Added pwned check

2024-08-21 03:29:40 +02:00
parent 2d5b6655ea
commit e7ef384773
3 changed files with 14 additions and 0 deletions
--- a/2
+++ b/2
@@ -61,3 +61,5 @@ group :test do
 end

 gem "authentication-zero", "~> 3.0"
+# Use Pwned to check if a password has been found in any of the huge data breaches [https://github.com/philnash/pwned]
+gem "pwned"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -104,7 +104,16 @@ GEM
      reline (>= 0.3.8)
    drb (2.2.1)
    erubi (1.13.0)
+    ffi (1.17.0-aarch64-linux-gnu)
+    ffi (1.17.0-aarch64-linux-musl)
+    ffi (1.17.0-arm-linux-gnu)
+    ffi (1.17.0-arm-linux-musl)
+    ffi (1.17.0-arm64-darwin)
+    ffi (1.17.0-x86-linux-gnu)
+    ffi (1.17.0-x86-linux-musl)
+    ffi (1.17.0-x86_64-darwin)
    ffi (1.17.0-x86_64-linux-gnu)
+    ffi (1.17.0-x86_64-linux-musl)
    globalid (1.2.1)
      activesupport (>= 6.1)
    i18n (1.14.5)
@@ -176,6 +185,7 @@ GEM
    public_suffix (6.0.1)
    puma (6.4.2)
      nio4r (~> 2.0)
+    pwned (2.4.1)
    racc (1.8.1)
    rack (3.1.7)
    rack-session (2.0.0)
@@ -349,6 +359,7 @@ DEPENDENCIES
  jbuilder
  letter_opener
  puma (>= 5.0)
+  pwned
  rails (~> 7.2.0)
  rubocop-rails-omakase
  selenium-webdriver
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -13,6 +13,7 @@ class User < ApplicationRecord

  validates :email, presence: true, uniqueness: true, format: { with: URI::MailTo::EMAIL_REGEXP }
  validates :password, allow_nil: true, length: { minimum: 12 }
+  validates :password, not_pwned: { message: "might easily be guessed" }

  normalizes :email, with: -> { _1.strip.downcase }