diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst index ef08f9e27d9..d0e76c61b00 100644 --- a/reference/configuration/framework.rst +++ b/reference/configuration/framework.rst @@ -211,7 +211,6 @@ Configuration * `validation`_ * :ref:`cache ` - * :ref:`disable_not_compromised_password ` * `email_validation_mode`_ * :ref:`enable_annotations ` * :ref:`enabled ` @@ -219,6 +218,11 @@ Configuration * :ref:`paths ` + * :ref:`not_compromised_password ` + + * :ref:`enabled ` + * `endpoint`_ + * `static_method`_ * `strict_email`_ * `translation_domain`_ @@ -2084,42 +2088,62 @@ has to implement the :class:`Symfony\\Component\\Validator\\Mapping\\Cache\\Cach Set this option to ``validator.mapping.cache.doctrine.apc`` to use the APC cache provide from the Doctrine project. -.. _reference-validation-disable_not_compromised_password: +.. _reference-validation-enable_annotations: -disable_not_compromised_password -................................ +enable_annotations +.................. **type**: ``boolean`` **default**: ``false`` -.. versionadded:: 4.3 +If this option is enabled, validation constraints can be defined using annotations. - The ``disable_not_compromised_password`` option was introduced in Symfony 4.3. +translation_domain +.................. + +**type**: ``string`` **default**: ``validators`` + +The translation domain that is used when translating validation constraint +error messages. + +.. _reference-validation-not-compromised-password: + +not_compromised_password +~~~~~~~~~~~~~~~~~~~~~~~~ The :doc:`NotCompromisedPassword ` constraint makes HTTP requests to a public API to check if the given password has been compromised in a data breach. +.. _reference-validation-not-compromised-password-enabled: + +enabled +....... + +**type**: ``boolean`` **default**: ``false`` + +.. versionadded:: 4.3 + + The ``enabled`` option was introduced in Symfony 4.3. + If you set this option to ``true``, no HTTP requests will be made and the given password will be considered valid. This is useful when you don't want or can't make HTTP requests, such as in ``dev`` and ``test`` environments or in continuous integration servers. -.. _reference-validation-enable_annotations: - -enable_annotations -.................. - -**type**: ``boolean`` **default**: ``false`` +endpoint +........ -If this option is enabled, validation constraints can be defined using annotations. +**type**: ``string`` **default**: ``null`` -translation_domain -.................. +.. versionadded:: 4.3 -**type**: ``string`` **default**: ``validators`` + The ``endpoint`` option was introduced in Symfony 4.3. -The translation domain that is used when translating validation constraint -error messages. +By default, the :doc:`NotCompromisedPassword ` +constraint uses the public API provided by `haveibeenpwned.com`_. This option +allows to define a different, but compatible, API endpoint to make the password +checks. It's useful for example when the Symfony application is run in an +intranet without public access to Internet. static_method ............. @@ -2717,3 +2741,4 @@ to know their differences. .. _`RFC 3986`: https://www.ietf.org/rfc/rfc3986.txt .. _`default_socket_timeout`: https://php.net/manual/en/filesystem.configuration.php#ini.default-socket-timeout .. _`PEM formatted`: https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail +.. _`haveibeenpwned.com`: https://haveibeenpwned.com/ diff --git a/reference/constraints/NotCompromisedPassword.rst b/reference/constraints/NotCompromisedPassword.rst index 641596cc648..10aeded0e06 100644 --- a/reference/constraints/NotCompromisedPassword.rst +++ b/reference/constraints/NotCompromisedPassword.rst @@ -100,7 +100,7 @@ For example, if the password is ``test``, the entire SHA-1 hash is .. seealso:: When using this constraint inside a Symfony application, define the - :ref:`disable_not_compromised_password ` + :ref:`not_compromised_password ` option to avoid making HTTP requests in the ``dev`` and ``test`` environments. Available Options