Module: Devise::Models::PwnedPassword
- Extended by:
- ActiveSupport::Concern
- Defined in:
- lib/devise/pwned_password/model.rb
Overview
The PwnedPassword module adds a new validation for Devise Models. No modifications to routes or controllers needed. Simply add :pwned_password to the list of included modules in your devise module, and all new registrations will be blocked if they use a password in this dataset haveibeenpwned.com/Passwords.
Defined Under Namespace
Modules: ClassMethods
Instance Method Summary collapse
-
#password_pwned?(password) ⇒ Boolean
Returns true if password is present in the PwnedPasswords dataset.
- #pwned? ⇒ Boolean
- #pwned_count ⇒ Object
Instance Method Details
#password_pwned?(password) ⇒ Boolean
Returns true if password is present in the PwnedPasswords dataset
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
# File 'lib/devise/pwned_password/model.rb', line 38 def password_pwned?(password) @pwned = false @pwned_count = 0 = { headers: { "User-Agent" => "devise_pwned_password" }, read_timeout: self.class.pwned_password_read_timeout, open_timeout: self.class.pwned_password_open_timeout } pwned_password = Pwned::Password.new(password.to_s, ) begin @pwned_count = pwned_password.pwned_count @pwned = @pwned_count >= ( if persisted? # If you do have a different warning threshold, that threshold will also be used # when a user changes their password so that they don't continue to be warned if they # choose another password that is in the pwned list but occurs with a frequency below # the main threshold that is used for *new* user registrations. self.class.min_password_matches_warn || self.class.min_password_matches else self.class.min_password_matches end ) return @pwned rescue Pwned::Error # This deliberately silently swallows errors and returns false (valid) if there was an error. Most apps won't want to tie the ability to sign up users to the availability of a third-party API. return false end false end |
#pwned? ⇒ Boolean
29 30 31 |
# File 'lib/devise/pwned_password/model.rb', line 29 def pwned? @pwned ||= false end |
#pwned_count ⇒ Object
33 34 35 |
# File 'lib/devise/pwned_password/model.rb', line 33 def pwned_count @pwned_count ||= 0 end |