pwned 2.3.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/tests.yml +7 -1
- data/CHANGELOG.md +8 -1
- data/README.md +15 -5
- data/lib/pwned/deep_merge.rb +13 -0
- data/lib/pwned/hashed_password.rb +8 -5
- data/lib/pwned/password.rb +7 -5
- data/lib/pwned/version.rb +1 -1
- data/lib/pwned.rb +23 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f655789ebeb4d8fc8cdd1a105960358b8995ecb2d65d50542c124dd025add187
|
|
4
|
+
data.tar.gz: 32b7024253941258a9d93e3fd556c25d7dc5f1d91b55c414d547bce7cd81f042
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f298ab9734b71e795cb014986b93c37642539c45225add31f55a105a4238b0dcd57ae298682df0ad2ed69203d42f13181715dbcfeb1fe8f188a497e51f82cab9
|
|
7
|
+
data.tar.gz: c494a1fd491608e0bee4d47a97b356ae22887b2a041e33348a8784c14fbe68d5ab78451eb2b2e255e0b2f1702d41424b5a2e0b83549a93a3a9a2dd86abd1ad39
|
data/.github/workflows/tests.yml
CHANGED
|
@@ -8,7 +8,7 @@ jobs:
|
|
|
8
8
|
strategy:
|
|
9
9
|
fail-fast: false
|
|
10
10
|
matrix:
|
|
11
|
-
ruby: [2.
|
|
11
|
+
ruby: [2.6, 2.7, 3.0, 3.1, head]
|
|
12
12
|
rails: [4.2.11.3, 5.0.7.2, 5.1.7, 5.2.4.4, 6.0.3.4, 6.1.0]
|
|
13
13
|
exclude:
|
|
14
14
|
# Ruby 3.0 and Rails 5 do not get along together.
|
|
@@ -18,6 +18,12 @@ jobs:
|
|
|
18
18
|
rails: 5.1.7
|
|
19
19
|
- ruby: 3.0
|
|
20
20
|
rails: 5.2.4.4
|
|
21
|
+
- ruby: 3.1
|
|
22
|
+
rails: 5.0.7.2
|
|
23
|
+
- ruby: 3.1
|
|
24
|
+
rails: 5.1.7
|
|
25
|
+
- ruby: 3.1
|
|
26
|
+
rails: 5.2.4.4
|
|
21
27
|
- ruby: head
|
|
22
28
|
rails: 5.0.7.2
|
|
23
29
|
- ruby: head
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# Changelog for `Pwned`
|
|
2
2
|
|
|
3
|
-
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.
|
|
3
|
+
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.4.0...master)
|
|
4
|
+
|
|
5
|
+
## 2.4.0 (February 23, 2022) [☰](https://github.com/philnash/pwned/compare/v2.3.0...v2.4.0)
|
|
6
|
+
|
|
7
|
+
- Minor updates
|
|
8
|
+
|
|
9
|
+
- Adds `default_request_options` to set global defaults for the gem
|
|
10
|
+
- Adds Ruby 3.1 to the test matrix
|
|
4
11
|
|
|
5
12
|
## 2.3.0 (August 30, 2021) [☰](https://github.com/philnash/pwned/compare/v2.2.0...v2.3.0)
|
|
6
13
|
|
data/README.md
CHANGED
|
@@ -110,12 +110,20 @@ Pwned.pwned_count("password")
|
|
|
110
110
|
|
|
111
111
|
#### Custom request options
|
|
112
112
|
|
|
113
|
-
You can set
|
|
113
|
+
You can set HTTP request options to be used with `Net::HTTP.start` when making the request to the API. These options are documented in the [`Net::HTTP.start` documentation](https://ruby-doc.org/stdlib-3.0.0/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start).
|
|
114
|
+
|
|
115
|
+
You can pass the options to the constructor:
|
|
114
116
|
|
|
115
117
|
```ruby
|
|
116
118
|
password = Pwned::Password.new("password", read_timeout: 10)
|
|
117
119
|
```
|
|
118
120
|
|
|
121
|
+
You can also specify global defaults:
|
|
122
|
+
|
|
123
|
+
```ruby
|
|
124
|
+
Pwned.default_request_options = { read_timeout: 10 }
|
|
125
|
+
```
|
|
126
|
+
|
|
119
127
|
##### HTTP Headers
|
|
120
128
|
|
|
121
129
|
The `:headers` option defines defines HTTP headers. These headers must be string keys.
|
|
@@ -220,7 +228,7 @@ end
|
|
|
220
228
|
|
|
221
229
|
#### Custom Request Options
|
|
222
230
|
|
|
223
|
-
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
231
|
+
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
224
232
|
|
|
225
233
|
```ruby
|
|
226
234
|
validates :password, not_pwned: {
|
|
@@ -231,6 +239,8 @@ You can configure network requests made from the validator using `:request_optio
|
|
|
231
239
|
}
|
|
232
240
|
```
|
|
233
241
|
|
|
242
|
+
These options override the globally defined default options (see above).
|
|
243
|
+
|
|
234
244
|
In addition to these options, you can also set the following:
|
|
235
245
|
|
|
236
246
|
##### HTTP Headers
|
|
@@ -278,15 +288,15 @@ If you don't want to set a proxy and you don't want a proxy to be inferred from
|
|
|
278
288
|
|
|
279
289
|
### Using Asynchronously
|
|
280
290
|
|
|
281
|
-
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::
|
|
291
|
+
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::HashedPassword` class with the hash, like this:
|
|
282
292
|
|
|
283
293
|
```ruby
|
|
284
294
|
hashed_password = Pwned.hash_password(password)
|
|
285
295
|
# some time later
|
|
286
|
-
Pwned::
|
|
296
|
+
Pwned::HashedPassword.new(hashed_password, request_options).pwned?
|
|
287
297
|
```
|
|
288
298
|
|
|
289
|
-
The `Pwned::
|
|
299
|
+
The `Pwned::HashedPassword` constructor takes all the same options as the regular `Pwned::Password` contructor.
|
|
290
300
|
|
|
291
301
|
### Devise
|
|
292
302
|
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "pwned/password_base"
|
|
4
|
+
require "pwned/deep_merge"
|
|
5
|
+
|
|
4
6
|
|
|
5
7
|
module Pwned
|
|
6
8
|
##
|
|
@@ -9,6 +11,7 @@ module Pwned
|
|
|
9
11
|
# @see https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
10
12
|
class HashedPassword
|
|
11
13
|
include PasswordBase
|
|
14
|
+
using DeepMerge
|
|
12
15
|
##
|
|
13
16
|
# Creates a new hashed password object.
|
|
14
17
|
#
|
|
@@ -19,7 +22,7 @@ module Pwned
|
|
|
19
22
|
#
|
|
20
23
|
# @param hashed_password [String] The hash of the password you want to check against the API.
|
|
21
24
|
# @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
|
|
22
|
-
# calling the API
|
|
25
|
+
# calling the API. This overrides any keys specified in +Pwned.default_request_options+.
|
|
23
26
|
# @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
|
|
24
27
|
# HTTP headers to include in the request
|
|
25
28
|
# @option request_options [Symbol] :ignore_env_proxy (false) The library
|
|
@@ -30,11 +33,11 @@ module Pwned
|
|
|
30
33
|
def initialize(hashed_password, request_options={})
|
|
31
34
|
raise TypeError, "hashed_password must be of type String" unless hashed_password.is_a? String
|
|
32
35
|
@hashed_password = hashed_password.upcase
|
|
33
|
-
@request_options =
|
|
34
|
-
@request_headers = Hash(request_options.delete(:headers))
|
|
36
|
+
@request_options = Pwned.default_request_options.deep_merge(request_options)
|
|
37
|
+
@request_headers = Hash(@request_options.delete(:headers))
|
|
35
38
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
36
|
-
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
37
|
-
@ignore_env_proxy = request_options.delete(:ignore_env_proxy) || false
|
|
39
|
+
@request_proxy = URI(@request_options.delete(:proxy)) if @request_options.key?(:proxy)
|
|
40
|
+
@ignore_env_proxy = @request_options.delete(:ignore_env_proxy) || false
|
|
38
41
|
end
|
|
39
42
|
end
|
|
40
43
|
end
|
data/lib/pwned/password.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "pwned/password_base"
|
|
4
|
+
require "pwned/deep_merge"
|
|
4
5
|
|
|
5
6
|
module Pwned
|
|
6
7
|
##
|
|
@@ -9,6 +10,7 @@ module Pwned
|
|
|
9
10
|
# @see https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
10
11
|
class Password
|
|
11
12
|
include PasswordBase
|
|
13
|
+
using DeepMerge
|
|
12
14
|
##
|
|
13
15
|
# @return [String] the password that is being checked.
|
|
14
16
|
# @since 1.0.0
|
|
@@ -24,7 +26,7 @@ module Pwned
|
|
|
24
26
|
#
|
|
25
27
|
# @param password [String] The password you want to check against the API.
|
|
26
28
|
# @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
|
|
27
|
-
# calling the API
|
|
29
|
+
# calling the API. This overrides any keys specified in +Pwned.default_request_options+.
|
|
28
30
|
# @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
|
|
29
31
|
# HTTP headers to include in the request
|
|
30
32
|
# @option request_options [Symbol] :ignore_env_proxy (false) The library
|
|
@@ -36,11 +38,11 @@ module Pwned
|
|
|
36
38
|
raise TypeError, "password must be of type String" unless password.is_a? String
|
|
37
39
|
@password = password
|
|
38
40
|
@hashed_password = Pwned.hash_password(password)
|
|
39
|
-
@request_options =
|
|
40
|
-
@request_headers = Hash(request_options.delete(:headers))
|
|
41
|
+
@request_options = Pwned.default_request_options.deep_merge(request_options)
|
|
42
|
+
@request_headers = Hash(@request_options.delete(:headers))
|
|
41
43
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
42
|
-
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
43
|
-
@ignore_env_proxy = request_options.delete(:ignore_env_proxy) || false
|
|
44
|
+
@request_proxy = URI(@request_options.delete(:proxy)) if @request_options.key?(:proxy)
|
|
45
|
+
@ignore_env_proxy = @request_options.delete(:ignore_env_proxy) || false
|
|
44
46
|
end
|
|
45
47
|
end
|
|
46
48
|
end
|
data/lib/pwned/version.rb
CHANGED
data/lib/pwned.rb
CHANGED
|
@@ -23,6 +23,29 @@ end
|
|
|
23
23
|
# results for a password.
|
|
24
24
|
|
|
25
25
|
module Pwned
|
|
26
|
+
@default_request_options = {}
|
|
27
|
+
|
|
28
|
+
##
|
|
29
|
+
# The default request options passed to +Net::HTTP.start+ when calling the API.
|
|
30
|
+
#
|
|
31
|
+
# @return [Hash]
|
|
32
|
+
# @see Pwned::Password#initialize
|
|
33
|
+
def self.default_request_options
|
|
34
|
+
@default_request_options
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
##
|
|
38
|
+
# Sets the default request options passed to +Net::HTTP.start+ when calling
|
|
39
|
+
# the API.
|
|
40
|
+
#
|
|
41
|
+
# The default options may be overridden in +Pwned::Password#new+.
|
|
42
|
+
#
|
|
43
|
+
# @param [Hash] request_options
|
|
44
|
+
# @see Pwned::Password#initialize
|
|
45
|
+
def self.default_request_options=(request_options)
|
|
46
|
+
@default_request_options = request_options
|
|
47
|
+
end
|
|
48
|
+
|
|
26
49
|
##
|
|
27
50
|
# Returns +true+ when the password has been pwned.
|
|
28
51
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Phil Nash
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -110,6 +110,7 @@ files:
|
|
|
110
110
|
- bin/setup
|
|
111
111
|
- lib/locale/en.yml
|
|
112
112
|
- lib/pwned.rb
|
|
113
|
+
- lib/pwned/deep_merge.rb
|
|
113
114
|
- lib/pwned/error.rb
|
|
114
115
|
- lib/pwned/hashed_password.rb
|
|
115
116
|
- lib/pwned/not_pwned_validator.rb
|