Add Laravel 7 compatibility (#12)

* Add Laravel 7 compatibility

Co-authored-by: Claudio Dekker <[email protected]>

Author: claudiodekker

.editorconfig

@@ -0,0 +1,15 @@
+; This file is for unifying the coding style for different editors and IDEs.
+; More information at https://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+indent_size = 4
+indent_style = space
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false

.gitattributes

@@ -0,0 +1,12 @@
+# Path-based git attributes
+# https://www.kernel.org/pub/software/scm/git/docs/gitattributes.html
+
+# Ignore all test and documentation with "export-ignore".
+/.editorconfig      export-ignore
+/.gitattributes     export-ignore
+/.gitignore         export-ignore
+/.styleci.yml       export-ignore
+/.scrutinizer.yml   export-ignore
+/.travis.yml        export-ignore
+/phpunit.xml.dist   export-ignore
+/tests              export-ignore

.gitignore

@@ -1,4 +1,5 @@
-/vendor/
-phpunit.xml
-composer.lock
 .env
+.phpunit.result.cache
+composer.lock
+phpunit.xml
+/vendor

.scrutinizer.yml

@@ -36,7 +36,7 @@ build:
         analysis:
             environment:
                 php:
-                    version: 7.2
+                    version: 7.4
             tests:
                 override:
                     - php-scrutinizer-run

.travis.yml

@@ -5,6 +5,7 @@ language: php
 php:
   - 7.2
   - 7.3
+  - 7.4
 
 env:
   matrix:

CHANGELOG.md

@@ -2,9 +2,15 @@
 
 All notable changes to `ubient/laravel-pwned-passwords` will be documented in this file
 
+## 2.0.1 - 2020-04-11
+- Add support for Laravel 7
+- Fixed a bug where an error might be thrown for not being able to reach the Pwned Passwords API. 
+  Instead, the default behaviour now is to accept the password as non-pwned and send a warning to Laravel's Log.
+  If you would like to override this behaviour, you can [create your own implementation of the LookupErrorHandler and bind it in your application](README.md#handling-lookup-errors).
+
 ## 2.0.0 - 2019-09-03
 - Drop support for Laravel 5.7 and older
-- Add support Laravel 6.0
+- Add support for Laravel 6
 
 ## 1.1.0 - 2019-02-27
 - Drop support for PHP 7.1

README.md

@@ -19,7 +19,15 @@ In order to protect the value of the source password being searched for, Pwned P
 This works by hashing the source password with SHA-1, and only sending the first 5 characters of that hash to the API.
 By checking whether the rest of the SHA-1 hash occurs within the output, we can verify both whether the password was pwned previously, and how frequently.
 
-### Usage
+## Installation
+
+You can install the package via composer:
+
+```bash
+composer require ubient/laravel-pwned-passwords
+```
+
+## Usage
 
 Here's a few short examples of what you can do:
 
@@ -59,29 +67,34 @@ $request->validate([
 ]);
 ```
 
-## Installation
+#### Handling Lookup Errors
+When the Pwned Passwords API cannot be queried, the default behavior is to accept the password as non-pwned and to send a warning message to the log.
+While this doesn't add much value, it does allow you to be aware of when a pwned password was allowed, and to potentially manually act on this.
 
-You can install the package via composer:
+If you would like to automatically do something else based on this lookup error (such as marking the request as potentially pwned), or want to decline the password instead,
+you may create your own implementation of the [LookupErrorHandler](src/Contracts/LookupErrorHandler.php) and overwrite the default binding in your application:
 
-```bash
-composer require ubient/laravel-pwned-passwords
+```php
+use Ubient\PwnedPasswords\Contracts\LookupErrorHandler;
+
+$this->app->bind(LookupErrorHandler::class, MyCustomErrorHandler::class);
 ```
 
-### Testing
+## Testing
 
 ``` bash
 composer test
 ```
 
-### Changelog
+## Changelog
 
 Please see [CHANGELOG](CHANGELOG.md) for more information what has changed recently.
 
 ## Contributing
 
 Please see [CONTRIBUTING](CONTRIBUTING.md) for details.
 
-### Security
+## Security
 
 If you discover any security related issues, please email [email protected] instead of using the issue tracker.
 

composer.json

@@ -23,11 +23,11 @@
     "require": {
         "php": "^7.2",
         "guzzlehttp/guzzle": "^6.3",
-        "illuminate/contracts": "^5.8|^6.0",
-        "illuminate/support": "^5.8|^6.0"
+        "illuminate/contracts": "^5.8|^6.0|^7.0",
+        "illuminate/support": "^5.8|^6.0|^7.0"
     },
     "require-dev": {
-        "orchestra/testbench": "^3.8",
+        "orchestra/testbench": "^3.8|^4.0|^5.0",
         "phpunit/phpunit": "^8.0"
     },
     "autoload": {

src/Api/FakeApiGateway.php

@@ -2,17 +2,22 @@
 
 namespace Ubient\PwnedPasswords\Api;
 
+use Ubient\PwnedPasswords\Contracts\ApiGateway;
+
 class FakeApiGateway implements ApiGateway
 {
     /**
      * Indicates how frequently a password was found to be pwned.
      *
      * @param  string $password
-     * @throws \RuntimeException
      * @return int
      */
     public function search(string $password): int
     {
+        if ($password === 'password1') {
+            throw new \RuntimeException('Simulated network connectivity issue.');
+        }
+
         return collect([
             'P@ssw0rd' => 49938,
             'hammertime6' => 5,

src/Api/PwnedPasswordsGateway.php

@@ -2,10 +2,11 @@
 
 namespace Ubient\PwnedPasswords\Api;
 
-use RuntimeException;
+use GuzzleHttp\Client as GuzzleClient;
 use Illuminate\Support\Collection;
 use Illuminate\Support\Facades\Cache;
-use GuzzleHttp\Client as GuzzleClient;
+use RuntimeException;
+use Ubient\PwnedPasswords\Contracts\ApiGateway;
 
 class PwnedPasswordsGateway implements ApiGateway
 {
@@ -18,15 +19,15 @@ class PwnedPasswordsGateway implements ApiGateway
     public function search(string $password): int
     {
         $hash = strtoupper(sha1($password));
-
         $hashPrefix = substr($hash, 0, 5);
         $hashSuffix = substr($hash, 5);
 
-        return Cache::remember("Ubient\PwnedPasswords::$hashPrefix", 7200, function () use ($hashPrefix, $hashSuffix) {
-            return $this
-                ->fetchHashes($hashPrefix)
-                ->get($hashSuffix, 0);
+        /** @var Collection $hashes */
+        $hashes = Cache::remember("Ubient\PwnedPasswords::$hashPrefix", 7200, function () use ($hashPrefix) {
+            return $this->fetchHashes($hashPrefix);
         });
+
+        return $hashes->get($hashSuffix, 0);
     }
 
     /**
@@ -36,7 +37,7 @@ public function search(string $password): int
      * and the value is the amount of times the password was pwned.
      *
      * @param  string $hashPrefix
-     * @throws \RuntimeException
+     * @throws RuntimeException
      * @return Collection
      */
     protected function fetchHashes(string $hashPrefix): Collection