pwned 2.1.0 → 2.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/FUNDING.yml +1 -0
- data/.github/workflows/tests.yml +39 -0
- data/CHANGELOG.md +7 -0
- data/README.md +20 -6
- data/lib/pwned/hashed_password.rb +1 -0
- data/lib/pwned/password.rb +1 -0
- data/lib/pwned/password_base.rb +10 -2
- data/lib/pwned/version.rb +1 -1
- metadata +8 -7
- data/.travis.yml +0 -27
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1790330e2068217b48ba0929c4b2409dfecd939e76f7d231acc872ef9802320a
|
|
4
|
+
data.tar.gz: afa13cc83a53df1be859a74876e00992b15eed757e571bec652168d85b3ab73e
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 23482aeeab95bb130ba04f1fdc57f769282d78c7c4c56c594f15652c472ffce9573967d8a31d539548a325c85f54aa038d65bb023aded41352147ad9a906534e
|
|
7
|
+
data.tar.gz: d31fb7ad5171adc4cc8ee28ed97d125fbd19c93bc68e65e7921076d1fb586748a1a4f12007e70cbfe6378e3c868effa756efaa08e627bfa82b2c73166e0b7dd1
|
data/.github/FUNDING.yml
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
github: philnash
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
name: tests
|
|
2
|
+
|
|
3
|
+
on: [push, pull_request]
|
|
4
|
+
|
|
5
|
+
jobs:
|
|
6
|
+
test:
|
|
7
|
+
runs-on: ubuntu-latest
|
|
8
|
+
strategy:
|
|
9
|
+
fail-fast: false
|
|
10
|
+
matrix:
|
|
11
|
+
ruby: [2.5, 2.6, 2.7, 3.0, head]
|
|
12
|
+
rails: [4.2.11.3, 5.0.7.2, 5.1.7, 5.2.4.4, 6.0.3.4, 6.1.0]
|
|
13
|
+
exclude:
|
|
14
|
+
# Ruby 3.0 and Rails 5 do not get along together.
|
|
15
|
+
- ruby: 3.0
|
|
16
|
+
rails: 5.0.7.2
|
|
17
|
+
- ruby: 3.0
|
|
18
|
+
rails: 5.1.7
|
|
19
|
+
- ruby: 3.0
|
|
20
|
+
rails: 5.2.4.4
|
|
21
|
+
- ruby: head
|
|
22
|
+
rails: 5.0.7.2
|
|
23
|
+
- ruby: head
|
|
24
|
+
rails: 5.1.7
|
|
25
|
+
- ruby: head
|
|
26
|
+
rails: 5.2.4.4
|
|
27
|
+
continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}
|
|
28
|
+
env:
|
|
29
|
+
RAILS_VERSION: ${{ matrix.rails }}
|
|
30
|
+
steps:
|
|
31
|
+
- uses: actions/checkout@v2
|
|
32
|
+
- name: Set up Ruby ${{ matrix.ruby }}
|
|
33
|
+
uses: ruby/setup-ruby@v1
|
|
34
|
+
with:
|
|
35
|
+
ruby-version: ${{ matrix.ruby }}
|
|
36
|
+
- name: "Install dependencies (rails: ${{matrix.rails}})"
|
|
37
|
+
run: bundle install
|
|
38
|
+
- name: Run tests
|
|
39
|
+
run: bundle exec rspec
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.0.2...master)
|
|
4
4
|
|
|
5
|
+
## 2.2.0 (March 27, 2021) [☰](https://github.com/philnash/pwned/compare/v2.1.0...v2.2.0)
|
|
6
|
+
|
|
7
|
+
- Minor updates
|
|
8
|
+
|
|
9
|
+
- Adds `:proxy` option to `request_options` to directly set a proxy on the
|
|
10
|
+
request. Fixes #21, thanks [dparpyani](https://github.com/dparpyani).
|
|
11
|
+
|
|
5
12
|
## 2.1.0 (July 8, 2020) [☰](https://github.com/philnash/pwned/compare/v2.0.2...v2.1.0)
|
|
6
13
|
|
|
7
14
|
- Minor updates
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
An easy, Ruby way to use the Pwned Passwords API.
|
|
4
4
|
|
|
5
|
-
[](https://rubygems.org/gems/pwned)
|
|
5
|
+
[](https://rubygems.org/gems/pwned)  [](https://codeclimate.com/github/philnash/pwned/maintainability) [](https://inch-ci.org/github/philnash/pwned)
|
|
6
6
|
|
|
7
7
|
[API docs](https://www.rubydoc.info/gems/pwned) | [GitHub repo](https://github.com/philnash/pwned)
|
|
8
8
|
|
|
@@ -22,7 +22,9 @@ An easy, Ruby way to use the Pwned Passwords API.
|
|
|
22
22
|
- [Custom Request Options](#custom-request-options)
|
|
23
23
|
- [Using Asynchronously](#using-asynchronously)
|
|
24
24
|
- [Devise](#devise)
|
|
25
|
+
- [Rodauth](#rodauth)
|
|
25
26
|
- [Command line](#command-line)
|
|
27
|
+
- [Unpwn](#unpwn)
|
|
26
28
|
- [How Pwned is Pi?](#how-pwned-is-pi)
|
|
27
29
|
- [Development](#development)
|
|
28
30
|
- [Contributing](#contributing)
|
|
@@ -180,18 +182,22 @@ end
|
|
|
180
182
|
#### Custom Request Options
|
|
181
183
|
|
|
182
184
|
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
183
|
-
In addition to these options, HTTP headers can be specified with the `:headers` key
|
|
185
|
+
In addition to these options, HTTP headers can be specified with the `:headers` key (e.g. `"User-Agent"`) and proxy can be specified with the `:proxy` key:
|
|
184
186
|
|
|
185
187
|
```ruby
|
|
186
188
|
validates :password, not_pwned: {
|
|
187
|
-
request_options: {
|
|
189
|
+
request_options: {
|
|
190
|
+
read_timeout: 5,
|
|
191
|
+
open_timeout: 1,
|
|
192
|
+
headers: { "User-Agent" => "Super fun user agent" },
|
|
193
|
+
proxy: "https://username:password@example.com:12345"
|
|
194
|
+
}
|
|
188
195
|
}
|
|
189
196
|
```
|
|
190
197
|
|
|
191
198
|
### Using Asynchronously
|
|
192
199
|
|
|
193
|
-
You may have a use case for hashing the password in advance, and then making the call to the Pwned
|
|
194
|
-
(for example if you want to enqueue a job without storing the plaintext password):
|
|
200
|
+
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::HashPassword` class with the hash, like this:
|
|
195
201
|
|
|
196
202
|
```ruby
|
|
197
203
|
hashed_password = Pwned.hash_password(password)
|
|
@@ -201,7 +207,11 @@ Pwned::HashPassword.new(hashed_password, request_options).pwned?
|
|
|
201
207
|
|
|
202
208
|
### Devise
|
|
203
209
|
|
|
204
|
-
If you are using Devise I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
|
|
210
|
+
If you are using [Devise](https://github.com/heartcombo/devise) I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
|
|
211
|
+
|
|
212
|
+
### Rodauth
|
|
213
|
+
|
|
214
|
+
If you are using [Rodauth](https://github.com/jeremyevans/rodauth) then you can use the [rodauth-pwned](https://github.com/janko/rodauth-pwned) feature which is powered by this gem.
|
|
205
215
|
|
|
206
216
|
### Command line
|
|
207
217
|
|
|
@@ -221,6 +231,10 @@ $ pwned --secret
|
|
|
221
231
|
|
|
222
232
|
You will be prompted for the password, but it won't be displayed.
|
|
223
233
|
|
|
234
|
+
### Unpwn
|
|
235
|
+
|
|
236
|
+
To cut down on unnecessary network requests, [the unpwn project](https://github.com/indirect/unpwn) uses a list of the top one million passwords to check passwords against. Only if a password is not included in the top million is it then checked against the Pwned Passwords API.
|
|
237
|
+
|
|
224
238
|
## How Pwned is Pi?
|
|
225
239
|
|
|
226
240
|
[@daz](https://github.com/daz) [shared](https://twitter.com/dazonic/status/1074647842046660609) a fantastic example of using this gem to show how many times the digits of Pi have been used as passwords and leaked.
|
|
@@ -30,6 +30,7 @@ module Pwned
|
|
|
30
30
|
@request_options = Hash(request_options).dup
|
|
31
31
|
@request_headers = Hash(request_options.delete(:headers))
|
|
32
32
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
33
|
+
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
33
34
|
end
|
|
34
35
|
end
|
|
35
36
|
end
|
data/lib/pwned/password.rb
CHANGED
|
@@ -37,6 +37,7 @@ module Pwned
|
|
|
37
37
|
@request_options = Hash(request_options).dup
|
|
38
38
|
@request_headers = Hash(request_options.delete(:headers))
|
|
39
39
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
40
|
+
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
end
|
data/lib/pwned/password_base.rb
CHANGED
|
@@ -65,7 +65,7 @@ module Pwned
|
|
|
65
65
|
|
|
66
66
|
private
|
|
67
67
|
|
|
68
|
-
attr_reader :request_options, :request_headers
|
|
68
|
+
attr_reader :request_options, :request_headers, :request_proxy
|
|
69
69
|
|
|
70
70
|
def fetch_pwned_count
|
|
71
71
|
for_each_response_line do |line|
|
|
@@ -108,7 +108,15 @@ module Pwned
|
|
|
108
108
|
request.initialize_http_header(request_headers)
|
|
109
109
|
request_options[:use_ssl] = true
|
|
110
110
|
|
|
111
|
-
Net::HTTP.start(
|
|
111
|
+
Net::HTTP.start(
|
|
112
|
+
uri.host,
|
|
113
|
+
uri.port,
|
|
114
|
+
request_proxy&.host,
|
|
115
|
+
request_proxy&.port,
|
|
116
|
+
request_proxy&.user,
|
|
117
|
+
request_proxy&.password,
|
|
118
|
+
request_options
|
|
119
|
+
) do |http|
|
|
112
120
|
http.request(request, &block)
|
|
113
121
|
end
|
|
114
122
|
end
|
data/lib/pwned/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Phil Nash
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -94,9 +94,10 @@ executables:
|
|
|
94
94
|
extensions: []
|
|
95
95
|
extra_rdoc_files: []
|
|
96
96
|
files:
|
|
97
|
+
- ".github/FUNDING.yml"
|
|
98
|
+
- ".github/workflows/tests.yml"
|
|
97
99
|
- ".gitignore"
|
|
98
100
|
- ".rspec"
|
|
99
|
-
- ".travis.yml"
|
|
100
101
|
- ".yardopts"
|
|
101
102
|
- CHANGELOG.md
|
|
102
103
|
- CODE_OF_CONDUCT.md
|
|
@@ -125,7 +126,7 @@ metadata:
|
|
|
125
126
|
documentation_uri: https://www.rubydoc.info/gems/pwned
|
|
126
127
|
homepage_uri: https://github.com/philnash/pwned
|
|
127
128
|
source_code_uri: https://github.com/philnash/pwned
|
|
128
|
-
post_install_message:
|
|
129
|
+
post_install_message:
|
|
129
130
|
rdoc_options: []
|
|
130
131
|
require_paths:
|
|
131
132
|
- lib
|
|
@@ -140,8 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
140
141
|
- !ruby/object:Gem::Version
|
|
141
142
|
version: '0'
|
|
142
143
|
requirements: []
|
|
143
|
-
rubygems_version: 3.
|
|
144
|
-
signing_key:
|
|
144
|
+
rubygems_version: 3.2.3
|
|
145
|
+
signing_key:
|
|
145
146
|
specification_version: 4
|
|
146
147
|
summary: Tools to use the Pwned Passwords API.
|
|
147
148
|
test_files: []
|
data/.travis.yml
DELETED
|
@@ -1,27 +0,0 @@
|
|
|
1
|
-
sudo: false
|
|
2
|
-
language: ruby
|
|
3
|
-
|
|
4
|
-
env:
|
|
5
|
-
matrix:
|
|
6
|
-
- RAILS_VERSION=4.2.11.1
|
|
7
|
-
- RAILS_VERSION=5.0.7.2
|
|
8
|
-
- RAILS_VERSION=5.1.7
|
|
9
|
-
- RAILS_VERSION=5.2.3
|
|
10
|
-
- RAILS_VERSION=6.0.0
|
|
11
|
-
|
|
12
|
-
rvm:
|
|
13
|
-
- 2.7
|
|
14
|
-
- 2.6
|
|
15
|
-
- 2.5
|
|
16
|
-
- 2.4
|
|
17
|
-
- jruby
|
|
18
|
-
- ruby-head
|
|
19
|
-
|
|
20
|
-
before_install: gem install bundler
|
|
21
|
-
|
|
22
|
-
matrix:
|
|
23
|
-
allow_failures:
|
|
24
|
-
- rvm: ruby-head
|
|
25
|
-
exclude:
|
|
26
|
-
- rvm: 2.4
|
|
27
|
-
env: RAILS_VERSION=6.0.0
|