for commercial use haveibeenpwned uses api-keys for authentication.

looking at the current api of this package, I don't know where/how to pass in the api key into the lib.
Am I the only one in need for this feature? :)

We had a user in production get a strange error today which seems to originate from this package:

rename(/home/sites/15a/5/564543e965/production/releases/161/vendor/divineomega/password_exposed/src/../bundles/ca-certs.json,/home/sites/15a/5/564543e965/production/releases/161/vendor/divineomega/password_exposed/src/../bundles/ca-certs-backup-20210915192000.json): No such file or directory

Its only happened once but should I be worried here?

hi,

cant install as a dependemcy from divineomega/laravel-password-exposed-validation-rule :

Running composer update langleyfoxall/laravel-nist-password-rules
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.

  Problem 1
    - divineomega/password_exposed v3.2.0 requires psr/cache ^1.0 -> found psr/cache[1.0.0, 1.0.1] but the package is fixed to 3.0.0 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
    - langleyfoxall/laravel-nist-password-rules[v5.0.0, ..., v5.0.1] require divineomega/laravel-password-exposed-validation-rule ^2.4.0 -> satisfiable by divineomega/laravel-password-exposed-validation-rule[v2.4.0].
    - divineomega/laravel-password-exposed-validation-rule v2.4.0 requires divineomega/password_exposed ^3.2.0 -> satisfiable by divineomega/password_exposed[v3.2.0].
    - Root composer.json requires langleyfoxall/laravel-nist-password-rules ^5.0 -> satisfiable by langleyfoxall/laravel-nist-password-rules[v5.0.0, v5.0.1].

Maybe I didn't see it or am I right that it currently only takes blank strings as input? Useful for the exact moment when users have to choose a new password.

But it would be even nicer to also be able to use this tool for checking against already hashed passwords. Would that work with Troys API? With different hash types? Or does it anyways only work with sha1?

In this method, if the $line variable does not contain a colon (e.g., is an empty string), then the call to list() will throw an Exception.

This exception is not caught by the handling in NIST or the DivineOmega packages. The stack trace of this exception will contain the submitted password in plain text.

Hi ,

This is my issue on password store /update,

Issue: "ParagonIE \ Certainty \ Exception \ FilesystemException
ca-certs.json not found in data directory"

And i added screen shot.Please kindly give me a solution
https://user-images.githubusercontent.com/45994584/50214954-a68a1600-03a7-11e9-914b-71d0966e6b55.png

It seems this package should not indicate support for v1 of the guzzle6-adapter package, because the type of object returned differs between v1 and v2 of the guzzle6-adapter.

This causes a compatibility issue with Laravel 5.7

It is caused by Laravel 5.7 requiring the laravel/nexmo-notification-channel as standard, which depends on the nexmo/client which enforces the use v1 of the guzzle6-adapter.

My plan of action is going to be:

• Create a simple PSR18 Guzzle adapter package, that returns an object which implements the correct PSR18 client interface.
• Modify this package to make use of the new PSR18 Guzzle adapter package.

This issue was discovered by @tswestendorp. See #24.