rodauth-pwned 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fd0ad8ce7b86521b47c5d4ed6c1986210ba2962651ebf0689de230c2ce177e33
4
- data.tar.gz: 4561058c9852a558be78f3c1584b72c96656925fcb91b7a8963d2282445a852b
3
+ metadata.gz: f8921aa5a7a7a2f911b9fdaaee2f6cccd1d49039b090da52731fd21efd0884fc
4
+ data.tar.gz: 9b0e6764b69097674e3e8335b809b0d85009dbd567ebc1a23e61d2ee15cf84fb
5
5
  SHA512:
6
- metadata.gz: b7d5a4f4a155fcd78871ea41851727b6243a4fd8d5b56453296ae724c150969363d0b20f9a01182541b317ef7cce3e9e5cb0d27879eb974910d5fea4ffb736a7
7
- data.tar.gz: 207219558e027c559910cba8a662940eee39cbb8c6ce12e2a0d9f06c1c63cca4b9a2415c517f8faff2ea4bd702aedcacb881303371e90f4f33a1e7fd5d8d07c6
6
+ metadata.gz: 66c1002236eaa8f9c7343b9220f68b2acb88d904da22a1ba859e7a82795943c64491e7bd50c2f0f036dead9f66cf6618925fc07511cbeba3ad73e4961905689b
7
+ data.tar.gz: '0860965d7cd51ac38441ff338b3db9e78228746dd2e991e4b5c03514cd83729137a59274a03524d0b597e562479ee631ecf1dda8c926bc997d808b255ba6fbd0'
data/README.md CHANGED
@@ -1,6 +1,7 @@
1
1
  # rodauth-pwned
2
2
 
3
- [Rodauth] feature that checks user passwords against the [Pwned Passwords API].
3
+ [Rodauth] feature that checks user passwords against the [Pwned Passwords API]
4
+ (using the [Pwned] rubygem).
4
5
 
5
6
  ## Installation
6
7
 
@@ -88,6 +89,23 @@ plugin :rodauth do
88
89
  end
89
90
  ```
90
91
 
92
+ ### Warning users with pwned passwords
93
+
94
+ If a user's password becomes pwned, you may want to warn them on login:
95
+
96
+ ```rb
97
+ plugin :rodauth do
98
+ # ...
99
+ after_login do
100
+ db.after_commit do # better to make HTTP requests outside of transactions
101
+ if param_or_nil(password_param) && password_pwned?(param(password_param))
102
+ set_redirect_error_flash "Your password has previously appeared in a data breach and should never be used. We strongly recommend you change your password."
103
+ end
104
+ end
105
+ end
106
+ end
107
+ ```
108
+
91
109
  ## Development
92
110
 
93
111
  Run tests with Rake:
@@ -96,9 +114,9 @@ Run tests with Rake:
96
114
  $ bundle exec rake test
97
115
  ```
98
116
 
99
- ## Contributing
117
+ ## Credits
100
118
 
101
- Bug reports and pull requests are welcome on GitHub at https://github.com/janko/rodauth-pwned. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/janko/rodauth-pwned/blob/master/CODE_OF_CONDUCT.md).
119
+ This gem has been inspired by [devise-pwned_password].
102
120
 
103
121
  ## License
104
122
 
@@ -111,3 +129,4 @@ Everyone interacting in the Rodauth::Pwned project's codebases, issue trackers,
111
129
  [Rodauth]: https://github.com/jeremyevans/rodauth
112
130
  [Pwned Passwords API]: https://haveibeenpwned.com/Passwords
113
131
  [Pwned]: https://github.com/philnash/pwned
132
+ [devise-pwned_password]: https://github.com/michaelbanfield/devise-pwned_password
@@ -31,6 +31,11 @@ module Rodauth
31
31
  Pwned.pwned_count(password, pwned_request_options)
32
32
  end
33
33
 
34
+ def post_configure
35
+ super
36
+ i18n_register File.expand_path("#{__dir__}/../../../locales") if features.include?(:i18n)
37
+ end
38
+
34
39
  private
35
40
 
36
41
  def password_not_pwned?(password)
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |spec|
2
2
  spec.name = "rodauth-pwned"
3
- spec.version = "0.1.0"
3
+ spec.version = "0.2.0"
4
4
  spec.authors = ["Janko Marohnić"]
5
5
  spec.email = ["janko.marohnic@gmail.com"]
6
6
 
@@ -25,4 +25,5 @@ Gem::Specification.new do |spec|
25
25
  spec.add_development_dependency "tilt"
26
26
  spec.add_development_dependency "bcrypt"
27
27
  spec.add_development_dependency "capybara"
28
+ spec.add_development_dependency "rodauth-i18n"
28
29
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rodauth-pwned
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Janko Marohnić
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-08-23 00:00:00.000000000 Z
11
+ date: 2023-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rodauth
@@ -108,6 +108,20 @@ dependencies:
108
108
  - - ">="
109
109
  - !ruby/object:Gem::Version
110
110
  version: '0'
111
+ - !ruby/object:Gem::Dependency
112
+ name: rodauth-i18n
113
+ requirement: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - ">="
123
+ - !ruby/object:Gem::Version
124
+ version: '0'
111
125
  description: Rodauth extension for checking whether a password had been exposed in
112
126
  a database breach according to https://haveibeenpwned.com.
113
127
  email:
@@ -126,7 +140,7 @@ licenses:
126
140
  metadata:
127
141
  homepage_uri: https://github.com/janko/rodauth-pwned
128
142
  source_code_uri: https://github.com/janko/rodauth-pwned
129
- post_install_message:
143
+ post_install_message:
130
144
  rdoc_options: []
131
145
  require_paths:
132
146
  - lib
@@ -141,8 +155,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
141
155
  - !ruby/object:Gem::Version
142
156
  version: '0'
143
157
  requirements: []
144
- rubygems_version: 3.1.1
145
- signing_key:
158
+ rubygems_version: 3.4.7
159
+ signing_key:
146
160
  specification_version: 4
147
161
  summary: Rodauth extension for checking whether a password had been exposed in a database
148
162
  breach according to https://haveibeenpwned.com.