devise-pwned_password icon indicating copy to clipboard operation
devise-pwned_password copied to clipboard

Published 20 hours ago verified publisher icon michaelbanfield

Add global enabled option so we can toggle it on and off for different tests

Open TylerRick opened this issue 4 years ago • 0 comments

It would be useful to be able to configure the pwned_password checking feature to be disabled by default — this is what we would want in most tests, so that tests and user factory calls run faster — but to be able to enable them for certain feature tests that specifically need to test the flow/behavior for what should happen when a user does try to use, or already have, a pwned password.

I was thinking of adding a setting called pwned_password_check_enabled (to match pwned_password_check_on_sign_in), like:

Devise.pwned_password_check_enabled = false  # default true

This would be similar to PaperTrail.enabled, for example, and toggle the behavior on and off globally.

Then we'd just make the validation depend on that config, like:

  validate :not_pwned_password, if: :check_pwned_password?

check_pwned_password? could just delegate to Devise.pwned_password_check_enabled:

def check_pwned_password?
  Devise.pwned_password_check_enabled &&
    (Devise.activerecord51? ? :will_save_change_to_encrypted_password? : :encrypted_password_changed?)
end

Of course the docs would have to be updated, too. See PaperTrail's section on testing.

Does this sound good?

See also: #18, #27

TylerRick avatar Apr 25 '20 02:04 TylerRick