RubyGems - unpwn - Versions diffs - 0.3.0 → 1.0.0 - Mend

unpwn 0.3.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50c1081ffc7e72b8a1e361ad624adf96198a4c6e514591b3594882a2a9def135
-  data.tar.gz: 65d5f0f41746f64b9cc91861e664c85fd7d9d0f15242459b4a928e9e47bdab18
+  metadata.gz: a04f3b1e7997fc330c4ff2069c3e399fd05518ea0d85243518d6477acef7f5a8
+  data.tar.gz: 10b25465bd63f35460c6956c53cb918e78a3002523a37af88bcedf888e4960cd
 SHA512:
-  metadata.gz: 55b0fead2d885c1ea121c6f188225dfd6ba75a8ddb921c43d188f74d33b2bcc466d2dda1a9fffd7905cd5353ba4b1b5f17a702810a63a04b83f9d819aa37efc1
-  data.tar.gz: e1479fe39d6fd86d6a450ceb35681c4311d7125ebeb2c9da382301a0d7d13b4bcf8256f5205fcbf969295ff5459c57ac04c741c3b5160f87242249e0dc2d8891
+  metadata.gz: 669ab5c727080d5f32d72e5e8a582b6756071965abdb0104a45292a886eb26761f5c5190c6b390136bdfaa049b65084d197c0a3655bed90cec9c388d888bca67
+  data.tar.gz: d411bb396f905ade6953c851a1a0a3a6419814696332e2abbc583378a96ef79954f509e8e2882d861bc137b3a30ccc22c209feafb09baafe7dfee7d5d6096cde

data/.travis.yml CHANGED Viewed

@@ -4,4 +4,5 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6.0
+  - 2.7.1
 before_install: "gem install 'bundler:~>2.0'"

data/Gemfile.lock CHANGED Viewed

@@ -1,15 +1,15 @@
 PATH
   remote: .
   specs:
-    unpwn (0.3.0)
+    unpwn (1.0.0)
       bloomer (~> 1.0)
-      pwned (~> 1.2)
+      pwned (~> 2.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
     bitarray (1.2.0)
     bloomer (1.0.0)
       bitarray
@@ -26,10 +26,10 @@ GEM
       domain_name (~> 0.5)
     http-form_data (2.1.1)
     http_parser.rb (0.6.0)
-    msgpack (1.3.1)
-    public_suffix (3.0.3)
-    pwned (1.2.1)
-    rake (10.5.0)
+    msgpack (1.4.2)
+    public_suffix (4.0.6)
+    pwned (2.3.0)
+    rake (12.3.3)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
@@ -53,9 +53,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (>= 1)
   http (~> 4.0)
-  rake (~> 10.0)
+  rake (~> 12.3)
   rspec (~> 3.0)
   unpwn!
 BUNDLED WITH
-   2.0.1
+   2.2.21

data/lib/unpwn/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Unpwn
-  VERSION = "0.3.0"
+  VERSION = "1.0.0"
 end

data/lib/unpwn.rb CHANGED Viewed

@@ -1,13 +1,26 @@
 require "unpwn/version"
-require "bloomer"
-require "bloomer/msgpackable"
-require "pwned"
-# Unpwn.pwned? tells you if a password should be rejected.
+# Unpwn checks passwords locally against the top one million passwords, as
+# provided by the nbp project. Then, it uses the haveibeenpwned API to check
+# proposed passwords against the largest corpus of publicly dumped passwords in
+# the world.
 class Unpwn
+  class << self
+    # Set `offline` to true to disable requests to the haveibeenpwned.com API
+    attr_accessor :offline
+    # Check if a password is _not_ already published. To set options like
+    # `min`, `max`, or on the Pwned API check, create a new instance of your
+    # own.
+    def acceptable?(password)
+      new.acceptable?(password)
+    end
+  end
   attr_reader :min, :max, :request_options
+  # Set the options for an Unpwn instance. `request_options` will be passed
+  # verbatim to the `Pwned` library.
   def initialize(min: 8, max: nil, request_options: nil)
     raise ArgumentError if min && min < 8
     raise ArgumentError if max && max < 64
@@ -17,6 +30,7 @@ class Unpwn
     @request_options = request_options || {}
   end
+  # Check if a password meets the requirements and is not pwned.
   def acceptable?(password)
     return false if min && password.size < min
     return false if max && password.size > max
@@ -24,15 +38,34 @@ class Unpwn
     !pwned?(password)
   end
+  # Checks if a password is pwned, via bloom filter then `Pwned`.
   def pwned?(password)
-    bloom.include?(password) || Pwned.pwned?(password, request_options)
+    pwned = bloom.include?(password)
+    unless self.class.offline
+      require "pwned"
+      pwned ||= Pwned.pwned?(password, request_options)
+    end
+    pwned
   end
   def bloom
     @bloom ||= begin
+      require "bloomer"
+      require "bloomer/msgpackable"
       top = File.read File.expand_path("top1000000.msgpack", __dir__)
       Bloomer.from_msgpack(top)
     end
   end
+  def inspect
+    "<UnPwn bloomed=#{@bloom ? 'yes' : 'no'}>"
+  end
+  alias :to_s :inspect
+end
+if defined?(ActiveModel) || defined?(Rails)
+  autoload :UnpwnedValidator, "unpwned_validator"
 end

data/lib/unpwned_validator.rb ADDED Viewed

@@ -0,0 +1,35 @@
+require "unpwn"
+# Validator class for passwords
+#
+# ==== Examples
+#
+# Validates that attribute is not pwned, but only in production.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: true, if: -> { Rails.env.production? }
+#   end
+#
+# Validates that attribute meets min/max and is not pwned.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: { min: 12, max: 128 }
+#   end
+class UnpwnedValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unpwn = Unpwn.new(**options.slice(:min, :max, :request_options))
+    if unpwn.min && value.length < unpwn.min
+      record.errors.add attribute, "is too short"
+    end
+    if unpwn.max && value.length > unpwn.max
+      record.errors.add attribute, "is too long"
+    end
+    if unpwn.pwned?(value)
+      record.errors.add attribute, options.fetch(:message,
+        "is in common password lists, please choose something more unique")
+    end
+  end
+end

data/unpwn.gemspec CHANGED Viewed

@@ -21,10 +21,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_dependency "bloomer", "~> 1.0"
-  spec.add_dependency "pwned", "~> 1.2"
+  spec.add_dependency "pwned", "~> 2.0"
   spec.add_development_dependency "bundler", ">= 1"
   spec.add_development_dependency "http", "~> 4.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: unpwn
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Andre Arko
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 2021-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -115,6 +115,7 @@ files:
 - lib/top1000000.msgpack
 - lib/unpwn.rb
 - lib/unpwn/version.rb
+- lib/unpwned_validator.rb
 - unpwn.gemspec
 homepage: https://github.com/indirect/unpwn
 licenses: