Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 038d9b7

Browse filesBrowse files
javiereguiluzOskarStark
javiereguiluz
authored and
OskarStark
committed
Documented the disable_not_compromised_password option
1 parent 47551a7 commit 038d9b7
Copy full SHA for 038d9b7

File tree

2 files changed

+27
-0
lines changed
Filter options

2 files changed

+27
-0
lines changed

‎reference/configuration/framework.rst

Copy file name to clipboardExpand all lines: reference/configuration/framework.rst
+21Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,7 @@ Configuration
184184
* `validation`_
185185

186186
* :ref:`cache <reference-validation-cache>`
187+
* :ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
187188
* `email_validation_mode`_
188189
* :ref:`enable_annotations <reference-validation-enable_annotations>`
189190
* :ref:`enabled <reference-validation-enabled>`
@@ -1777,6 +1778,26 @@ has to implement the :class:`Symfony\\Component\\Validator\\Mapping\\Cache\\Cach
17771778
Set this option to ``validator.mapping.cache.doctrine.apc`` to use the APC
17781779
cache provide from the Doctrine project.
17791780

1781+
.. _reference-validation-disable_not_compromised_password:
1782+
1783+
disable_not_compromised_password
1784+
................................
1785+
1786+
**type**: ``boolean`` **default**: ``false``
1787+
1788+
.. versionadded:: 4.3
1789+
1790+
The ``disable_not_compromised_password`` option was introduced in Symfony 4.3.
1791+
1792+
The :doc:`NotCompromisedPassword </reference/constraints/NotCompromisedPassword>`
1793+
constraint makes HTTP requests to a public API to check if the given password
1794+
has been compromised in a data breach.
1795+
1796+
If you set this option to ``true``, no HTTP requests will be made and the given
1797+
password will be considered valid. This is useful when you don't want or can't
1798+
make HTTP requests, such as in ``dev`` and ``test`` environments or in
1799+
continuous integration servers.
1800+
17801801
.. _reference-validation-enable_annotations:
17811802

17821803
enable_annotations

‎reference/constraints/NotCompromisedPassword.rst

Copy file name to clipboardExpand all lines: reference/constraints/NotCompromisedPassword.rst
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -97,6 +97,12 @@ For example, if the password is ``test``, the entire SHA-1 hash is
9797
``a94a8fe5ccb19ba61c4c0873d391e987982fbbd3`` but the validator only sends
9898
``a94a8`` to the ``haveibeenpwned.com`` API.
9999

100+
.. seealso::
101+
102+
When using this constraint inside a Symfony application, define the
103+
:ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
104+
option to avoid making HTTP requests in the ``dev`` and ``test`` environments.
105+
100106
Available Options
101107
-----------------
102108

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.