Closed danielolivaresd closed 6 years ago
You know, I did think that at one point, but that had dropped out of my mind before I pushed and released.
I think the best strategy here would be to rename the PwnedValidator
class to NotPwnedValidator
and update the docs to use not_pwned
. But since it was part of the release, I'd keep the pwned
version around for a bit, just not documented.
I'll see if I can do that. Thanks for bringing it up.
Updated in #8.
You can now use:
validates :password, not_pwned: true
in version 1.2.0.
Note: I haven't actually played with the gem. I just checked the README.
In my personal opinion, the ActiveRecord Validator may be confusing as it is, because it implies that the attribute needs to be "pwned" (i.e. it needs to exist on the Pwned Passwords database because it was included in a breach). I think that the opposite is meant, but correct me if I'm wrong.
If this is something that makes sense to you, let me know and I can probably take a look at it when I have some time and submit a PR.