pwned 2.1.0 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4661790082f543ba897baf211da660c7a4f654444121f4ff3ba08542c08c412b
4
- data.tar.gz: f52a3f3cf36d461e8704a632f97829a5d9f871d9916a55687d4a0b2156b44b75
3
+ metadata.gz: 1790330e2068217b48ba0929c4b2409dfecd939e76f7d231acc872ef9802320a
4
+ data.tar.gz: afa13cc83a53df1be859a74876e00992b15eed757e571bec652168d85b3ab73e
5
5
  SHA512:
6
- metadata.gz: c114c3ca6e7667d1760ad2ae5dabcc7bf8d14b91e42788f7e36bba716eecd9bef6e1847e93dd12df4f8afed19460d26a068dc22ffb2270ceef8dc342f81690e0
7
- data.tar.gz: c19d20d765cd57e64468c27a3e8f134e53d8f6e9ae22497c2d94a315a584e2e19b1913d47b37e89c9525ce80d85d10d43437a623d211766aa7242dbe1144e906
6
+ metadata.gz: 23482aeeab95bb130ba04f1fdc57f769282d78c7c4c56c594f15652c472ffce9573967d8a31d539548a325c85f54aa038d65bb023aded41352147ad9a906534e
7
+ data.tar.gz: d31fb7ad5171adc4cc8ee28ed97d125fbd19c93bc68e65e7921076d1fb586748a1a4f12007e70cbfe6378e3c868effa756efaa08e627bfa82b2c73166e0b7dd1
@@ -0,0 +1 @@
1
+ github: philnash
@@ -0,0 +1,39 @@
1
+ name: tests
2
+
3
+ on: [push, pull_request]
4
+
5
+ jobs:
6
+ test:
7
+ runs-on: ubuntu-latest
8
+ strategy:
9
+ fail-fast: false
10
+ matrix:
11
+ ruby: [2.5, 2.6, 2.7, 3.0, head]
12
+ rails: [4.2.11.3, 5.0.7.2, 5.1.7, 5.2.4.4, 6.0.3.4, 6.1.0]
13
+ exclude:
14
+ # Ruby 3.0 and Rails 5 do not get along together.
15
+ - ruby: 3.0
16
+ rails: 5.0.7.2
17
+ - ruby: 3.0
18
+ rails: 5.1.7
19
+ - ruby: 3.0
20
+ rails: 5.2.4.4
21
+ - ruby: head
22
+ rails: 5.0.7.2
23
+ - ruby: head
24
+ rails: 5.1.7
25
+ - ruby: head
26
+ rails: 5.2.4.4
27
+ continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}
28
+ env:
29
+ RAILS_VERSION: ${{ matrix.rails }}
30
+ steps:
31
+ - uses: actions/checkout@v2
32
+ - name: Set up Ruby ${{ matrix.ruby }}
33
+ uses: ruby/setup-ruby@v1
34
+ with:
35
+ ruby-version: ${{ matrix.ruby }}
36
+ - name: "Install dependencies (rails: ${{matrix.rails}})"
37
+ run: bundle install
38
+ - name: Run tests
39
+ run: bundle exec rspec
data/CHANGELOG.md CHANGED
@@ -2,6 +2,13 @@
2
2
 
3
3
  ## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.0.2...master)
4
4
 
5
+ ## 2.2.0 (March 27, 2021) [☰](https://github.com/philnash/pwned/compare/v2.1.0...v2.2.0)
6
+
7
+ - Minor updates
8
+
9
+ - Adds `:proxy` option to `request_options` to directly set a proxy on the
10
+ request. Fixes #21, thanks [dparpyani](https://github.com/dparpyani).
11
+
5
12
  ## 2.1.0 (July 8, 2020) [☰](https://github.com/philnash/pwned/compare/v2.0.2...v2.1.0)
6
13
 
7
14
  - Minor updates
data/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  An easy, Ruby way to use the Pwned Passwords API.
4
4
 
5
- [![Gem Version](https://badge.fury.io/rb/pwned.svg)](https://rubygems.org/gems/pwned) [![Build Status](https://travis-ci.org/philnash/pwned.svg?branch=master)](https://travis-ci.org/philnash/pwned) [![Maintainability](https://codeclimate.com/github/philnash/pwned/badges/gpa.svg)](https://codeclimate.com/github/philnash/pwned/maintainability) [![Inline docs](https://inch-ci.org/github/philnash/pwned.svg?branch=master)](https://inch-ci.org/github/philnash/pwned)
5
+ [![Gem Version](https://badge.fury.io/rb/pwned.svg)](https://rubygems.org/gems/pwned) ![Build Status](https://github.com/philnash/pwned/workflows/tests/badge.svg) [![Maintainability](https://codeclimate.com/github/philnash/pwned/badges/gpa.svg)](https://codeclimate.com/github/philnash/pwned/maintainability) [![Inline docs](https://inch-ci.org/github/philnash/pwned.svg?branch=master)](https://inch-ci.org/github/philnash/pwned)
6
6
 
7
7
  [API docs](https://www.rubydoc.info/gems/pwned) | [GitHub repo](https://github.com/philnash/pwned)
8
8
 
@@ -22,7 +22,9 @@ An easy, Ruby way to use the Pwned Passwords API.
22
22
  - [Custom Request Options](#custom-request-options)
23
23
  - [Using Asynchronously](#using-asynchronously)
24
24
  - [Devise](#devise)
25
+ - [Rodauth](#rodauth)
25
26
  - [Command line](#command-line)
27
+ - [Unpwn](#unpwn)
26
28
  - [How Pwned is Pi?](#how-pwned-is-pi)
27
29
  - [Development](#development)
28
30
  - [Contributing](#contributing)
@@ -180,18 +182,22 @@ end
180
182
  #### Custom Request Options
181
183
 
182
184
  You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
183
- In addition to these options, HTTP headers can be specified with the `:headers` key, e.g. `"User-Agent"`):
185
+ In addition to these options, HTTP headers can be specified with the `:headers` key (e.g. `"User-Agent"`) and proxy can be specified with the `:proxy` key:
184
186
 
185
187
  ```ruby
186
188
  validates :password, not_pwned: {
187
- request_options: { read_timeout: 5, open_timeout: 1, headers: { "User-Agent" => "Super fun user agent" } }
189
+ request_options: {
190
+ read_timeout: 5,
191
+ open_timeout: 1,
192
+ headers: { "User-Agent" => "Super fun user agent" },
193
+ proxy: "https://username:password@example.com:12345"
194
+ }
188
195
  }
189
196
  ```
190
197
 
191
198
  ### Using Asynchronously
192
199
 
193
- You may have a use case for hashing the password in advance, and then making the call to the Pwned api later
194
- (for example if you want to enqueue a job without storing the plaintext password):
200
+ You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::HashPassword` class with the hash, like this:
195
201
 
196
202
  ```ruby
197
203
  hashed_password = Pwned.hash_password(password)
@@ -201,7 +207,11 @@ Pwned::HashPassword.new(hashed_password, request_options).pwned?
201
207
 
202
208
  ### Devise
203
209
 
204
- If you are using Devise I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
210
+ If you are using [Devise](https://github.com/heartcombo/devise) I recommend you use the [devise-pwned_password extension](https://github.com/michaelbanfield/devise-pwned_password) which is now powered by this gem.
211
+
212
+ ### Rodauth
213
+
214
+ If you are using [Rodauth](https://github.com/jeremyevans/rodauth) then you can use the [rodauth-pwned](https://github.com/janko/rodauth-pwned) feature which is powered by this gem.
205
215
 
206
216
  ### Command line
207
217
 
@@ -221,6 +231,10 @@ $ pwned --secret
221
231
 
222
232
  You will be prompted for the password, but it won't be displayed.
223
233
 
234
+ ### Unpwn
235
+
236
+ To cut down on unnecessary network requests, [the unpwn project](https://github.com/indirect/unpwn) uses a list of the top one million passwords to check passwords against. Only if a password is not included in the top million is it then checked against the Pwned Passwords API.
237
+
224
238
  ## How Pwned is Pi?
225
239
 
226
240
  [@daz](https://github.com/daz) [shared](https://twitter.com/dazonic/status/1074647842046660609) a fantastic example of using this gem to show how many times the digits of Pi have been used as passwords and leaked.
@@ -30,6 +30,7 @@ module Pwned
30
30
  @request_options = Hash(request_options).dup
31
31
  @request_headers = Hash(request_options.delete(:headers))
32
32
  @request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
33
+ @request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
33
34
  end
34
35
  end
35
36
  end
@@ -37,6 +37,7 @@ module Pwned
37
37
  @request_options = Hash(request_options).dup
38
38
  @request_headers = Hash(request_options.delete(:headers))
39
39
  @request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
40
+ @request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
40
41
  end
41
42
  end
42
43
  end
@@ -65,7 +65,7 @@ module Pwned
65
65
 
66
66
  private
67
67
 
68
- attr_reader :request_options, :request_headers
68
+ attr_reader :request_options, :request_headers, :request_proxy
69
69
 
70
70
  def fetch_pwned_count
71
71
  for_each_response_line do |line|
@@ -108,7 +108,15 @@ module Pwned
108
108
  request.initialize_http_header(request_headers)
109
109
  request_options[:use_ssl] = true
110
110
 
111
- Net::HTTP.start(uri.host, uri.port, request_options) do |http|
111
+ Net::HTTP.start(
112
+ uri.host,
113
+ uri.port,
114
+ request_proxy&.host,
115
+ request_proxy&.port,
116
+ request_proxy&.user,
117
+ request_proxy&.password,
118
+ request_options
119
+ ) do |http|
112
120
  http.request(request, &block)
113
121
  end
114
122
  end
data/lib/pwned/version.rb CHANGED
@@ -3,5 +3,5 @@
3
3
  module Pwned
4
4
  ##
5
5
  # The current version of the +pwned+ gem.
6
- VERSION = "2.1.0"
6
+ VERSION = "2.2.0"
7
7
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pwned
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.1.0
4
+ version: 2.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Phil Nash
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-08 00:00:00.000000000 Z
11
+ date: 2021-03-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -94,9 +94,10 @@ executables:
94
94
  extensions: []
95
95
  extra_rdoc_files: []
96
96
  files:
97
+ - ".github/FUNDING.yml"
98
+ - ".github/workflows/tests.yml"
97
99
  - ".gitignore"
98
100
  - ".rspec"
99
- - ".travis.yml"
100
101
  - ".yardopts"
101
102
  - CHANGELOG.md
102
103
  - CODE_OF_CONDUCT.md
@@ -125,7 +126,7 @@ metadata:
125
126
  documentation_uri: https://www.rubydoc.info/gems/pwned
126
127
  homepage_uri: https://github.com/philnash/pwned
127
128
  source_code_uri: https://github.com/philnash/pwned
128
- post_install_message:
129
+ post_install_message:
129
130
  rdoc_options: []
130
131
  require_paths:
131
132
  - lib
@@ -140,8 +141,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
140
141
  - !ruby/object:Gem::Version
141
142
  version: '0'
142
143
  requirements: []
143
- rubygems_version: 3.0.3
144
- signing_key:
144
+ rubygems_version: 3.2.3
145
+ signing_key:
145
146
  specification_version: 4
146
147
  summary: Tools to use the Pwned Passwords API.
147
148
  test_files: []
data/.travis.yml DELETED
@@ -1,27 +0,0 @@
1
- sudo: false
2
- language: ruby
3
-
4
- env:
5
- matrix:
6
- - RAILS_VERSION=4.2.11.1
7
- - RAILS_VERSION=5.0.7.2
8
- - RAILS_VERSION=5.1.7
9
- - RAILS_VERSION=5.2.3
10
- - RAILS_VERSION=6.0.0
11
-
12
- rvm:
13
- - 2.7
14
- - 2.6
15
- - 2.5
16
- - 2.4
17
- - jruby
18
- - ruby-head
19
-
20
- before_install: gem install bundler
21
-
22
- matrix:
23
- allow_failures:
24
- - rvm: ruby-head
25
- exclude:
26
- - rvm: 2.4
27
- env: RAILS_VERSION=6.0.0