rodauth-pwned 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +22 -3
- data/lib/rodauth/features/pwned_password.rb +5 -0
- data/rodauth-pwned.gemspec +2 -1
- metadata +20 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f8921aa5a7a7a2f911b9fdaaee2f6cccd1d49039b090da52731fd21efd0884fc
|
|
4
|
+
data.tar.gz: 9b0e6764b69097674e3e8335b809b0d85009dbd567ebc1a23e61d2ee15cf84fb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 66c1002236eaa8f9c7343b9220f68b2acb88d904da22a1ba859e7a82795943c64491e7bd50c2f0f036dead9f66cf6618925fc07511cbeba3ad73e4961905689b
|
|
7
|
+
data.tar.gz: '0860965d7cd51ac38441ff338b3db9e78228746dd2e991e4b5c03514cd83729137a59274a03524d0b597e562479ee631ecf1dda8c926bc997d808b255ba6fbd0'
|
data/README.md
CHANGED
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
# rodauth-pwned
|
|
2
2
|
|
|
3
|
-
[Rodauth] feature that checks user passwords against the [Pwned Passwords API]
|
|
3
|
+
[Rodauth] feature that checks user passwords against the [Pwned Passwords API]
|
|
4
|
+
(using the [Pwned] rubygem).
|
|
4
5
|
|
|
5
6
|
## Installation
|
|
6
7
|
|
|
@@ -88,6 +89,23 @@ plugin :rodauth do
|
|
|
88
89
|
end
|
|
89
90
|
```
|
|
90
91
|
|
|
92
|
+
### Warning users with pwned passwords
|
|
93
|
+
|
|
94
|
+
If a user's password becomes pwned, you may want to warn them on login:
|
|
95
|
+
|
|
96
|
+
```rb
|
|
97
|
+
plugin :rodauth do
|
|
98
|
+
# ...
|
|
99
|
+
after_login do
|
|
100
|
+
db.after_commit do # better to make HTTP requests outside of transactions
|
|
101
|
+
if param_or_nil(password_param) && password_pwned?(param(password_param))
|
|
102
|
+
set_redirect_error_flash "Your password has previously appeared in a data breach and should never be used. We strongly recommend you change your password."
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
end
|
|
107
|
+
```
|
|
108
|
+
|
|
91
109
|
## Development
|
|
92
110
|
|
|
93
111
|
Run tests with Rake:
|
|
@@ -96,9 +114,9 @@ Run tests with Rake:
|
|
|
96
114
|
$ bundle exec rake test
|
|
97
115
|
```
|
|
98
116
|
|
|
99
|
-
##
|
|
117
|
+
## Credits
|
|
100
118
|
|
|
101
|
-
|
|
119
|
+
This gem has been inspired by [devise-pwned_password].
|
|
102
120
|
|
|
103
121
|
## License
|
|
104
122
|
|
|
@@ -111,3 +129,4 @@ Everyone interacting in the Rodauth::Pwned project's codebases, issue trackers,
|
|
|
111
129
|
[Rodauth]: https://github.com/jeremyevans/rodauth
|
|
112
130
|
[Pwned Passwords API]: https://haveibeenpwned.com/Passwords
|
|
113
131
|
[Pwned]: https://github.com/philnash/pwned
|
|
132
|
+
[devise-pwned_password]: https://github.com/michaelbanfield/devise-pwned_password
|
|
@@ -31,6 +31,11 @@ module Rodauth
|
|
|
31
31
|
Pwned.pwned_count(password, pwned_request_options)
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
def post_configure
|
|
35
|
+
super
|
|
36
|
+
i18n_register File.expand_path("#{__dir__}/../../../locales") if features.include?(:i18n)
|
|
37
|
+
end
|
|
38
|
+
|
|
34
39
|
private
|
|
35
40
|
|
|
36
41
|
def password_not_pwned?(password)
|
data/rodauth-pwned.gemspec
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |spec|
|
|
2
2
|
spec.name = "rodauth-pwned"
|
|
3
|
-
spec.version = "0.
|
|
3
|
+
spec.version = "0.2.0"
|
|
4
4
|
spec.authors = ["Janko Marohnić"]
|
|
5
5
|
spec.email = ["janko.marohnic@gmail.com"]
|
|
6
6
|
|
|
@@ -25,4 +25,5 @@ Gem::Specification.new do |spec|
|
|
|
25
25
|
spec.add_development_dependency "tilt"
|
|
26
26
|
spec.add_development_dependency "bcrypt"
|
|
27
27
|
spec.add_development_dependency "capybara"
|
|
28
|
+
spec.add_development_dependency "rodauth-i18n"
|
|
28
29
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: rodauth-pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Janko Marohnić
|
|
8
|
-
autorequire:
|
|
8
|
+
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rodauth
|
|
@@ -108,6 +108,20 @@ dependencies:
|
|
|
108
108
|
- - ">="
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
110
|
version: '0'
|
|
111
|
+
- !ruby/object:Gem::Dependency
|
|
112
|
+
name: rodauth-i18n
|
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
|
114
|
+
requirements:
|
|
115
|
+
- - ">="
|
|
116
|
+
- !ruby/object:Gem::Version
|
|
117
|
+
version: '0'
|
|
118
|
+
type: :development
|
|
119
|
+
prerelease: false
|
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
121
|
+
requirements:
|
|
122
|
+
- - ">="
|
|
123
|
+
- !ruby/object:Gem::Version
|
|
124
|
+
version: '0'
|
|
111
125
|
description: Rodauth extension for checking whether a password had been exposed in
|
|
112
126
|
a database breach according to https://haveibeenpwned.com.
|
|
113
127
|
email:
|
|
@@ -126,7 +140,7 @@ licenses:
|
|
|
126
140
|
metadata:
|
|
127
141
|
homepage_uri: https://github.com/janko/rodauth-pwned
|
|
128
142
|
source_code_uri: https://github.com/janko/rodauth-pwned
|
|
129
|
-
post_install_message:
|
|
143
|
+
post_install_message:
|
|
130
144
|
rdoc_options: []
|
|
131
145
|
require_paths:
|
|
132
146
|
- lib
|
|
@@ -141,8 +155,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
141
155
|
- !ruby/object:Gem::Version
|
|
142
156
|
version: '0'
|
|
143
157
|
requirements: []
|
|
144
|
-
rubygems_version: 3.
|
|
145
|
-
signing_key:
|
|
158
|
+
rubygems_version: 3.4.7
|
|
159
|
+
signing_key:
|
|
146
160
|
specification_version: 4
|
|
147
161
|
summary: Rodauth extension for checking whether a password had been exposed in a database
|
|
148
162
|
breach according to https://haveibeenpwned.com.
|