ActiveRecord Validator may be confusing

Question

ActiveRecord Validator may be confusing

danielolivaresd opened this issue 6 years ago · comments

Note: I haven't actually played with the gem. I just checked the README.

In my personal opinion, the ActiveRecord Validator may be confusing as it is, because it implies that the attribute needs to be "pwned" (i.e. it needs to exist on the Pwned Passwords database because it was included in a breach). I think that the opposite is meant, but correct me if I'm wrong.

# Current validator
validates :password, pwned: true

# Suggested validator
validates :password, not_pwned: true

If this is something that makes sense to you, let me know and I can probably take a look at it when I have some time and submit a PR.

Phil Nash · Answer 1 · Wed Mar 14 2018 07:49:01 GMT+0800 (China Standard Time)

You know, I did think that at one point, but that had dropped out of my mind before I pushed and released.

I think the best strategy here would be to rename the PwnedValidator class to NotPwnedValidator and update the docs to use not_pwned. But since it was part of the release, I'd keep the pwned version around for a bit, just not documented.

I'll see if I can do that. Thanks for bringing it up.

Phil Nash · Answer 2 · Wed Mar 14 2018 08:12:46 GMT+0800 (China Standard Time)

Updated in #8.

Phil Nash · Answer 3 · Fri Mar 16 2018 06:22:00 GMT+0800 (China Standard Time)

You can now use:

validates :password, not_pwned: true

in version 1.2.0.