RubyGems - unpwn - Versions diffs - 0.3.0 → 1.0.0 - Mend

unpwn 0.3.0 → 1.0.0

Files changed (8) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 50c1081ffc7e72b8a1e361ad624adf96198a4c6e514591b3594882a2a9def135
-  data.tar.gz: 65d5f0f41746f64b9cc91861e664c85fd7d9d0f15242459b4a928e9e47bdab18
+  metadata.gz: a04f3b1e7997fc330c4ff2069c3e399fd05518ea0d85243518d6477acef7f5a8
+  data.tar.gz: 10b25465bd63f35460c6956c53cb918e78a3002523a37af88bcedf888e4960cd
 SHA512:
-  metadata.gz: 55b0fead2d885c1ea121c6f188225dfd6ba75a8ddb921c43d188f74d33b2bcc466d2dda1a9fffd7905cd5353ba4b1b5f17a702810a63a04b83f9d819aa37efc1
-  data.tar.gz: e1479fe39d6fd86d6a450ceb35681c4311d7125ebeb2c9da382301a0d7d13b4bcf8256f5205fcbf969295ff5459c57ac04c741c3b5160f87242249e0dc2d8891
+  metadata.gz: 669ab5c727080d5f32d72e5e8a582b6756071965abdb0104a45292a886eb26761f5c5190c6b390136bdfaa049b65084d197c0a3655bed90cec9c388d888bca67
+  data.tar.gz: d411bb396f905ade6953c851a1a0a3a6419814696332e2abbc583378a96ef79954f509e8e2882d861bc137b3a30ccc22c209feafb09baafe7dfee7d5d6096cde

data/.travis.yml CHANGED Viewed

@@ -4,4 +4,5 @@ language: ruby
 cache: bundler
 rvm:
   - 2.6.0
+  - 2.7.1
 before_install: "gem install 'bundler:~>2.0'"

data/Gemfile.lock CHANGED Viewed

@@ -1,15 +1,15 @@
 PATH
   remote: .
   specs:
-    unpwn (0.3.0)
+    unpwn (1.0.0)
       bloomer (~> 1.0)
-      pwned (~> 1.2)
+      pwned (~> 2.0)
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.5.2)
-      public_suffix (>= 2.0.2, < 4.0)
+    addressable (2.8.0)
+      public_suffix (>= 2.0.2, < 5.0)
     bitarray (1.2.0)
     bloomer (1.0.0)
       bitarray
@@ -26,10 +26,10 @@ GEM
       domain_name (~> 0.5)
     http-form_data (2.1.1)
     http_parser.rb (0.6.0)
-    msgpack (1.3.1)
-    public_suffix (3.0.3)
-    pwned (1.2.1)
-    rake (10.5.0)
+    msgpack (1.4.2)
+    public_suffix (4.0.6)
+    pwned (2.3.0)
+    rake (12.3.3)
     rspec (3.8.0)
       rspec-core (~> 3.8.0)
       rspec-expectations (~> 3.8.0)
@@ -53,9 +53,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (>= 1)
   http (~> 4.0)
-  rake (~> 10.0)
+  rake (~> 12.3)
   rspec (~> 3.0)
   unpwn!
 BUNDLED WITH
-   2.0.1
+   2.2.21

data/lib/unpwn/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 class Unpwn
-  VERSION = "0.3.0"
+  VERSION = "1.0.0"
 end

data/lib/unpwn.rb CHANGED Viewed

@@ -1,13 +1,26 @@
 require "unpwn/version"
-require "bloomer"
-require "bloomer/msgpackable"
-require "pwned"
-# Unpwn.pwned? tells you if a password should be rejected.
+# Unpwn checks passwords locally against the top one million passwords, as
+# provided by the nbp project. Then, it uses the haveibeenpwned API to check
+# proposed passwords against the largest corpus of publicly dumped passwords in
+# the world.
 class Unpwn
+  class << self
+    # Set `offline` to true to disable requests to the haveibeenpwned.com API
+    attr_accessor :offline
+    # Check if a password is _not_ already published. To set options like
+    # `min`, `max`, or on the Pwned API check, create a new instance of your
+    # own.
+    def acceptable?(password)
+      new.acceptable?(password)
+    end
+  end
   attr_reader :min, :max, :request_options
+  # Set the options for an Unpwn instance. `request_options` will be passed
+  # verbatim to the `Pwned` library.
   def initialize(min: 8, max: nil, request_options: nil)
     raise ArgumentError if min && min < 8
     raise ArgumentError if max && max < 64
@@ -17,6 +30,7 @@ class Unpwn
     @request_options = request_options || {}
   end
+  # Check if a password meets the requirements and is not pwned.
   def acceptable?(password)
     return false if min && password.size < min
     return false if max && password.size > max
@@ -24,15 +38,34 @@ class Unpwn
     !pwned?(password)
   end
+  # Checks if a password is pwned, via bloom filter then `Pwned`.
   def pwned?(password)
-    bloom.include?(password) || Pwned.pwned?(password, request_options)
+    pwned = bloom.include?(password)
+    unless self.class.offline
+      require "pwned"
+      pwned ||= Pwned.pwned?(password, request_options)
+    end
+    pwned
   end
   def bloom
     @bloom ||= begin
+      require "bloomer"
+      require "bloomer/msgpackable"
       top = File.read File.expand_path("top1000000.msgpack", __dir__)
       Bloomer.from_msgpack(top)
     end
   end
+  def inspect
+    "<UnPwn bloomed=#{@bloom ? 'yes' : 'no'}>"
+  end
+  alias :to_s :inspect
+end
+if defined?(ActiveModel) || defined?(Rails)
+  autoload :UnpwnedValidator, "unpwned_validator"
 end

data/lib/unpwned_validator.rb ADDED Viewed

@@ -0,0 +1,35 @@
+require "unpwn"
+# Validator class for passwords
+#
+# ==== Examples
+#
+# Validates that attribute is not pwned, but only in production.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: true, if: -> { Rails.env.production? }
+#   end
+#
+# Validates that attribute meets min/max and is not pwned.
+#
+#   class User < ActiveRecord::Base
+#     validates :password, unpwned: { min: 12, max: 128 }
+#   end
+class UnpwnedValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    unpwn = Unpwn.new(**options.slice(:min, :max, :request_options))
+    if unpwn.min && value.length < unpwn.min
+      record.errors.add attribute, "is too short"
+    end
+    if unpwn.max && value.length > unpwn.max
+      record.errors.add attribute, "is too long"
+    end
+    if unpwn.pwned?(value)
+      record.errors.add attribute, options.fetch(:message,
+        "is in common password lists, please choose something more unique")
+    end
+  end
+end

data/unpwn.gemspec CHANGED Viewed

@@ -21,10 +21,10 @@ Gem::Specification.new do |spec|
   spec.require_paths = ["lib"]
   spec.add_dependency "bloomer", "~> 1.0"
-  spec.add_dependency "pwned", "~> 1.2"
+  spec.add_dependency "pwned", "~> 2.0"
   spec.add_development_dependency "bundler", ">= 1"
   spec.add_development_dependency "http", "~> 4.0"
-  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_development_dependency "rake", "~> 12.3"
   spec.add_development_dependency "rspec", "~> 3.0"
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: unpwn
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Andre Arko
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2019-09-16 00:00:00.000000000 Z
+date: 2021-09-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bloomer
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.2'
+        version: '2.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -72,14 +72,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '12.3'
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -115,6 +115,7 @@ files:
 - lib/top1000000.msgpack
 - lib/unpwn.rb
 - lib/unpwn/version.rb
+- lib/unpwned_validator.rb
 - unpwn.gemspec
 homepage: https://github.com/indirect/unpwn
 licenses: