pwned 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 502db43dbcbc77b9ea32dbac1b642d4f682f3969b810b13c2ec02b381c1b50e9
-  data.tar.gz: 5ef819185c54637d5544b7fd27134d1ae61c07ed2eaf464b7040e39fa8b15937
+  metadata.gz: 1e197213ac23ae94598dbf91b7a09fadd740db379d5abefdb8ad7c9623d9514b
+  data.tar.gz: 960c6e4ab1d856480dbc236059abea531dc747f4a1d59a7e7db52534c2958866
 SHA512:
-  metadata.gz: fd00a0191f6d8a379ef7380cda0e7de42bdcc996483c45256185c535fb16d6a61b40a850d0f9383efda0e4441cde66ec5e24b73152a0e9af3d78da9b74a3a63f
-  data.tar.gz: bf4299bd181ff6d7b37754ed3cfefd52f9ea5fb72f9219b48a403137d5950c530be60ec85f9dfe58f412d1dbcbdb7958e0e0dc062ff8006728aa5d454899c6ae
+  metadata.gz: dede2324974438b89612b443e50c8d7c06fe9b35d3e5c6f36661ad73d28513ebb62eedbc60f0a72d346c935141b96f30b98a6ad21cb2950f45a418c76d33c6b1
+  data.tar.gz: 32a0659ce0a7b80967ebf68809bf5881623f473ab561dfcba9f131eb86af60b9f0cb4031603c85c295d37f9d7aae10ce03ae3a580c3cc437c486cff099a4f962

data/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 ## Ongoing [☰](https://github.com/philnash/pwned/compare/v1.1.0...master)
 
+...
+
+## 1.2.0 (March 15, 2018) [☰](https://github.com/philnash/pwned/commits/v1.2.0)
+
+* Major updates
+  * Changes `PwnedValidator` to `NotPwnedValidator`, so that the validation looks like `validates :password, not_pwned: true`. `PwnedValidator` now subclasses `NotPwnedValidator` for backwards compatibility with version 1.1.0 but is deprecated.
+
 ## 1.1.0 (March 12, 2018) [☰](https://github.com/philnash/pwned/commits/v1.1.0)
 
 * Major updates

data/README.md

@@ -2,7 +2,11 @@
 
 An easy, Ruby way to use the Pwned Passwords API.
 
-[![Build Status](https://travis-ci.org/philnash/pwned.svg?branch=master)](https://travis-ci.org/philnash/pwned)
+[![Gem Version](https://badge.fury.io/rb/pwned.svg)](https://rubygems.org/gems/pwned) [![Build Status](https://travis-ci.org/philnash/pwned.svg?branch=master)](https://travis-ci.org/philnash/pwned) [![Maintainability](https://codeclimate.com/github/philnash/pwned/badges/gpa.svg)](https://codeclimate.com/github/philnash/pwned/maintainability)
+
+[API docs](https://philnash.github.io/pwned/) | [GitHub repo](https://github.com/philnash/pwned)
+
+## About
 
 Troy Hunt's [Pwned Passwords API V2](https://haveibeenpwned.com/API/v2#PwnedPasswords) allows you to check if a password has been found in any of the huge data breaches.
 
@@ -80,9 +84,9 @@ There is a custom validator available for your ActiveRecord models:
 
 ```ruby
 class User < ApplicationRecord
-  validates :password, pwned: true
+  validates :password, not_pwned: true
   # or
-  validates :password, pwned: { message: "has been pwned %{count} times" }
+  validates :password, not_pwned: { message: "has been pwned %{count} times" }
 end
 ```
 
@@ -94,7 +98,7 @@ You can change the error message using I18n (use `%{count}` to interpolate the n
 en:
   errors:
     messages:
-      pwned: has been pwned %{count} times
+      not_pwned: has been pwned %{count} times
       pwned_error: might be pwned
 ```
 
@@ -105,7 +109,7 @@ If you are ok with the password appearing a certain number of times before you d
 ```ruby
 class User < ApplicationRecord
   # The record is marked as valid if the password has been used once in the breached data
-  validates :password, pwned: { threshold: 1 }
+  validates :password, not_pwned: { threshold: 1 }
 end
 ```
 
@@ -116,24 +120,24 @@ By default the record will be treated as valid when we cannot reach the [haveibe
 ```ruby
 class User < ApplicationRecord
   # The record is marked as valid on network errors.
-  validates :password, pwned: true
-  validates :password, pwned: { on_error: :valid }
+  validates :password, not_pwned: true
+  validates :password, not_pwned: { on_error: :valid }
 
   # The record is marked as invalid on network errors
   # (error message "could not be verified against the past data breaches".)
-  validates :password, pwned: { on_error: :invalid }
+  validates :password, not_pwned: { on_error: :invalid }
 
   # The record is marked as invalid on network errors with custom error.
-  validates :password, pwned: { on_error: :invalid, error_message: "might be pwned" }
+  validates :password, not_pwned: { on_error: :invalid, error_message: "might be pwned" }
 
   # We will raise an error on network errors.
   # This means that `record.valid?` will raise `Pwned::Error`.
   # Not recommended to use in production.
-  validates :password, pwned: { on_error: :raise_error }
+  validates :password, not_pwned: { on_error: :raise_error }
 
   # Call custom proc on error. For example, capture errors in Sentry,
   # but do not mark the record as invalid.
-  validates :password, pwned: {
+  validates :password, not_pwned: {
     on_error: ->(record, error) { Raven.capture_exception(error) }
   }
 end
@@ -144,7 +148,7 @@ end
 You can configure network requests made from the validator using `:request_options` (see [OpenURI::OpenRead#open](http://ruby-doc.org/stdlib-2.5.0/libdoc/open-uri/rdoc/OpenURI/OpenRead.html#method-i-open) for the list of available options, string keys represent custom network request headers, e.g. `"User-Agent"`):
 
 ```ruby
-  validates :password, pwned: {
+  validates :password, not_pwned: {
     request_options: { read_timeout: 5, open_timeout: 1, "User-Agent" => "Super fun user agent" }
   }
 ```

data/Rakefile

@@ -1,6 +1,11 @@
 require "bundler/gem_tasks"
 require "rspec/core/rake_task"
+require "yard"
 
 RSpec::Core::RakeTask.new(:spec)
 
 task :default => :spec
+
+YARD::Rake::YardocTask.new do |t|
+  t.options = ["--output-dir", "docs"]
+end

data/docs/NotPwnedValidator.html

@@ -0,0 +1,425 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>
+  Class: NotPwnedValidator
+  
+    &mdash; Documentation by YARD 0.9.12
+  
+</title>
+
+  <link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" />
+
+  <link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" />
+
+<script type="text/javascript" charset="utf-8">
+  pathId = "NotPwnedValidator";
+  relpath = '';
+</script>
+
+
+  <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script>
+
+  <script type="text/javascript" charset="utf-8" src="js/app.js"></script>
+
+
+  </head>
+  <body>
+    <div class="nav_wrap">
+      <iframe id="nav" src="class_list.html?1"></iframe>
+      <div id="resizer"></div>
+    </div>
+
+    <div id="main" tabindex="-1">
+      <div id="header">
+        <div id="menu">
+  
+    <a href="_index.html">Index (N)</a> &raquo;
+    
+    
+    <span class="title">NotPwnedValidator</span>
+  
+</div>
+
+        <div id="search">
+  
+    <a class="full_list_link" id="class_list_link"
+        href="class_list.html">
+
+        <svg width="24" height="24">
+          <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
+          <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
+        </svg>
+    </a>
+  
+</div>
+        <div class="clear"></div>
+      </div>
+
+      <div id="content"><h1>Class: NotPwnedValidator
+  
+  
+  
+</h1>
+<div class="box_info">
+  
+  <dl>
+    <dt>Inherits:</dt>
+    <dd>
+      <span class="inheritName">ActiveModel::EachValidator</span>
+      
+        <ul class="fullTree">
+          <li>Object</li>
+          
+            <li class="next">ActiveModel::EachValidator</li>
+          
+            <li class="next">NotPwnedValidator</li>
+          
+        </ul>
+        <a href="#" class="inheritanceTree">show all</a>
+      
+    </dd>
+  </dl>
+  
+
+  
+  
+  
+  
+  
+
+  
+
+  
+  <dl>
+    <dt>Defined in:</dt>
+    <dd>lib/pwned/not_pwned_validator.rb</dd>
+  </dl>
+  
+</div>
+
+<h2>Overview</h2><div class="docstring">
+  <div class="discussion">
+    
+<p>An <code>ActiveModel</code> validator to check passwords against the Pwned
+Passwords API.</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+  <div class="examples">
+    <p class="tag_title">Examples:</p>
+    
+      
+        <p class="example_title"><div class='inline'>
+<p>Validate a password on a <code>User</code> model with the default options.</p>
+</div></p>
+      
+      <pre class="example code"><code><span class='kw'>class</span> <span class='const'>User</span> <span class='op'>&lt;</span> <span class='const'>ApplicationRecord</span>
+  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='kw'>true</span>
+<span class='kw'>end</span></code></pre>
+    
+      
+        <p class="example_title"><div class='inline'>
+<p>Validate a password on a <code>User</code> model with a custom error
+message.</p>
+</div></p>
+      
+      <pre class="example code"><code><span class='kw'>class</span> <span class='const'>User</span> <span class='op'>&lt;</span> <span class='const'>ApplicationRecord</span>
+  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span> <span class='label'>message:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>has been pwned %{count} times</span><span class='tstring_end'>&quot;</span></span> <span class='rbrace'>}</span>
+<span class='kw'>end</span></code></pre>
+    
+      
+        <p class="example_title"><div class='inline'>
+<p>Validate a password on a <code>User</code> model that allows the password
+to have been breached once.</p>
+</div></p>
+      
+      <pre class="example code"><code><span class='kw'>class</span> <span class='const'>User</span> <span class='op'>&lt;</span> <span class='const'>ApplicationRecord</span>
+  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span> <span class='label'>threshold:</span> <span class='int'>1</span> <span class='rbrace'>}</span>
+<span class='kw'>end</span></code></pre>
+    
+      
+        <p class="example_title"><div class='inline'>
+<p>Validate a password on a <code>User</code> model, handling API errors in
+various ways</p>
+</div></p>
+      
+      <pre class="example code"><code><span class='kw'>class</span> <span class='const'>User</span> <span class='op'>&lt;</span> <span class='const'>ApplicationRecord</span>
+  <span class='comment'># The record is marked as invalid on network errors
+</span>  <span class='comment'># (error message &quot;could not be verified against the past data breaches&quot;.)
+</span>  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span> <span class='label'>on_error:</span> <span class='symbol'>:invalid</span> <span class='rbrace'>}</span>
+
+  <span class='comment'># The record is marked as invalid on network errors with custom error.
+</span>  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span> <span class='label'>on_error:</span> <span class='symbol'>:invalid</span><span class='comma'>,</span> <span class='label'>error_message:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>might be pwned</span><span class='tstring_end'>&quot;</span></span> <span class='rbrace'>}</span>
+
+  <span class='comment'># An error is raised on network errors.
+</span>  <span class='comment'># This means that `record.valid?` will raise `Pwned::Error`.
+</span>  <span class='comment'># Not recommended to use in production.
+</span>  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span> <span class='label'>on_error:</span> <span class='symbol'>:raise_error</span> <span class='rbrace'>}</span>
+
+  <span class='comment'># Call custom proc on error. For example, capture errors in Sentry,
+</span>  <span class='comment'># but do not mark the record as invalid.
+</span>  <span class='id identifier rubyid_validates'>validates</span> <span class='symbol'>:password</span><span class='comma'>,</span> <span class='label'>not_pwned:</span> <span class='lbrace'>{</span>
+    <span class='label'>on_error:</span> <span class='tlambda'>-&gt;</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='comma'>,</span> <span class='id identifier rubyid_error'>error</span><span class='rparen'>)</span> <span class='tlambeg'>{</span> <span class='const'>Raven</span><span class='period'>.</span><span class='id identifier rubyid_capture_exception'>capture_exception</span><span class='lparen'>(</span><span class='id identifier rubyid_error'>error</span><span class='rparen'>)</span> <span class='rbrace'>}</span>
+  <span class='rbrace'>}</span>
+<span class='kw'>end</span></code></pre>
+    
+  </div>
+
+<p class="tag_title">Since:</p>
+<ul class="since">
+  
+    <li>
+      
+      
+      
+      
+        
+        <div class='inline'>
+<p>1.2.0</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+</div><div id="subclasses">
+  <h2>Direct Known Subclasses</h2>
+  <p class="children"><span class='object_link'><a href="PwnedValidator.html" title="PwnedValidator (class)">PwnedValidator</a></span></p>
+</div>
+
+  <h2>Constant Summary</h2>
+  <dl class="constants">
+    
+      <dt id="DEFAULT_ON_ERROR-constant" class="">DEFAULT_ON_ERROR =
+        <div class="docstring">
+  <div class="discussion">
+    
+<p>The default behaviour of this validator in the case of an API failure. The
+default will mean that if the API fails the object will not be marked
+invalid.</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+<p class="tag_title">Since:</p>
+<ul class="since">
+  
+    <li>
+      
+      
+      
+      
+        
+        <div class='inline'>
+<p>1.2.0</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+</div>
+      </dt>
+      <dd><pre class="code"><span class='symbol'>:valid</span></pre></dd>
+    
+      <dt id="DEFAULT_THRESHOLD-constant" class="">DEFAULT_THRESHOLD =
+        <div class="docstring">
+  <div class="discussion">
+    
+<p>The default threshold for whether a breach is considered pwned. The default
+is 0, so any password that appears in a breach will mark the record as
+invalid.</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+<p class="tag_title">Since:</p>
+<ul class="since">
+  
+    <li>
+      
+      
+      
+      
+        
+        <div class='inline'>
+<p>1.2.0</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+</div>
+      </dt>
+      <dd><pre class="code"><span class='int'>0</span></pre></dd>
+    
+  </dl>
+
+
+
+
+
+
+
+  
+    <h2>
+      Instance Method Summary
+      <small><a href="#" class="summary_toggle">collapse</a></small>
+    </h2>
+
+    <ul class="summary">
+      
+        <li class="public ">
+  <span class="summary_signature">
+    
+      <a href="#validate_each-instance_method" title="#validate_each (instance method)">#<strong>validate_each</strong>(record, attribute, value)  &#x21d2; Object </a>
+    
+
+    
+  </span>
+  
+  
+  
+  
+  
+  
+  
+
+  
+    <span class="summary_desc"><div class='inline'>
+<p>Validates the <code>value</code> against the Pwned Passwords API.</p>
+</div></span>
+  
+</li>
+
+      
+    </ul>
+  
+
+
+  
+
+  <div id="instance_method_details" class="method_details_list">
+    <h2>Instance Method Details</h2>
+
+    
+      <div class="method_details first">
+  <h3 class="signature first" id="validate_each-instance_method">
+  
+    #<strong>validate_each</strong>(record, attribute, value)  &#x21d2; <tt>Object</tt> 
+  
+
+  
+
+  
+</h3><div class="docstring">
+  <div class="discussion">
+    
+<p>Validates the <code>value</code> against the Pwned Passwords API. If the
+<code>pwned_count</code> is higher than the optional <code>threshold</code>
+then the record is marked as invalid.</p>
+
+<p>In the case of an API error the validator will either mark the record as
+valid or invalid. Alternatively it will run an associated proc or re-raise
+the original error.</p>
+
+
+  </div>
+</div>
+<div class="tags">
+  
+<p class="tag_title">Since:</p>
+<ul class="since">
+  
+    <li>
+      
+      
+      
+      
+        
+        <div class='inline'>
+<p>1.2.0</p>
+</div>
+      
+    </li>
+  
+</ul>
+
+</div><table class="source_code">
+  <tr>
+    <td>
+      <pre class="lines">
+
+
+64
+65
+66
+67
+68
+69
+70
+71
+72
+73
+74
+75
+76
+77
+78
+79
+80
+81
+82</pre>
+    </td>
+    <td>
+      <pre class="code"><span class="info file"># File 'lib/pwned/not_pwned_validator.rb', line 64</span>
+
+<span class='kw'>def</span> <span class='id identifier rubyid_validate_each'>validate_each</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='comma'>,</span> <span class='id identifier rubyid_attribute'>attribute</span><span class='comma'>,</span> <span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span>
+  <span class='kw'>begin</span>
+    <span class='id identifier rubyid_pwned_check'>pwned_check</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="Pwned.html" title="Pwned (module)">Pwned</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="Pwned/Password.html" title="Pwned::Password (class)">Password</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="Pwned/Password.html#initialize-instance_method" title="Pwned::Password#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_value'>value</span><span class='comma'>,</span> <span class='id identifier rubyid_request_options'>request_options</span><span class='rparen'>)</span>
+    <span class='kw'>if</span> <span class='id identifier rubyid_pwned_check'>pwned_check</span><span class='period'>.</span><span class='id identifier rubyid_pwned_count'>pwned_count</span> <span class='op'>&gt;</span> <span class='id identifier rubyid_threshold'>threshold</span>
+      <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_errors'>errors</span><span class='period'>.</span><span class='id identifier rubyid_add'>add</span><span class='lparen'>(</span><span class='id identifier rubyid_attribute'>attribute</span><span class='comma'>,</span> <span class='symbol'>:not_pwned</span><span class='comma'>,</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='label'>count:</span> <span class='id identifier rubyid_pwned_check'>pwned_check</span><span class='period'>.</span><span class='id identifier rubyid_pwned_count'>pwned_count</span><span class='rparen'>)</span><span class='rparen'>)</span>
+    <span class='kw'>end</span>
+  <span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="Pwned.html" title="Pwned (module)">Pwned</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="Pwned/Error.html" title="Pwned::Error (class)">Error</a></span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_error'>error</span>
+    <span class='kw'>case</span> <span class='id identifier rubyid_on_error'>on_error</span>
+    <span class='kw'>when</span> <span class='symbol'>:invalid</span>
+      <span class='id identifier rubyid_record'>record</span><span class='period'>.</span><span class='id identifier rubyid_errors'>errors</span><span class='period'>.</span><span class='id identifier rubyid_add'>add</span><span class='lparen'>(</span><span class='id identifier rubyid_attribute'>attribute</span><span class='comma'>,</span> <span class='symbol'>:pwned_error</span><span class='comma'>,</span> <span class='id identifier rubyid_options'>options</span><span class='period'>.</span><span class='id identifier rubyid_merge'>merge</span><span class='lparen'>(</span><span class='label'>message:</span> <span class='id identifier rubyid_options'>options</span><span class='lbracket'>[</span><span class='symbol'>:error_message</span><span class='rbracket'>]</span><span class='rparen'>)</span><span class='rparen'>)</span>
+    <span class='kw'>when</span> <span class='symbol'>:valid</span>
+      <span class='comment'># Do nothing, consider the record valid
+</span>    <span class='kw'>when</span> <span class='const'>Proc</span>
+      <span class='id identifier rubyid_on_error'>on_error</span><span class='period'>.</span><span class='id identifier rubyid_call'>call</span><span class='lparen'>(</span><span class='id identifier rubyid_record'>record</span><span class='comma'>,</span> <span class='id identifier rubyid_error'>error</span><span class='rparen'>)</span>
+    <span class='kw'>else</span>
+      <span class='id identifier rubyid_raise'>raise</span>
+    <span class='kw'>end</span>
+  <span class='kw'>end</span>
+<span class='kw'>end</span></pre>
+    </td>
+  </tr>
+</table>
+</div>
+    
+  </div>
+
+</div>
+
+      <div id="footer">
+  Generated on Wed Mar 14 11:06:58 2018 by
+  <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
+  0.9.12 (ruby-2.5.0).
+</div>
+
+    </div>
+  </body>
+</html>