FriendsOfFlarum Pwned Passwords

OrdinaryJellyfish

clarkwinkelmann If we don't enforce the no-password-reuse, then show a banner like for email validation or new terms of use in Flagrow Terms

That sounds like what I'm going to do. Non-dismissable would probably annoy them enough to reset their password 😉

Ralkage I assume you mean this peace, though

You mean piece? 😛

OrdinaryJellyfish

0.3.0

Moved to FriendsOfFlarum
Add check on login (optional, of course!)
Fix password reset view

Updating

composer update fof/components
composer require fof/pwned-passwords

If migrating from ReFlar, disable & remove the ReFlar extension after enabling this one.

[deleted]

[deleted] Same here

luceos

try this:

composer require fof/pwned-passwords --update-with-dependencies

Nerd talk / how to dissect the composer log

composer output isn't really sorted based on what it finds first
it mentions as 4th entry that fof/pwned-passwords needs fof/components, but at least 0.1.1
it mentions as last entry that fof/components was requested, but it is locked at 0.1.0; that it is locked means that it already exists in the composer.lock; this means that either your composer.json requires it, or that one of the entries has it as a dependencies

As a result it tries to push fof/components to 0.1.1, but can't because the lock file tells composer it should install 0.1.0. As composer require is supposed to install new things matching your current configuration/dependencies, it cannot update fof/components. However the flag --update-with-dependencies does allow to update dependencies of just the one package we're installing.

[deleted]

luceos Fails with "Nerd Talk" switch enabled !

phenomlab@vps:~/forum.phenomlab.com$ composer require fof/pwned-passwords --update-with-dependencies
Using version ^0.3.0 for fof/pwned-passwords
./composer.json has been updated
Loading composer repositories with package information
Updating dependencies (including require-dev)
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - Can only install one of: fof/components[0.1.1, 0.1.0].
    - Can only install one of: fof/components[0.1.1, 0.1.0].
    - Can only install one of: fof/components[0.1.1, 0.1.0].
    - fof/pwned-passwords 0.3.0 requires fof/components >=0.1.1 -> satisfiable by fof/components[0.1.1].
    - Installation request for fof/pwned-passwords ^0.3.0 -> satisfiable by fof/pwned-passwords[0.3.0].
    - Installation request for fof/components (locked at 0.1.0) -> satisfiable by fof/components[0.1.0].


Installation failed, reverting ./composer.json to its original content.

datitisev

[deleted] [deleted] Could you run composer why fof/components so I can see which extension is causing the issue?

luceos

Last idea would be to use this:

composer require fof/pwned-passwords --update-with-all-dependencies

[deleted]

datitisev
fof/best-answer 0.1.4 requires fof/components (>=0.1.0) fof/formatting 0.1.4 requires fof/components (>=0.1.0) fof/stopforumspam 0.2.1 requires fof/components (>=0.1.0)

[deleted]

[deleted] #metoo

OrdinaryJellyfish

[deleted] [deleted] that's pretty odd. I was able to reproduce the issue by downgrading fof/components to 0.1.0. Like you said, luceo's suggested solutions didn't work for me either. I was able to fix it, however, by upgrading fof/components (composer update fof/components) and then installing pwned passwords. Not sure why composer doesn't want to update fof/components...

[deleted]

OrdinaryJellyfish Works fine for me !
Thanks

[deleted]

OrdinaryJellyfish Thanks.

YUX-IO

i'm getting this and i have to remove the extension. how can i fix this?
thanks!

Flarum encountered a boot error (ReflectionException)
Class FoF\PwnedPasswords\Listeners\AddMiddleware does not exist
thrown in /www/wwwroot/flarum/vendor/illuminate/container/Container.php on line 779

OrdinaryJellyfish

0.4.0

Added option to restrict pwned admin privileges
New PwnedPasswordDetected event
Now requires beta 12 or up

Updating

composer update fof/pwned-passwords

karaok

0.5.0

beta 14 ready 🥳

Updating

composer require fof/pwned-passwords
php flarum cache:clear

karaok

0.5.1

Allow guzzlehttp/guzzle v6.x or v7.x

IanM

0.6.0

Flarum beta 15 support

Ralkage

0.7.0 🔐

Updated for beta 16

Updating

composer require fof/pwned-passwords:"*"

Valeyard

Hi thanks for maintaining this extension. Do you think we could alter the wording a bit and provide a link on the error message so people actually know how the extension works? Or better still you could provide a way for the Flarum admin to change the error message in the settings and link to their own privacy page?

A lot of people when they read "The password you chose is registered in the Pwned Passwords database, please choose a different one" will draw incorrect conclusions, e.g. that I sent their password to a 3rd-party. I'd prefer a message like: "Your password failed a compromised database check."

Ralkage

Valeyard Do you think we could alter the wording a bit

This can currently be accomplished if you have fof/linguist installed 🙂 all relative translation keys for this extension can be found here for reference.

We do not currently have plans to add options to alter the wording via extension settings.

« Previous Page Next Page »