NotPwnedValidator

Parsed documentation:
View on GitHub
An +ActiveModel+ validator to check passwords against the Pwned Passwords API.

@example Validate a password on a +User+ model with the default options.
    class User < ApplicationRecord
      validates :password, not_pwned: true
    end

@example Validate a password on a +User+ model with a custom error message.
    class User < ApplicationRecord
      validates :password, not_pwned: { message: "has been pwned %{count} times" }
    end

@example Validate a password on a +User+ model that allows the password to have been breached once.
    class User < ApplicationRecord
      validates :password, not_pwned: { threshold: 1 }
    end

@example Validate a password on a +User+ model, handling API errors in various ways
    class User < ApplicationRecord
      # The record is marked as invalid on network errors
      # (error message "could not be verified against the past data breaches".)
      validates :password, not_pwned: { on_error: :invalid }

      # The record is marked as invalid on network errors with custom error.
      validates :password, not_pwned: { on_error: :invalid, error_message: "might be pwned" }

      # An error is raised on network errors.
      # This means that `record.valid?` will raise `Pwned::Error`.
      # Not recommended to use in production.
      validates :password, not_pwned: { on_error: :raise_error }

      # Call custom proc on error. For example, capture errors in Sentry,
      # but do not mark the record as invalid.
      validates :password, not_pwned: {
        on_error: ->(record, error) { Raven.capture_exception(error) }
      }
    end

@since 1.2.0
No suggestions.
Please help! Open an issue on GitHub if this assessment is incorrect.