rodauth-pwned 0.1.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fd0ad8ce7b86521b47c5d4ed6c1986210ba2962651ebf0689de230c2ce177e33
-  data.tar.gz: 4561058c9852a558be78f3c1584b72c96656925fcb91b7a8963d2282445a852b
+  metadata.gz: 29bda231ae44f13d0ed38c54f886c16b6237c396a2f61392f908ac039b327f77
+  data.tar.gz: b670e501eeb3bbe4f9c63a50af1cf1c6b4f47d5064abe4e1f69804dc75dc01ba
 SHA512:
-  metadata.gz: b7d5a4f4a155fcd78871ea41851727b6243a4fd8d5b56453296ae724c150969363d0b20f9a01182541b317ef7cce3e9e5cb0d27879eb974910d5fea4ffb736a7
-  data.tar.gz: 207219558e027c559910cba8a662940eee39cbb8c6ce12e2a0d9f06c1c63cca4b9a2415c517f8faff2ea4bd702aedcacb881303371e90f4f33a1e7fd5d8d07c6
+  metadata.gz: 32d4e58eaebf0596105888df7427d48e97708d03d726c9cf688a983f9c7f886a23f78f7d0feea4f463a8b92e6b537d8ebe892e9e169ed71092582cc6c1d86d5f
+  data.tar.gz: 5fd32bc439e69ae59440c3766a9122b3445318156bbc7f955db3e6f125228e70cac04cd89c62419523fe324a8e61666b49ac483dec4408b67d82feb3dfb8bb9a

data/README.md

@@ -1,6 +1,7 @@
 # rodauth-pwned
 
-[Rodauth] feature that checks user passwords against the [Pwned Passwords API].
+[Rodauth] feature that checks user passwords against the [Pwned Passwords API]
+(using the [Pwned] rubygem).
 
 ## Installation
 
@@ -88,6 +89,23 @@ plugin :rodauth do
 end
 ```
 
+### Warning users with pwned passwords
+
+If a user's password becomes pwned, you may want to warn them on login:
+
+```rb
+plugin :rodauth do
+  # ...
+  after_login do
+    db.after_commit do # better to make HTTP requests outside of transactions
+      if param_or_nil(password_param) && password_pwned?(param(password_param))
+        set_redirect_error_flash "Your password has previously appeared in a data breach and should never be used. We strongly recommend you change your password."
+      end
+    end
+  end
+end
+```
+
 ## Development
 
 Run tests with Rake:
@@ -96,9 +114,9 @@ Run tests with Rake:
 $ bundle exec rake test
 ```
 
-## Contributing
+## Credits
 
-Bug reports and pull requests are welcome on GitHub at https://github.com/janko/rodauth-pwned. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/janko/rodauth-pwned/blob/master/CODE_OF_CONDUCT.md).
+This gem has been inspired by [devise-pwned_password].
 
 ## License
 
@@ -111,3 +129,4 @@ Everyone interacting in the Rodauth::Pwned project's codebases, issue trackers,
 [Rodauth]: https://github.com/jeremyevans/rodauth
 [Pwned Passwords API]: https://haveibeenpwned.com/Passwords
 [Pwned]: https://github.com/philnash/pwned
+[devise-pwned_password]: https://github.com/michaelbanfield/devise-pwned_password

data/lib/rodauth/features/pwned_password.rb

@@ -31,6 +31,11 @@ module Rodauth
       Pwned.pwned_count(password, pwned_request_options)
     end
 
+    def post_configure
+      super
+      i18n_register File.expand_path("#{__dir__}/../../../locales") if features.include?(:i18n)
+    end
+
     private
 
     def password_not_pwned?(password)

data/locales/en.yml

@@ -0,0 +1,3 @@
+en:
+  rodauth:
+    password_pwned_message: "this password has previously appeared in a data breach and should never be used"

data/rodauth-pwned.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |spec|
   spec.name          = "rodauth-pwned"
-  spec.version       = "0.1.0"
+  spec.version       = "0.2.1"
   spec.authors       = ["Janko Marohnić"]
   spec.email         = ["janko.marohnic@gmail.com"]
 
@@ -14,7 +14,7 @@ Gem::Specification.new do |spec|
   spec.metadata["homepage_uri"] = spec.homepage
   spec.metadata["source_code_uri"] = spec.homepage
 
-  spec.files         = Dir["README.md", "LICENSE.txt", "*.gemspec", "lib/**/*"]
+  spec.files         = Dir["README.md", "LICENSE.txt", "*.gemspec", "lib/**/*", "locales/**/*"]
   spec.require_paths = ["lib"]
 
   spec.add_dependency "rodauth", "~> 2.0"
@@ -25,4 +25,5 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "tilt"
   spec.add_development_dependency "bcrypt"
   spec.add_development_dependency "capybara"
+  spec.add_development_dependency "rodauth-i18n"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rodauth-pwned
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.1
 platform: ruby
 authors:
 - Janko Marohnić
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-08-23 00:00:00.000000000 Z
+date: 2023-03-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rodauth
@@ -108,6 +108,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rodauth-i18n
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Rodauth extension for checking whether a password had been exposed in
   a database breach according to https://haveibeenpwned.com.
 email:
@@ -119,6 +133,7 @@ files:
 - LICENSE.txt
 - README.md
 - lib/rodauth/features/pwned_password.rb
+- locales/en.yml
 - rodauth-pwned.gemspec
 homepage: https://github.com/janko/rodauth-pwned
 licenses:
@@ -126,7 +141,7 @@ licenses:
 metadata:
   homepage_uri: https://github.com/janko/rodauth-pwned
   source_code_uri: https://github.com/janko/rodauth-pwned
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -141,8 +156,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.1
-signing_key: 
+rubygems_version: 3.4.7
+signing_key:
 specification_version: 4
 summary: Rodauth extension for checking whether a password had been exposed in a database
   breach according to https://haveibeenpwned.com.