From 038d9b7ebaab04adf1319810746a3b0927180d63 Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Mon, 8 Apr 2019 08:45:39 +0200
Subject: [PATCH] Documented the disable_not_compromised_password option

---
 reference/configuration/framework.rst         | 21 +++++++++++++++++++
 .../constraints/NotCompromisedPassword.rst    |  6 ++++++
 2 files changed, 27 insertions(+)

diff --git a/reference/configuration/framework.rst b/reference/configuration/framework.rst
index f4647014e4b..9cdf62fa66c 100644
--- a/reference/configuration/framework.rst
+++ b/reference/configuration/framework.rst
@@ -184,6 +184,7 @@ Configuration
 * `validation`_
 
   * :ref:`cache <reference-validation-cache>`
+  * :ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
   * `email_validation_mode`_
   * :ref:`enable_annotations <reference-validation-enable_annotations>`
   * :ref:`enabled <reference-validation-enabled>`
@@ -1777,6 +1778,26 @@ has to implement the :class:`Symfony\\Component\\Validator\\Mapping\\Cache\\Cach
 Set this option to ``validator.mapping.cache.doctrine.apc`` to use the APC
 cache provide from the Doctrine project.
 
+.. _reference-validation-disable_not_compromised_password:
+
+disable_not_compromised_password
+................................
+
+**type**: ``boolean`` **default**: ``false``
+
+.. versionadded:: 4.3
+
+    The ``disable_not_compromised_password`` option was introduced in Symfony 4.3.
+
+The :doc:`NotCompromisedPassword </reference/constraints/NotCompromisedPassword>`
+constraint makes HTTP requests to a public API to check if the given password
+has been compromised in a data breach.
+
+If you set this option to ``true``, no HTTP requests will be made and the given
+password will be considered valid. This is useful when you don't want or can't
+make HTTP requests, such as in ``dev`` and ``test`` environments or in
+continuous integration servers.
+
 .. _reference-validation-enable_annotations:
 
 enable_annotations
diff --git a/reference/constraints/NotCompromisedPassword.rst b/reference/constraints/NotCompromisedPassword.rst
index 30a43828ed1..81de2804f9a 100644
--- a/reference/constraints/NotCompromisedPassword.rst
+++ b/reference/constraints/NotCompromisedPassword.rst
@@ -97,6 +97,12 @@ For example, if the password is ``test``, the entire SHA-1 hash is
 ``a94a8fe5ccb19ba61c4c0873d391e987982fbbd3`` but the validator only sends
 ``a94a8`` to the ``haveibeenpwned.com`` API.
 
+.. seealso::
+
+    When using this constraint inside a Symfony application, define the
+    :ref:`disable_not_compromised_password <reference-validation-disable_not_compromised_password>`
+    option to avoid making HTTP requests in the ``dev`` and ``test`` environments.
+
 Available Options
 -----------------