I've just finished adding this gem into a project I am working on and mostly it's working great.
However, I noticed that whenever I signed in, I would get validation errors and a 500 from Rails about my password having been breached, specifically the message triggered from min_password_matches_warn. I would have expected to get the flash message that I had set up, not a full on validation error, especially since I have config.pwned_password_check_on_sign_in = false
I figured out that the problem was I was also using lastseenable for Devise, which updates the model on signin with a timestamp. This was causing validation for pwned password to trigger even though the password was the same.
It grabbed the latest code from master for model.rb, specifically lines 16-19 for include do, and that fixes the problem. So it should just be a matter of getting a new release at some-point to fix this issue. For now, I'm just going to get bundler to pull the master branch for my gemfile.
I've just finished adding this gem into a project I am working on and mostly it's working great.
However, I noticed that whenever I signed in, I would get validation errors and a 500 from Rails about my password having been breached, specifically the message triggered from min_password_matches_warn. I would have expected to get the flash message that I had set up, not a full on validation error, especially since I have
config.pwned_password_check_on_sign_in = falseI figured out that the problem was I was also using lastseenable for Devise, which updates the model on signin with a timestamp. This was causing validation for pwned password to trigger even though the password was the same.
It grabbed the latest code from master for model.rb, specifically lines 16-19 for
include do, and that fixes the problem. So it should just be a matter of getting a new release at some-point to fix this issue. For now, I'm just going to get bundler to pull the master branch for my gemfile.