gitea/modules/password/pwn.go
John Olheiser c6e4bc53aa
Check passwords against HaveIBeenPwned (#12716)
* Implement pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply suggestions mrsdizzie

Co-authored-by: mrsdizzie <info@mrsdizzie.com>

* Add link to HIBP

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add more details to admin command

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to pwn

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Consistency and making some noise ;)

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-09-08 17:06:39 -05:00

31 lines
804 B
Go

// Copyright 2020 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package password
import (
"context"
"code.gitea.io/gitea/modules/setting"
"go.jolheiser.com/pwn"
)
// IsPwned checks whether a password has been pwned
// NOTE: This func returns true if it encounters an error under the assumption that you ALWAYS want to check against
// HIBP, so not getting a response should block a password until it can be verified.
func IsPwned(ctx context.Context, password string) (bool, error) {
if !setting.PasswordCheckPwn {
return false, nil
}
client := pwn.New(pwn.WithContext(ctx))
count, err := client.CheckPassword(password, true)
if err != nil {
return true, err
}
return count > 0, nil
}