blob: 5483f61caeeac59490db570a0270adbc19fe335e (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
|
Devise::PwnedPassword is a Devise extension that checks user passwords against
the PwnedPasswords dataset.
It checks for compromised ("pwned") passwords in 2 different places/ways:
- As a standard model validation using pwned. This:
- prevents new users from being created (signing up) with a compromised
password
- prevents existing users from changing their password to a password that is
known to be compromised
- (Optionally) Whenever a user signs in, checks if their current password is
compromised and shows a warning if it is.
|
