It would be useful to be able to configure the pwned_password checking feature to be disabled by default — this is what we would want in most tests, so that tests and user factory calls run faster — but to be able to enable them for certain feature tests that specifically need to test the flow/behavior for what should happen when a user does try to use, or already have, a pwned password.
I was thinking of adding a setting called pwned_password_check_enabled (to match pwned_password_check_on_sign_in), like:
It would be useful to be able to configure the pwned_password checking feature to be disabled by default — this is what we would want in most tests, so that tests and user factory calls run faster — but to be able to enable them for certain feature tests that specifically need to test the flow/behavior for what should happen when a user does try to use, or already have, a pwned password.
I was thinking of adding a setting called
pwned_password_check_enabled(to matchpwned_password_check_on_sign_in), like:This would be similar to
PaperTrail.enabled, for example, and toggle the behavior on and off globally.Then we'd just make the validation depend on that config, like:
check_pwned_password?could just delegate toDevise.pwned_password_check_enabled:Of course the docs would have to be updated, too. See PaperTrail's section on testing.
Does this sound good?
See also: #18, #27