minor #11354 Documented the disable_not_compromised_password option (javiereguiluz)

OskarStark · OskarStark · commit c2b30f0de5f0 · 2019-04-08T12:27:24.000+02:00
This PR was squashed before being merged into the master branch (closes #11354). Discussion ---------- Documented the disable_not_compromised_password option Fixes #11327 and documents symfony/symfony#30932. Commits ------- 038d9b7 Documented the disable_not_compromised_password option
diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
@@ -184,6 +184,7 @@ Configuration
 * `validation`_
 
   * :ref:`cache <reference-validation-cache>`
+  * :ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
   * `email_validation_mode`_
   * :ref:`enable_annotations <reference-validation-enable_annotations>`
   * :ref:`enabled <reference-validation-enabled>`
@@ -1777,6 +1778,26 @@ has to implement the :class:`Symfony\\Component\\Validator\\Mapping\\Cache\\Cach
 Set this option to ``validator.mapping.cache.doctrine.apc`` to use the APC
 cache provide from the Doctrine project.
 
+.. _reference-validation-disable_not_compromised_password:
+
+disable_not_compromised_password
+................................
+
+**type**: ``boolean`` **default**: ``false``
+
+.. versionadded:: 4.3
+
+    The ``disable_not_compromised_password`` option was introduced in Symfony 4.3.
+
+The :doc:`NotCompromisedPassword </reference/constraints/NotCompromisedPassword>`
+constraint makes HTTP requests to a public API to check if the given password
+has been compromised in a data breach.
+
+If you set this option to ``true``, no HTTP requests will be made and the given
+password will be considered valid. This is useful when you don't want or can't
+make HTTP requests, such as in ``dev`` and ``test`` environments or in
+continuous integration servers.
+
 .. _reference-validation-enable_annotations:
 
 enable_annotations
diff --git a/reference/constraints/NotCompromisedPassword.rst b/reference/constraints/NotCompromisedPassword.rst
@@ -97,6 +97,12 @@ For example, if the password is ``test``, the entire SHA-1 hash is
 ``a94a8fe5ccb19ba61c4c0873d391e987982fbbd3`` but the validator only sends
 ``a94a8`` to the ``haveibeenpwned.com`` API.
 
+.. seealso::
+
+    When using this constraint inside a Symfony application, define the
+    :ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
+    option to avoid making HTTP requests in the ``dev`` and ``test`` environments.
+
 Available Options
 -----------------
 
