ci.org/github/philnash/pwned)
|
|
6
6
|
|
|
7
7
|
[API docs](https://www.rubydoc.info/gems/pwned) | [GitHub repo](https://github.com/philnash/pwned)
|
|
8
8
|
|
|
@@ -22,7 +22,9 @@ An easy, Ruby way to use the Pwned Passwords API.
|
|
|
22
22
|
- [Custom Request Options](#custom-request-options)
|
|
23
23
|
- [Using Asynchronously](#using-asynchronously)
|
|
24
24
|
- [Devise](#devise)
|
|
25
|
+
- [Rodauth](#rodauth)
|
|
25
26
|
- [Command line](#command-line)
|
|
27
|
+
- [Unpwn](#unpwn)
|
|
26
28
|
- [How Pwned is Pi?](#how-pwned-is-pi)
|
|
27
29
|
- [Development](#development)
|
|
28
30
|
- [Contributing](#contributing)
|
|
@@ -180,18 +182,22 @@ end
|
|
|
180
182
|
#### Custom Request Options
|
|
181
183
|
|
|
182
184
|
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
183
|
-
In addition to these options, HTTP headers can be specified with the `:headers` key
|
|
185
|
+
In addition to these options, HTTP headers can be specified with the `:headers` key (e.g. `"User-Agent"`) and proxy can be specified with the `:proxy` key:
|
|
184
186
|
|
|
185
187
|
```ruby
|
|
186
188
|
validates :password, not_pwned: {
|
|
187
|
-
request_options: {
|
|
189
|
+
request_options: {
|
|
190
|
+
read_timeout: 5,
|
|
191
|
+
open_timeout: 1,
|
|
192
|
+
headers: { "User-Agent" => "Super fun user agent" },
|
|
193
|
+
proxy: "https://username:password@example.com:12345"
|
|
194
|
+
}
|
|
188
195
|
}
|
|
189
196
|
```
|
|
190
197
|
|
|
191
198
|
### Using Asynchronously
|
|
192
199
|
|
|
193
|
-
You may have a use case for hashing the password in advance, and then making the call to the Pwned
|
|
194
|
-
(for example if you want to enqueue a job without storing the plaintext password):
|
|
200
|
+
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::HashPassword` class with the hash, like this:
|
|
195
201
|
|
|
196
202
|
```ruby
|
|
197
203
|
hashed_password = Pwned.hash_password(password)
|
|
@@ -201,7 +207,11 @@ Pwned::HashPassword.new(hashed_password, request_options).pwned?
|
|
|
201
207
|
|
|
202
208
|
### Devise
|
|
203
209
|
|
|
204
|
-
If you are using Devise I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
|
|
210
|
+
If you are using [Devise](https://github.com/heartcombo/devise) I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
|
|
211
|
+
|
|
212
|
+
### Rodauth
|
|
213
|
+
|
|
214
|
+
If you are using [Rodauth](https://github.com/jeremyevans/rodauth) then you can use the [rodauth-pwned](https://github.com/janko/rodauth-pwned) feature which is powered by this gem.
|
|
205
215
|
|
|
206
216
|
### Command line
|
|
207
217
|
|
|
@@ -221,6 +231,10 @@ $ pwned --secret
|
|
|
221
231
|
|
|
222
232
|
You will be prompted for the password, but it won't be displayed.
|
|
223
233
|
|
|
234
|
+
### Unpwn
|
|
235
|
+
|
|
236
|
+
To cut down on unnecessary network requests, [the unpwn project](https://github.com/indirect/unpwn) uses a list of the top one million passwords to check passwords against. Only if a password is not included in the top million is it then checked against the Pwned Passwords API.
|
|
237
|
+
|
|
224
238
|
## How Pwned is Pi?
|
|
225
239
|
|
|
226
240
|
[@daz](https://github.com/daz) [shared](https://twitter.com/dazonic/status/1074647842046660609) a fantastic example of using this gem to show how many times the digits of Pi have been used as passwords and leaked.
|
|
@@ -30,6 +30,7 @@ module Pwned
|
|
|
30
30
|
@request_options = Hash(request_options).dup
|
|
31
31
|
@request_headers = Hash(request_options.delete(:headers))
|
|
32
32
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
33
|
+
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
33
34
|
end
|
|
34
35
|
end
|
|
35
36
|
end
|
data/lib/pwned/password.rb
CHANGED
|
@@ -37,6 +37,7 @@ module Pwned
|
|
|
37
37
|
@request_options = Hash(request_options).dup
|
|
38
38
|
@request_headers = Hash(request_options.delete(:headers))
|
|
39
39
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
40
|
+
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
end
|
data/lib/pwned/password_base.rb
CHANGED
|
@@ -65,7 +65,7 @@ module Pwned
|
|
|
65
65
|
|
|
66
66
|
private
|
|
67
67
|
|
|
68
|
-
attr_reader :request_options, :request_headers
|
|
68
|
+
attr_reader :request_options, :request_headers, :request_proxy
|
|
69
69
|
|
|
70
70
|
def fetch_pwned_count
|
|
71
71
|
for_each_response_line do |line|
|
|
@@ -108,7 +108,15 @@ module Pwned
|
|
|
108
108
|
request.initialize_http_header(request_headers)
|
|
109
109
|
request_options[:use_ssl] = true
|
|
110
110
|
|
|
111
|
-
Net::HTTP.start(
|
|
111
|
+
Net::HTTP.start(
|
|
112
|
+
uri.host,
|
|
113
|
+
uri.port,
|
|
114
|
+
request_proxy&.host,
|
|
115
|
+
request_proxy&.port,
|
|
116
|
+
request_proxy&.user,
|
|
117
|
+
request_proxy&.password,
|
|
118
|
+
request_options
|
|
119
|
+
) do |http|
|
|
112
120
|
http.request(request, &block)
|
|
113
121
|
end
|
|
114
122
|
end
|
data/lib/pwned/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Phil Nash
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,9 +94,10 @@ executables:
|
|
|
94
94
|
extensions: []
|
|
95
95
|
extra_rdoc_files: []
|
|
96
96
|
files:
|
|
97
|
+
- ".github/FUNDING.yml"
|
|
98
|
+
- ".github/workflows/tests.yml"
|
|
97
99
|
- ".gitignore"
|
|
98
100
|
- ".rspec"
|
|
99
|
-
- ".travis.yml"
|
|
100
101
|
- ".yardopts"
|
|
101
102
|
- CHANGELOG.md
|
|
102
103
|
- CODE_OF_CONDUCT.md
|
|
@@ -125,7 +126,7 @@ metadata:
|
|
|
125
126
|
documentation_uri: https://www.rubydoc.info/gems/pwned
|
|
126
127
|
homepage_uri: https://github.com/philnash/pwned
|
|
127
128
|
source_code_uri: https://github.com/philnash/pwned
|
|
128
|
-
post_install_message:
|
|
129
|
+
post_install_message:
|
|
129
130
|
rdoc_options: []
|
|
130
131
|
require_paths:
|
|
131
132
|
- lib
|
|
@@ -140,8 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
140
141
|
- !ruby/object:Gem::Version
|
|
141
142
|
version: '0'
|
|
142
143
|
requirements: []
|
|
143
|
-
rubygems_version: 3.
|
|
144
|
-
signing_key:
|
|
144
|
+
rubygems_version: 3.2.3
|
|
145
|
+
signing_key:
|
|
145
146
|
specification_version: 4
|
|
146
147
|
summary: Tools to use the Pwned Passwords API.
|
|
147
148
|
test_files: []
|
data/.travis.yml
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
sudo: false
|
|
2
|
-
language: ruby
|
|
3
|
-
|
|
4
|
-
env:
|
|
5
|
-
matrix:
|
|
6
|
-
- RAILS_VERSION=4.2.11.1
|
|
7
|
-
- RAILS_VERSION=5.0.7.2
|
|
8
|
-
- RAILS_VERSION=5.1.7
|
|
9
|
-
- RAILS_VERSION=5.2.3
|
|
10
|
-
- RAILS_VERSION=6.0.0
|
|
11
|
-
|
|
12
|
-
rvm:
|
|
13
|
-
- 2.7
|
|
14
|
-
- 2.6
|
|
15
|
-
- 2.5
|
|
16
|
-
- 2.4
|
|
17
|
-
- jruby
|
|
18
|
-
- ruby-head
|
|
19
|
-
|
|
20
|
-
before_install: gem install bundler
|
|
21
|
-
|
|
22
|
-
matrix:
|
|
23
|
-
allow_failures:
|
|
24
|
-
- rvm: ruby-head
|
|
25
|
-
exclude:
|
|
26
|
-
- rvm: 2.4
|
|
27
|
-
env: RAILS_VERSION=6.0.0
|