ActiveRecord Validator may be confusing
danielolivaresd opened this issue · comments
Note: I haven't actually played with the gem. I just checked the README.
In my personal opinion, the ActiveRecord Validator may be confusing as it is, because it implies that the attribute needs to be "pwned" (i.e. it needs to exist on the Pwned Passwords database because it was included in a breach). I think that the opposite is meant, but correct me if I'm wrong.
# Current validator
validates :password, pwned: true
# Suggested validator
validates :password, not_pwned: true
If this is something that makes sense to you, let me know and I can probably take a look at it when I have some time and submit a PR.
You know, I did think that at one point, but that had dropped out of my mind before I pushed and released.
I think the best strategy here would be to rename the PwnedValidator
class to NotPwnedValidator
and update the docs to use not_pwned
. But since it was part of the release, I'd keep the pwned
version around for a bit, just not documented.
I'll see if I can do that. Thanks for bringing it up.
You can now use:
validates :password, not_pwned: true
in version 1.2.0.