RubyGems - unpwn - Versions diffs - 0.3.0 → 1.0.1 - Mend

unpwn 0.3.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50c1081ffc7e72b8a1e361ad624adf96198a4c6e514591b3594882a2a9def135
-  data.tar.gz: 65d5f0f41746f64b9cc91861e664c85fd7d9d0f15242459b4a928e9e47bdab18
+  metadata.gz: 7b1e7ea86fc19c81387ce58eb83ab484557ac181fdbff154ba374475a83e30f0
+  data.tar.gz: cbedab06fecd36fea8084a9d7a3beb8ede35b16b5d8fc2ada55466473854fcec
 SHA512:
-  metadata.gz: 55b0fead2d885c1ea121c6f188225dfd6ba75a8ddb921c43d188f74d33b2bcc466d2dda1a9fffd7905cd5353ba4b1b5f17a702810a63a04b83f9d819aa37efc1
-  data.tar.gz: e1479fe39d6fd86d6a450ceb35681c4311d7125ebeb2c9da382301a0d7d13b4bcf8256f5205fcbf969295ff5459c57ac04c741c3b5160f87242249e0dc2d8891
+  metadata.gz: bdc5fb645fb17fb43b7b760274b056e0e1ddea9df67121e5be045a49c6e66c1208e0194213d5aefbce55348f1b0640c4ed48d4f73ee971f230cc787c2b957e40
+  data.tar.gz: f2d71325a90aae8ffbe3b0d7f91a9d03e92de23300a39dfcaae67c4ed241e002b69a9785c17c04211fd9e30709512d2d5095a4c5aed15445b9b381d556f197af

data/.travis.yml CHANGED Viewed

@@ -4,4 +4,5 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6.0
+  - 2.7.1
 before_install: "gem install 'bundler:~>2.0'"

data/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,7 @@
+# 1.0.1
+- Fixed exception in `UnpwnedValidator` when the value was `nil`.
+# 1.0.0
+Initial release.

data/Gemfile.lock CHANGED Viewed

@@ -1,61 +1,65 @@
 PATH
   remote: .
   specs:
-    unpwn (0.3.0)
+    unpwn (1.0.1)
       bloomer (~> 1.0)
-      pwned (~> 1.2)
+      pwned (~> 2.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
-    bitarray (1.2.0)
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    base64 (0.2.0)
+    bitarray (1.3.1)
     bloomer (1.0.0)
       bitarray
       msgpack
-    diff-lcs (1.3)
-    domain_name (0.5.20180417)
-      unf (>= 0.0.5, < 1.0.0)
-    http (4.0.0)
-      addressable (~> 2.3)
+    diff-lcs (1.6.2)
+    domain_name (0.6.20240107)
+    ffi (1.17.2)
+    ffi-compiler (1.3.2)
+      ffi (>= 1.15.5)
+      rake
+    http (5.2.0)
+      addressable (~> 2.8)
+      base64 (~> 0.1)
       http-cookie (~> 1.0)
-      http-form_data (~> 2.0)
-      http_parser.rb (~> 0.6.0)
-    http-cookie (1.0.3)
+      http-form_data (~> 2.2)
+      llhttp-ffi (~> 0.5.0)
+    http-cookie (1.0.8)
       domain_name (~> 0.5)
-    http-form_data (2.1.1)
-    http_parser.rb (0.6.0)
-    msgpack (1.3.1)
-    public_suffix (3.0.3)
-    pwned (1.2.1)
-    rake (10.5.0)
-    rspec (3.8.0)
-      rspec-core (~> 3.8.0)
-      rspec-expectations (~> 3.8.0)
-      rspec-mocks (~> 3.8.0)
-    rspec-core (3.8.0)
-      rspec-support (~> 3.8.0)
-    rspec-expectations (3.8.2)
+    http-form_data (2.3.0)
+    llhttp-ffi (0.5.1)
+      ffi-compiler (~> 1.0)
+      rake (~> 13.0)
+    msgpack (1.8.0)
+    public_suffix (6.0.2)
+    pwned (2.4.1)
+    rake (13.2.1)
+    rspec (3.13.0)
+      rspec-core (~> 3.13.0)
+      rspec-expectations (~> 3.13.0)
+      rspec-mocks (~> 3.13.0)
+    rspec-core (3.13.3)
+      rspec-support (~> 3.13.0)
+    rspec-expectations (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-mocks (3.8.0)
+      rspec-support (~> 3.13.0)
+    rspec-mocks (3.13.4)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.8.0)
-    rspec-support (3.8.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.5)
+      rspec-support (~> 3.13.0)
+    rspec-support (3.13.3)
 PLATFORMS
   ruby
 DEPENDENCIES
   bundler (>= 1)
-  http (~> 4.0)
-  rake (~> 10.0)
+  http (~> 5.0)
+  rake (~> 13.0)
   rspec (~> 3.0)
   unpwn!
 BUNDLED WITH
-   2.0.1
+   2.6.9

data/README.md CHANGED Viewed

@@ -8,13 +8,17 @@ Inspired by @codahale's [passpol](https://github.com/codahale/passpol), and uses
 ## Installation
-Add `unpwn` to your `Gemfile`:
+Run `bundle add unpwn` to add the gem to your `Gemfile`.
+## Usage (Rails)
 ```ruby
-gem "unpwn", "~> 1.0"
+class User
+  validates :password, unpwned: true, if: -> { Rails.env.production? }
+end
 ```
-## Usage
+## Usage (Ruby)
 ```ruby
 require "unpwn"

data/lib/unpwn/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Unpwn
-  VERSION = "0.3.0"
+  VERSION = "1.0.1"
 end

data/lib/unpwn.rb CHANGED Viewed

@@ -1,13 +1,26 @@
 require "unpwn/version"
-require "bloomer"
-require "bloomer/msgpackable"
-require "pwned"
-# Unpwn.pwned? tells you if a password should be rejected.
+# Unpwn checks passwords locally against the top one million passwords, as
+# provided by the nbp project. Then, it uses the haveibeenpwned API to check
+# proposed passwords against the largest corpus of publicly dumped passwords in
+# the world.
 class Unpwn
+  class << self
+    # Set `offline` to true to disable requests to the haveibeenpwned.com API
+    attr_accessor :offline
+    # Check if a password is _not_ already published. To set options like
+    # `min`, `max`, or on the Pwned API check, create a new instance of your
+    # own.
+    def acceptable?(password)
+      new.acceptable?(password)
+    end
+  end
   attr_reader :min, :max, :request_options
+  # Set the options for an Unpwn instance. `request_options` will be passed
+  # verbatim to the `Pwned` library.
   def initialize(min: 8, max: nil, request_options: nil)
     raise ArgumentError if min && min < 8
     raise ArgumentError if max && max < 64
@@ -17,6 +30,7 @@ class Unpwn
     @request_options = request_options || {}
   end
+  # Check if a password meets the requirements and is not pwned.
   def acceptable?(password)
     return false if min && password.size < min
     return false if max && password.size > max
@@ -24,15 +38,34 @@ class Unpwn
     !pwned?(password)
   end
+  # Checks if a password is pwned, via bloom filter then `Pwned`.
   def pwned?(password)
-    bloom.include?(password) || Pwned.pwned?(password, request_options)
+    pwned = bloom.include?(password)
+    unless self.class.offline
+      require "pwned"
+      pwned ||= Pwned.pwned?(password, request_options)
+    end
+    pwned
   end
   def bloom
     @bloom ||= begin
+      require "bloomer"
+      require "bloomer/msgpackable"
       top = File.read File.expand_path("top1000000.msgpack", __dir__)
       Bloomer.from_msgpack(top)
     end
   end
+  def inspect
+    "<UnPwn bloomed=#{@bloom ? 'yes' : 'no'}>"
+  end
+  alias :to_s :inspect
+end
+if defined?(ActiveModel) || defined?(Rails)
+  autoload :UnpwnedValidator, "unpwned_validator"
 end

data/lib/unpwned_validator.rb ADDED Viewed

@@ -0,0 +1,37 @@
+require "unpwn"
+# Validator class for passwords
+#
+# ==== Examples
+#
+# Validates that attribute is not pwned, but only in production.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: true, if: -> { Rails.env.production? }
+#   end
+#
+# Validates that attribute meets min/max and is not pwned.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: { min: 12, max: 128 }
+#   end
+class UnpwnedValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    return if value.nil?
+    unpwn = Unpwn.new(**options.slice(:min, :max, :request_options))
+    if unpwn.min && value.length < unpwn.min
+      record.errors.add attribute, "is too short"
+    end
+    if unpwn.max && value.length > unpwn.max
+      record.errors.add attribute, "is too long"
+    end
+    if unpwn.pwned?(value)
+      record.errors.add attribute, options.fetch(:message,
+        "is in common password lists, please choose something more unique")
+    end
+  end
+end

data/unpwn.gemspec CHANGED Viewed

@@ -21,10 +21,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_dependency "bloomer", "~> 1.0"
-  spec.add_dependency "pwned", "~> 1.2"
+  spec.add_dependency "pwned", "~> 2.0"
   spec.add_development_dependency "bundler", ">= 1"
-  spec.add_development_dependency "http", "~> 4.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "http", "~> 5.0"
+  spec.add_development_dependency "rake", "~> 13.0"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: unpwn
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.1
 platform: ruby
 authors:
 - Andre Arko
-autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -30,14 +29,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -58,28 +57,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '4.0'
+        version: '5.0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -104,6 +103,7 @@ files:
 - ".gitignore"
 - ".rspec"
 - ".travis.yml"
+- CHANGELOG.md
 - CODE_OF_CONDUCT.md
 - Gemfile
 - Gemfile.lock
@@ -115,12 +115,12 @@ files:
 - lib/top1000000.msgpack
 - lib/unpwn.rb
 - lib/unpwn/version.rb
+- lib/unpwned_validator.rb
 - unpwn.gemspec
 homepage: https://github.com/indirect/unpwn
 licenses:
 - MIT
 metadata: {}
-post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -135,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key:
+rubygems_version: 3.6.8
 specification_version: 4
 summary: Keeps passwords from being easily hackable.
 test_files: []