How to change timeout on UncompromisedVerifier/NotPwndVerifier

[blackwolf12333]

Hi,

We implemented the UncompromisedVerifier in our login/registration forms to check passwords against haveibeenpwnd. However the default timeout for requests to that API is 30 seconds which is a bit much for a login/registration flow so we'd like to decrease that. The NotPwndVerifier concrete implementation has a parameter for the timeout, but I couldn't find a way to actually configure that.

How do I configure the timeout for the NotPwndVerifier?

[macropay-solutions]

You need to overrride the ValidationServiceProvider and override:

    protected function registerUncompromisedVerifier()
    {
        $this->app->singleton(UncompromisedVerifier::class, function ($app) {
            return new NotPwnedVerifier($app[HttpFactory::class]);
        });
    }

to

    protected function registerUncompromisedVerifier()
    {
        $this->app->singleton(UncompromisedVerifier::class, function ($app) {
            return new NotPwnedVerifier($app[HttpFactory::class], 10);
        });
    }

See this as an example
https://github.com/macropay-solutions/laravel-crud-wizard-free/blob/production/src/Providers/ValidationServiceProvider.php

You need to replace the ValidationServiceProvider with your ChildValidationServiceProvider in the application.

For lumen:
in bootstrap/app.php

$app->register(ChildValidationServiceProvider::class);

For Laravel:
in config/app.php

    'providers' => [
         ChildValidationServiceProvider::class,

For V >11 you have to search how to do that.

A solution would be to edit the config/app.php

'providers' => ServiceProvider::defaultProviders()->merge([

into

'providers' => ChildServiceProvider::defaultProviders()->merge([

And in the ChildServiceProvider
override defaultProviders().