pwned 2.3.0 → 2.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/tests.yml +7 -1
- data/CHANGELOG.md +8 -1
- data/README.md +15 -5
- data/lib/pwned/deep_merge.rb +13 -0
- data/lib/pwned/hashed_password.rb +8 -5
- data/lib/pwned/password.rb +7 -5
- data/lib/pwned/version.rb +1 -1
- data/lib/pwned.rb +23 -0
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f655789ebeb4d8fc8cdd1a105960358b8995ecb2d65d50542c124dd025add187
|
|
4
|
+
data.tar.gz: 32b7024253941258a9d93e3fd556c25d7dc5f1d91b55c414d547bce7cd81f042
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f298ab9734b71e795cb014986b93c37642539c45225add31f55a105a4238b0dcd57ae298682df0ad2ed69203d42f13181715dbcfeb1fe8f188a497e51f82cab9
|
|
7
|
+
data.tar.gz: c494a1fd491608e0bee4d47a97b356ae22887b2a041e33348a8784c14fbe68d5ab78451eb2b2e255e0b2f1702d41424b5a2e0b83549a93a3a9a2dd86abd1ad39
|
data/.github/workflows/tests.yml
CHANGED
|
@@ -8,7 +8,7 @@ jobs:
|
|
|
8
8
|
strategy:
|
|
9
9
|
fail-fast: false
|
|
10
10
|
matrix:
|
|
11
|
-
ruby: [2.
|
|
11
|
+
ruby: [2.6, 2.7, 3.0, 3.1, head]
|
|
12
12
|
rails: [4.2.11.3, 5.0.7.2, 5.1.7, 5.2.4.4, 6.0.3.4, 6.1.0]
|
|
13
13
|
exclude:
|
|
14
14
|
# Ruby 3.0 and Rails 5 do not get along together.
|
|
@@ -18,6 +18,12 @@ jobs:
|
|
|
18
18
|
rails: 5.1.7
|
|
19
19
|
- ruby: 3.0
|
|
20
20
|
rails: 5.2.4.4
|
|
21
|
+
- ruby: 3.1
|
|
22
|
+
rails: 5.0.7.2
|
|
23
|
+
- ruby: 3.1
|
|
24
|
+
rails: 5.1.7
|
|
25
|
+
- ruby: 3.1
|
|
26
|
+
rails: 5.2.4.4
|
|
21
27
|
- ruby: head
|
|
22
28
|
rails: 5.0.7.2
|
|
23
29
|
- ruby: head
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# Changelog for `Pwned`
|
|
2
2
|
|
|
3
|
-
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.
|
|
3
|
+
## Ongoing [☰](https://github.com/philnash/pwned/compare/v2.4.0...master)
|
|
4
|
+
|
|
5
|
+
## 2.4.0 (February 23, 2022) [☰](https://github.com/philnash/pwned/compare/v2.3.0...v2.4.0)
|
|
6
|
+
|
|
7
|
+
- Minor updates
|
|
8
|
+
|
|
9
|
+
- Adds `default_request_options` to set global defaults for the gem
|
|
10
|
+
- Adds Ruby 3.1 to the test matrix
|
|
4
11
|
|
|
5
12
|
## 2.3.0 (August 30, 2021) [☰](https://github.com/philnash/pwned/compare/v2.2.0...v2.3.0)
|
|
6
13
|
|
data/README.md
CHANGED
|
@@ -110,12 +110,20 @@ Pwned.pwned_count("password")
|
|
|
110
110
|
|
|
111
111
|
#### Custom request options
|
|
112
112
|
|
|
113
|
-
You can set
|
|
113
|
+
You can set HTTP request options to be used with `Net::HTTP.start` when making the request to the API. These options are documented in the [`Net::HTTP.start` documentation](https://ruby-doc.org/stdlib-3.0.0/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start).
|
|
114
|
+
|
|
115
|
+
You can pass the options to the constructor:
|
|
114
116
|
|
|
115
117
|
```ruby
|
|
116
118
|
password = Pwned::Password.new("password", read_timeout: 10)
|
|
117
119
|
```
|
|
118
120
|
|
|
121
|
+
You can also specify global defaults:
|
|
122
|
+
|
|
123
|
+
```ruby
|
|
124
|
+
Pwned.default_request_options = { read_timeout: 10 }
|
|
125
|
+
```
|
|
126
|
+
|
|
119
127
|
##### HTTP Headers
|
|
120
128
|
|
|
121
129
|
The `:headers` option defines defines HTTP headers. These headers must be string keys.
|
|
@@ -220,7 +228,7 @@ end
|
|
|
220
228
|
|
|
221
229
|
#### Custom Request Options
|
|
222
230
|
|
|
223
|
-
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
231
|
+
You can configure network requests made from the validator using `:request_options` (see [Net::HTTP.start](http://ruby-doc.org/stdlib-2.6.3/libdoc/net/http/rdoc/Net/HTTP.html#method-c-start) for the list of available options).
|
|
224
232
|
|
|
225
233
|
```ruby
|
|
226
234
|
validates :password, not_pwned: {
|
|
@@ -231,6 +239,8 @@ You can configure network requests made from the validator using `:request_optio
|
|
|
231
239
|
}
|
|
232
240
|
```
|
|
233
241
|
|
|
242
|
+
These options override the globally defined default options (see above).
|
|
243
|
+
|
|
234
244
|
In addition to these options, you can also set the following:
|
|
235
245
|
|
|
236
246
|
##### HTTP Headers
|
|
@@ -278,15 +288,15 @@ If you don't want to set a proxy and you don't want a proxy to be inferred from
|
|
|
278
288
|
|
|
279
289
|
### Using Asynchronously
|
|
280
290
|
|
|
281
|
-
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::
|
|
291
|
+
You may have a use case for hashing the password in advance, and then making the call to the Pwned Passwords API later (for example if you want to enqueue a job without storing the plaintext password). To do this, you can hash the password with the `Pwned.hash_password` method and then initialize the `Pwned::HashedPassword` class with the hash, like this:
|
|
282
292
|
|
|
283
293
|
```ruby
|
|
284
294
|
hashed_password = Pwned.hash_password(password)
|
|
285
295
|
# some time later
|
|
286
|
-
Pwned::
|
|
296
|
+
Pwned::HashedPassword.new(hashed_password, request_options).pwned?
|
|
287
297
|
```
|
|
288
298
|
|
|
289
|
-
The `Pwned::
|
|
299
|
+
The `Pwned::HashedPassword` constructor takes all the same options as the regular `Pwned::Password` contructor.
|
|
290
300
|
|
|
291
301
|
### Devise
|
|
292
302
|
|
|
@@ -1,6 +1,8 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "pwned/password_base"
|
|
4
|
+
require "pwned/deep_merge"
|
|
5
|
+
|
|
4
6
|
|
|
5
7
|
module Pwned
|
|
6
8
|
##
|
|
@@ -9,6 +11,7 @@ module Pwned
|
|
|
9
11
|
# @see https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
10
12
|
class HashedPassword
|
|
11
13
|
include PasswordBase
|
|
14
|
+
using DeepMerge
|
|
12
15
|
##
|
|
13
16
|
# Creates a new hashed password object.
|
|
14
17
|
#
|
|
@@ -19,7 +22,7 @@ module Pwned
|
|
|
19
22
|
#
|
|
20
23
|
# @param hashed_password [String] The hash of the password you want to check against the API.
|
|
21
24
|
# @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
|
|
22
|
-
# calling the API
|
|
25
|
+
# calling the API. This overrides any keys specified in +Pwned.default_request_options+.
|
|
23
26
|
# @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
|
|
24
27
|
# HTTP headers to include in the request
|
|
25
28
|
# @option request_options [Symbol] :ignore_env_proxy (false) The library
|
|
@@ -30,11 +33,11 @@ module Pwned
|
|
|
30
33
|
def initialize(hashed_password, request_options={})
|
|
31
34
|
raise TypeError, "hashed_password must be of type String" unless hashed_password.is_a? String
|
|
32
35
|
@hashed_password = hashed_password.upcase
|
|
33
|
-
@request_options =
|
|
34
|
-
@request_headers = Hash(request_options.delete(:headers))
|
|
36
|
+
@request_options = Pwned.default_request_options.deep_merge(request_options)
|
|
37
|
+
@request_headers = Hash(@request_options.delete(:headers))
|
|
35
38
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
36
|
-
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
37
|
-
@ignore_env_proxy = request_options.delete(:ignore_env_proxy) || false
|
|
39
|
+
@request_proxy = URI(@request_options.delete(:proxy)) if @request_options.key?(:proxy)
|
|
40
|
+
@ignore_env_proxy = @request_options.delete(:ignore_env_proxy) || false
|
|
38
41
|
end
|
|
39
42
|
end
|
|
40
43
|
end
|
data/lib/pwned/password.rb
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
3
|
require "pwned/password_base"
|
|
4
|
+
require "pwned/deep_merge"
|
|
4
5
|
|
|
5
6
|
module Pwned
|
|
6
7
|
##
|
|
@@ -9,6 +10,7 @@ module Pwned
|
|
|
9
10
|
# @see https://haveibeenpwned.com/API/v2#PwnedPasswords
|
|
10
11
|
class Password
|
|
11
12
|
include PasswordBase
|
|
13
|
+
using DeepMerge
|
|
12
14
|
##
|
|
13
15
|
# @return [String] the password that is being checked.
|
|
14
16
|
# @since 1.0.0
|
|
@@ -24,7 +26,7 @@ module Pwned
|
|
|
24
26
|
#
|
|
25
27
|
# @param password [String] The password you want to check against the API.
|
|
26
28
|
# @param [Hash] request_options Options that can be passed to +Net::HTTP.start+ when
|
|
27
|
-
# calling the API
|
|
29
|
+
# calling the API. This overrides any keys specified in +Pwned.default_request_options+.
|
|
28
30
|
# @option request_options [Symbol] :headers ({ "User-Agent" => "Ruby Pwned::Password #{Pwned::VERSION}" })
|
|
29
31
|
# HTTP headers to include in the request
|
|
30
32
|
# @option request_options [Symbol] :ignore_env_proxy (false) The library
|
|
@@ -36,11 +38,11 @@ module Pwned
|
|
|
36
38
|
raise TypeError, "password must be of type String" unless password.is_a? String
|
|
37
39
|
@password = password
|
|
38
40
|
@hashed_password = Pwned.hash_password(password)
|
|
39
|
-
@request_options =
|
|
40
|
-
@request_headers = Hash(request_options.delete(:headers))
|
|
41
|
+
@request_options = Pwned.default_request_options.deep_merge(request_options)
|
|
42
|
+
@request_headers = Hash(@request_options.delete(:headers))
|
|
41
43
|
@request_headers = DEFAULT_REQUEST_HEADERS.merge(@request_headers)
|
|
42
|
-
@request_proxy = URI(request_options.delete(:proxy)) if request_options.key?(:proxy)
|
|
43
|
-
@ignore_env_proxy = request_options.delete(:ignore_env_proxy) || false
|
|
44
|
+
@request_proxy = URI(@request_options.delete(:proxy)) if @request_options.key?(:proxy)
|
|
45
|
+
@ignore_env_proxy = @request_options.delete(:ignore_env_proxy) || false
|
|
44
46
|
end
|
|
45
47
|
end
|
|
46
48
|
end
|
data/lib/pwned/version.rb
CHANGED
data/lib/pwned.rb
CHANGED
|
@@ -23,6 +23,29 @@ end
|
|
|
23
23
|
# results for a password.
|
|
24
24
|
|
|
25
25
|
module Pwned
|
|
26
|
+
@default_request_options = {}
|
|
27
|
+
|
|
28
|
+
##
|
|
29
|
+
# The default request options passed to +Net::HTTP.start+ when calling the API.
|
|
30
|
+
#
|
|
31
|
+
# @return [Hash]
|
|
32
|
+
# @see Pwned::Password#initialize
|
|
33
|
+
def self.default_request_options
|
|
34
|
+
@default_request_options
|
|
35
|
+
end
|
|
36
|
+
|
|
37
|
+
##
|
|
38
|
+
# Sets the default request options passed to +Net::HTTP.start+ when calling
|
|
39
|
+
# the API.
|
|
40
|
+
#
|
|
41
|
+
# The default options may be overridden in +Pwned::Password#new+.
|
|
42
|
+
#
|
|
43
|
+
# @param [Hash] request_options
|
|
44
|
+
# @see Pwned::Password#initialize
|
|
45
|
+
def self.default_request_options=(request_options)
|
|
46
|
+
@default_request_options = request_options
|
|
47
|
+
end
|
|
48
|
+
|
|
26
49
|
##
|
|
27
50
|
# Returns +true+ when the password has been pwned.
|
|
28
51
|
#
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Phil Nash
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-02-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -110,6 +110,7 @@ files:
|
|
|
110
110
|
- bin/setup
|
|
111
111
|
- lib/locale/en.yml
|
|
112
112
|
- lib/pwned.rb
|
|
113
|
+
- lib/pwned/deep_merge.rb
|
|
113
114
|
- lib/pwned/error.rb
|
|
114
115
|
- lib/pwned/hashed_password.rb
|
|
115
116
|
- lib/pwned/not_pwned_validator.rb
|