Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check passwords using haveibeenpwned.com API #65

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Check passwords using haveibeenpwned.com API #65

wants to merge 1 commit into from

Conversation

hedlasuzo
Copy link

Check passwords using haveibeenpwned.com API, to warn user if password is known from a data breach

@Zeckie Zeckie self-requested a review October 31, 2022 08:14
Zeckie
Zeckie requested changes Oct 31, 2022
View reviewed changes
Copy link
Owner

@Zeckie Zeckie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a great idea, thanks for contributing.

Some people however might be a bit hesitant to send even a partial hash externally. I think there should be a Yes/No configuration (in proxyauth.config.Configuration) to control this new feature.

BTW, It looks like you're cutting it a bit fine for Hacktoberfest cutoff.

src/main/java/proxyauth/HIBPCheck.java
private static final String API_URL = "https://api.pwnedpasswords.com/range/";


private int check() throws IOException, NoSuchAlgorithmException {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are you able to add a unit test for this?

src/main/java/proxyauth/HIBPCheck.java
Comment on lines +91 to +92
if (line.substring(0, 35).equals(hash.substring(5))) {
String count = line.substring(36);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great if you could add some comments, eg to clarify what those indices are for

@Zeckie Zeckie added hacktoberfest-accepted enhancement New feature or request labels Oct 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zeckie Zeckie Zeckie requested changes

Assignees
No one assigned
Labels
enhancement New feature or request hacktoberfest-accepted
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hedlasuzo @Zeckie