have-i-been-pwned 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -4
- data/README.md +7 -0
- data/lib/have-i-been-pwned.rb +9 -4
- data/lib/version.rb +1 -1
- data/test/test_have_i_been_pwned_account.rb +9 -0
- data/test/test_have_i_been_pwned_password.rb +14 -5
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e9d56f443e6331cf28ca775790d2e3ea43251fa7c9ec40202905a11a76617d57
|
4
|
+
data.tar.gz: ef622b864bcd4af8453bc7fd7fb342dba3bbb94e684505676f76af333e75cae1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a574c04219b911e6fb9939ad5c7c5121a5db93eef415db4a12266e3d1a0281fe56d7d52af45111fb7f3e74b1c998fce59088f5e1b6f25ff8767a5c1e49adc118
|
7
|
+
data.tar.gz: cdc0066ea1b6a9678372a44d22cc57b5018014277459df6934882f3f68a5940227b3244164977b5092df39a68a0068476256810b20c2edae5cd09dcf7e9eb2de
|
data/.travis.yml
CHANGED
@@ -18,7 +18,4 @@ deploy:
|
|
18
18
|
notification:
|
19
19
|
slack:
|
20
20
|
rooms:
|
21
|
-
secure: YtIdbbN6Fflga3zJI9mN6OLmz6+8fxcJuvHlQO77NIea2CvBUP9jvJ5b2nc2aBxw8MJjJtVwvc0p5DlnA2w3tMSrk5KTJuoGNQa83LgzZEBNZOrvwSTwXoHRVWP+KoSnMwdhzknzZqC7dbskku/1MAfVnEvgpJxdrjeGF4z6/lDMb2GPHhRyYOaIiTLM8Ig/j8TeGAB5Javt4MbrQOgmhl76lNzNb6BhHUgVice4HNAEJKnYB+aKElGdVC1L+gy1Qqf7bGBpciz0omODo0UXxADV+KA2NzApFctEiElarvb2MN+K9PAu70ouz5q9GQ97KbGuVQzzpNJ2R5WHxrYTj4tRsAkhjHeUnv1Otues6Uhnc6jYLGZZHtQs5qyC3sFJz2bVMqJd0VIUl9BLnBPhRaZ2pOHYHJoLpVgNUX2WurEDew46MwnvojBnxOQ1A4/PLttH/n8ApYSQVM2Ynrgr7ZRdPCm14YfCrG6jDZylL6RqX5NsJFUKLP5wl5q8siESDVgecyMBFcTSitKI+BF7asIAth4Mw/Q3IUEPT8LwcQqVvvzssYbMUsJayhOC5aNXBQbadJeFRDZBdMeL1buNuZnITtBQTOdkkTxnf2DbK3eb5rBz9MDaUICm01QArADbANDrIl8qugnKta7o7xgn3yxa8FghmoklC9z+QCyYHSM=
|
22
|
-
env:
|
23
|
-
matrix:
|
24
|
-
secure: N8raPga/MVy7t/QTxGpgYCqS8DzeDZxIkVa2jovcaHDc0Ul3v1oPnmlMbeE5dOHi2K9iiLnIH3Pe+u62Km4Vxp4xx7zS7Vm6yeMQyswUSkBGnMU75h3kaXGoaCIXR9b8yuJZajmME3fm5QH/rXBIOFQOCYEqLRpQzJgrGnHdgUGXm+QRL/anfFLcQGlH44Oyv1R4dAs0SFWZRcap3bnZLp04sSmvV5vG3pmca1YqSmMnUpptwP3UxIyTofwGbcDBHr86wxnaeUQYY/6ql52Di/yGhaswszJiKlQbI59beLhO/CGWQBrvjKyQR6Zk7YpX1pzfksQy/JWL8GW4ayB3qqifohRNChLH0/vD/EX219Cd02YXAXVVCAFvcAxRMab1Fct7rv/QHhzMfpsR6xazcFS+w6GBGcx1HtUvnPQXvt6kZ7oaQ1bTJ+5s02pz3BAJe5NoAYvxls12ou/ca6/B8pmCNDwwLzzO1XeiztKt0xE8tPpCYROeI4nel99i4nnYMMpoSUWqjwR4YKmoqkXlvMcKSCznHV7PhfXLF3h8vlK6dJWxJAo7iYcjcT2gRVt7biRt0K61zBRa/HF1zVSSfF/xpDkhSfV3nqu+UFlm9YIOri+2YSpvH4Az7sJPq8M2gaCasQUSevNEQ9BII/ouVvZK77vzUM+8LHo/X43fi0s=
|
21
|
+
secure: YtIdbbN6Fflga3zJI9mN6OLmz6+8fxcJuvHlQO77NIea2CvBUP9jvJ5b2nc2aBxw8MJjJtVwvc0p5DlnA2w3tMSrk5KTJuoGNQa83LgzZEBNZOrvwSTwXoHRVWP+KoSnMwdhzknzZqC7dbskku/1MAfVnEvgpJxdrjeGF4z6/lDMb2GPHhRyYOaIiTLM8Ig/j8TeGAB5Javt4MbrQOgmhl76lNzNb6BhHUgVice4HNAEJKnYB+aKElGdVC1L+gy1Qqf7bGBpciz0omODo0UXxADV+KA2NzApFctEiElarvb2MN+K9PAu70ouz5q9GQ97KbGuVQzzpNJ2R5WHxrYTj4tRsAkhjHeUnv1Otues6Uhnc6jYLGZZHtQs5qyC3sFJz2bVMqJd0VIUl9BLnBPhRaZ2pOHYHJoLpVgNUX2WurEDew46MwnvojBnxOQ1A4/PLttH/n8ApYSQVM2Ynrgr7ZRdPCm14YfCrG6jDZylL6RqX5NsJFUKLP5wl5q8siESDVgecyMBFcTSitKI+BF7asIAth4Mw/Q3IUEPT8LwcQqVvvzssYbMUsJayhOC5aNXBQbadJeFRDZBdMeL1buNuZnITtBQTOdkkTxnf2DbK3eb5rBz9MDaUICm01QArADbANDrIl8qugnKta7o7xgn3yxa8FghmoklC9z+QCyYHSM=
|
data/README.md
CHANGED
@@ -40,6 +40,13 @@ else
|
|
40
40
|
end
|
41
41
|
```
|
42
42
|
|
43
|
+
#### Timeout
|
44
|
+
|
45
|
+
With both the pwned and pwned_account methods you can also introduce a custom timeout. By default the timeout is 30 seconds. You can customize is to your needs like so:
|
46
|
+
```
|
47
|
+
HaveIBeenPwned.pwned 'abc123', timeout: 10
|
48
|
+
```
|
49
|
+
|
43
50
|
## Contributing
|
44
51
|
- Open an issue about your change
|
45
52
|
- Fork it, DL it
|
data/lib/have-i-been-pwned.rb
CHANGED
@@ -2,11 +2,15 @@ require 'httparty'
|
|
2
2
|
require 'digest'
|
3
3
|
|
4
4
|
module HaveIBeenPwned
|
5
|
+
|
6
|
+
DEFAULT_TIMEOUT = 30
|
7
|
+
|
5
8
|
class << self
|
6
9
|
# Check to see if a given password has been pwned/compromised by a breach.
|
7
10
|
# @param [String] password The *password* you want to check.
|
11
|
+
# @param [Number] timeout Seconds until request timeout.
|
8
12
|
# @return [Boolean] True if the password has been compromised, false otherwise
|
9
|
-
def pwned password
|
13
|
+
def pwned password, timeout: DEFAULT_TIMEOUT
|
10
14
|
# if password is not nil
|
11
15
|
if password
|
12
16
|
# get a digest of the password
|
@@ -16,7 +20,7 @@ module HaveIBeenPwned
|
|
16
20
|
# get the first 5 characters of the hash
|
17
21
|
first_five = digest[0..4]
|
18
22
|
# make the API call
|
19
|
-
results = HTTParty.get("https://api.pwnedpasswords.com/range/#{first_five}")
|
23
|
+
results = HTTParty.get("https://api.pwnedpasswords.com/range/#{first_five}", timeout: timeout)
|
20
24
|
|
21
25
|
# guard: if we dont get something back
|
22
26
|
return false unless results.code == 200
|
@@ -40,15 +44,16 @@ module HaveIBeenPwned
|
|
40
44
|
# @param [String] email The email address you want to check
|
41
45
|
# @param [String] api_key The v3 API required a paid key from haveibeenpwned.com. Can also be specified as a ENV VAR 'HIBP_API_KEY' {More Information}[https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/]
|
42
46
|
# @param [String] user_agent Provide a custom user agent. (default: haveibeenpwned-ruby-sdk)
|
47
|
+
# @param [Number] timeout Seconds until request timeout.
|
43
48
|
# @return [[Hash], nil] Returns a array of hashes containing the [:name] of places the email was compromised by.
|
44
|
-
def pwned_account email, api_key = nil, user_agent = 'haveibeenpwned-ruby-sdk'
|
49
|
+
def pwned_account email, api_key = nil, user_agent = 'haveibeenpwned-ruby-sdk', timeout: DEFAULT_TIMEOUT
|
45
50
|
api_key ||= ENV['HIBP_API_KEY'] # for testing
|
46
51
|
throw 'You must provide a paid API key from haveibeenpwned.com to use this feature.' if api_key.nil?
|
47
52
|
headers = {
|
48
53
|
'user-agent' => user_agent,
|
49
54
|
'Hibp-Api-Key' => api_key
|
50
55
|
}
|
51
|
-
results = HTTParty.get("https://haveibeenpwned.com/api/v3/breachedaccount/#{email}", headers: headers)
|
56
|
+
results = HTTParty.get("https://haveibeenpwned.com/api/v3/breachedaccount/#{email}", headers: headers, timeout: timeout)
|
52
57
|
return if results.nil?
|
53
58
|
error_check = Hash[results.map { |(k, v)| [k.downcase.to_sym, v] }] rescue nil
|
54
59
|
|
data/lib/version.rb
CHANGED
@@ -6,6 +6,15 @@ class PwnedTest < Test::Unit::TestCase
|
|
6
6
|
assert_not_nil HaveIBeenPwned.pwned_account('john@gmail.com') # just a very generic email that does fail
|
7
7
|
end
|
8
8
|
|
9
|
+
def test_account_timeout
|
10
|
+
starting = Time.now
|
11
|
+
result = HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com', timeout: 1)
|
12
|
+
ending = Time.now
|
13
|
+
elapsed = (ending - starting).floor
|
14
|
+
|
15
|
+
assert_operator elapsed, :<=, 1
|
16
|
+
end
|
17
|
+
|
9
18
|
def test_my_email_is_not_found
|
10
19
|
assert_nil HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com')
|
11
20
|
end
|
@@ -2,24 +2,33 @@ require 'helper'
|
|
2
2
|
|
3
3
|
class PwnedTest < Test::Unit::TestCase #Minitest::Test
|
4
4
|
def test_abc123_is_found
|
5
|
-
assert_equal true, HaveIBeenPwned
|
5
|
+
assert_equal true, HaveIBeenPwned.pwned('abc123')
|
6
|
+
end
|
7
|
+
|
8
|
+
def test_password_timeout
|
9
|
+
starting = Time.now
|
10
|
+
result = HaveIBeenPwned.pwned('abc123', timeout: 1)
|
11
|
+
ending = Time.now
|
12
|
+
elapsed = (ending - starting).floor
|
13
|
+
|
14
|
+
assert_operator elapsed, :<=, 1
|
6
15
|
end
|
7
16
|
|
8
17
|
def test_password_is_found
|
9
|
-
assert_equal true, HaveIBeenPwned
|
18
|
+
assert_equal true, HaveIBeenPwned.pwned('password')
|
10
19
|
end
|
11
20
|
|
12
21
|
def test_crazy_long_password_is_not_found
|
13
|
-
assert_equal false, HaveIBeenPwned
|
22
|
+
assert_equal false, HaveIBeenPwned.pwned('dfsfk;lngfdsjlmkvsdlmjkvf8um54b89u5438mu0p435u0m5b409u54b09um5309um50u9m3b56u90m54jmgtrgv')
|
14
23
|
end
|
15
24
|
|
16
25
|
def test_not_actually_providing_a_password_is_silly
|
17
|
-
assert_equal false, HaveIBeenPwned
|
26
|
+
assert_equal false, HaveIBeenPwned.pwned('')
|
18
27
|
end
|
19
28
|
|
20
29
|
def test_no_password_at_all_raises
|
21
30
|
assert_raise("RuntimeError") {
|
22
|
-
HaveIBeenPwned
|
31
|
+
HaveIBeenPwned.pwned
|
23
32
|
}
|
24
33
|
end
|
25
34
|
end
|