-
-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using this asynchronously, but pre-hashing the password #19
Comments
Hey, thanks for opening this issue! This is actually the same request as #17, but with another strong reason to implement. I can work on this myself, but if you would like to have a go at it, then please do. Your approach to the interface sounds correct too. Let me know if you're going to take a crack at it. 🙂 |
I'll take a crack this afternoon |
Three options for the interface that I can see:
What's your preference? |
@philnash any thoughts on the above? |
I had a hard time thinking about this, because you're right that the 3 options aren't particularly attractive. 1 is icky, 2 seems like it would be unnecessary and I couldn't think of a good name for 3 either. Then I had an idea. When you create a password = Pwned::Password.new('password')
password.pwned?
#=> true
password.pwned_count
#=> 3759315 and also password = Pwned::PasswordHash.new('5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8')
password.pwned?
#=> true
password.pwned_count
#=> 3759315 This won't require a new version, doesn't mess with hash options and doesn't introduce a weird method name. What do you think? |
Yeah I think this is the cleanest approach. Let's do it. Will get a PR done this week |
Awesome, I look forward to it! |
I'd like to call the
pwned
method async (i.e. from a worker) so it doesn't slow down my API call.But I also would rather not put the password into my queueing db.
Could we add support for this in the library?
I am thinking something like
pwned
method which passes it through to the APII suspect I can already do this by hacking the internals of the library, but was wondering if you think it's something worth explicitly supporting?
Happy to write a PR with an implementation (probably just a standalone 'hash password' method and then a way of initialising a
Pwned::Password
with an already hashed password)The text was updated successfully, but these errors were encountered: