have-i-been-pwned 1.0.0 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/.travis.yml +6 -0
  3. data/README.md +9 -2
  4. data/have-i-been-pwned.gemspec +1 -1
  5. data/lib/have-i-been-pwned.rb +36 -2
  6. data/lib/version.rb +1 -1
  7. data/test/test_have_i_been_pwned_account.rb +24 -0
  8. data/test/{test_have_i_been_pwned.rb → test_have_i_been_pwned_password.rb} +0 -0
  9. metadata +7 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: cf2d0f01619b0226af72c96fc839a43a55310ca27ece15b09f16503d57dfd7e0
4
- data.tar.gz: 39635247af8ac211a54acd86bd861948674cda813ac865bc948329b504cc6bd1
3
+ metadata.gz: 4499b60218687b62e447a57c6942bd86f1d924ed2d330dea67382357de80a0c5
4
+ data.tar.gz: 37392cbb2e17412aa5baf742feb998a1c885e40457f310a163b3caa24b8e04f6
5
5
  SHA512:
6
- metadata.gz: e4a0a974ebba91ab0b9f14c84e59a7789e9738b7ca363035a65ba6cc71cac7241c5a07c2cd670cb3ac9494d5f1505196f8469d3c0e129d3f8bc84c63bee445d1
7
- data.tar.gz: fddc8e3d3c22711457bc16bfdc08f64b4495001c01f9898e6703af92db4e80530f97a0f39640f3a8c1d73b151811900c33e5d6b199578b533a34f1a91d7a95d7
6
+ metadata.gz: bfec05fb4004c1ed692c9be17c794b5c877ae93701a61582f197ba9494e03e9bd8a104be971306d8b404138918759a9654bd44770a03140d5d82313f18d67077
7
+ data.tar.gz: 4ef2fbe0eeca0901c3aee39e92c49887b0ca7c287b6f88f3380a9274fef1b2cf653c273c54de2756822076a779ecf1e6c020320b63215a5af5799f12b6a11e5e
data/.travis.yml CHANGED
@@ -1,7 +1,10 @@
1
1
  language: ruby
2
2
  rvm:
3
3
  - 2.0.0
4
+ - 2.2.0
4
5
  - 2.3.1
6
+ - 2.5.0
7
+ - 2.6.1
5
8
  script:
6
9
  - bundle exec rake
7
10
  deploy:
@@ -16,3 +19,6 @@ notification:
16
19
  slack:
17
20
  rooms:
18
21
  secure: YtIdbbN6Fflga3zJI9mN6OLmz6+8fxcJuvHlQO77NIea2CvBUP9jvJ5b2nc2aBxw8MJjJtVwvc0p5DlnA2w3tMSrk5KTJuoGNQa83LgzZEBNZOrvwSTwXoHRVWP+KoSnMwdhzknzZqC7dbskku/1MAfVnEvgpJxdrjeGF4z6/lDMb2GPHhRyYOaIiTLM8Ig/j8TeGAB5Javt4MbrQOgmhl76lNzNb6BhHUgVice4HNAEJKnYB+aKElGdVC1L+gy1Qqf7bGBpciz0omODo0UXxADV+KA2NzApFctEiElarvb2MN+K9PAu70ouz5q9GQ97KbGuVQzzpNJ2R5WHxrYTj4tRsAkhjHeUnv1Otues6Uhnc6jYLGZZHtQs5qyC3sFJz2bVMqJd0VIUl9BLnBPhRaZ2pOHYHJoLpVgNUX2WurEDew46MwnvojBnxOQ1A4/PLttH/n8ApYSQVM2Ynrgr7ZRdPCm14YfCrG6jDZylL6RqX5NsJFUKLP5wl5q8siESDVgecyMBFcTSitKI+BF7asIAth4Mw/Q3IUEPT8LwcQqVvvzssYbMUsJayhOC5aNXBQbadJeFRDZBdMeL1buNuZnITtBQTOdkkTxnf2DbK3eb5rBz9MDaUICm01QArADbANDrIl8qugnKta7o7xgn3yxa8FghmoklC9z+QCyYHSM=
22
+ env:
23
+ matrix:
24
+ secure: N8raPga/MVy7t/QTxGpgYCqS8DzeDZxIkVa2jovcaHDc0Ul3v1oPnmlMbeE5dOHi2K9iiLnIH3Pe+u62Km4Vxp4xx7zS7Vm6yeMQyswUSkBGnMU75h3kaXGoaCIXR9b8yuJZajmME3fm5QH/rXBIOFQOCYEqLRpQzJgrGnHdgUGXm+QRL/anfFLcQGlH44Oyv1R4dAs0SFWZRcap3bnZLp04sSmvV5vG3pmca1YqSmMnUpptwP3UxIyTofwGbcDBHr86wxnaeUQYY/6ql52Di/yGhaswszJiKlQbI59beLhO/CGWQBrvjKyQR6Zk7YpX1pzfksQy/JWL8GW4ayB3qqifohRNChLH0/vD/EX219Cd02YXAXVVCAFvcAxRMab1Fct7rv/QHhzMfpsR6xazcFS+w6GBGcx1HtUvnPQXvt6kZ7oaQ1bTJ+5s02pz3BAJe5NoAYvxls12ou/ca6/B8pmCNDwwLzzO1XeiztKt0xE8tPpCYROeI4nel99i4nnYMMpoSUWqjwR4YKmoqkXlvMcKSCznHV7PhfXLF3h8vlK6dJWxJAo7iYcjcT2gRVt7biRt0K61zBRa/HF1zVSSfF/xpDkhSfV3nqu+UFlm9YIOri+2YSpvH4Az7sJPq8M2gaCasQUSevNEQ9BII/ouVvZK77vzUM+8LHo/X43fi0s=
data/README.md CHANGED
@@ -14,7 +14,14 @@ gem install have-i-been-pwned
14
14
  require 'have-i-been-pwned'
15
15
  ...
16
16
  # returns true if the password is found, false otherwise
17
- result = HaveIBeenPwned::pwned 'abc123'
17
+ result = HaveIBeenPwned.pwned 'abc123'
18
+ ```
19
+
20
+ ```
21
+ require 'have-i-been-pwned'
22
+ ...
23
+ # returns an array with symbolized hashs of breachers (ie. [ { :name => 'Adobe' } ]) for that account, nil if none are found
24
+ result = HaveIBeenPwned.pwned_account 'some-email@gmail.com'
18
25
  ```
19
26
 
20
27
  #### Rails
@@ -26,7 +33,7 @@ gem 'have-i-been-pwned'
26
33
  ```
27
34
  # some controller
28
35
  # check the password
29
- if !HaveIBeenPwned::pwned params[:password]
36
+ if !HaveIBeenPwned.pwned params[:password]
30
37
  puts "Yay! You can use this password!"
31
38
  else
32
39
  puts "No! Bad!!"
data/have-i-been-pwned.gemspec CHANGED
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
16
16
 
17
17
  s.required_ruby_version = '>= 2.0.0'
18
18
 
19
- s.add_runtime_dependency "httparty"
19
+ s.add_runtime_dependency "httparty", ">= 0.17.0"
20
20
 
21
21
  s.add_development_dependency "simplecov"
22
22
  s.add_development_dependency "codecov", ">= 0.1.10"
data/lib/have-i-been-pwned.rb CHANGED
@@ -3,18 +3,23 @@ require 'digest'
3
3
 
4
4
  module HaveIBeenPwned
5
5
  class << self
6
+ # Check to see if a given password has been pwned/compromised by a breach.
7
+ # @param [String] password The *password* you want to check.
8
+ # @return [Boolean] True if the password has been compromised, false otherwise
6
9
  def pwned password
7
10
  # if password is not nil
8
11
  if password
9
12
  # get a digest of the password
10
13
  digest = Digest::SHA1.hexdigest password
14
+ # make sure we nil the password
15
+ password = nil
11
16
  # get the first 5 characters of the hash
12
17
  first_five = digest[0..4]
13
18
  # make the API call
14
19
  results = HTTParty.get("https://api.pwnedpasswords.com/range/#{first_five}")
15
20
 
16
21
  # guard: if we dont get something back
17
- return unless results.code == 200
22
+ return false unless results.code == 200
18
23
 
19
24
  # split the string based on line breaks into an array
20
25
  res_array = results.split("\n")
@@ -23,16 +28,45 @@ module HaveIBeenPwned
23
28
  # hashes are formatted hash:count
24
29
  # ex. 0018A45C4D1DEF81644B54AB7F969B88D65:1
25
30
  # return true if we find a match
26
- return true if "#{first_five}#{partial_hash.split(":")[0]}".upcase == digest.upcase
31
+ return true if "#{first_five}#{partial_hash.split(':')[0]}".upcase == digest.upcase
27
32
  end
28
33
 
29
34
  # return false if we dont find anything
30
35
  return false
31
36
  end
32
37
  end
38
+
39
+ # Check to see if the given *account* was involved in a data breach
40
+ # @param [String] email The email address you want to check
41
+ # @param [String] api_key The v3 API required a paid key from haveibeenpwned.com. Can also be specified as a ENV VAR 'HIBP_API_KEY' {More Information}[https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/]
42
+ # @param [String] user_agent Provide a custom user agent. (default: haveibeenpwned-ruby-sdk)
43
+ # @return [[Hash], nil] Returns a array of hashes containing the [:name] of places the email was compromised by.
44
+ def pwned_account email, api_key = nil, user_agent = 'haveibeenpwned-ruby-sdk'
45
+ api_key ||= ENV['HIBP_API_KEY'] # for testing
46
+ throw 'You must provide a paid API key from haveibeenpwned.com to use this feature.' if api_key.nil?
47
+ headers = {
48
+ 'user-agent' => user_agent,
49
+ 'Hibp-Api-Key' => api_key
50
+ }
51
+ results = HTTParty.get("https://haveibeenpwned.com/api/v3/breachedaccount/#{email}", headers: headers)
52
+ return if results.nil?
53
+ error_check = Hash[results.map { |(k, v)| [k.downcase.to_sym, v] }] rescue nil
54
+
55
+ if !error_check
56
+ results.map! { |item| Hash[item.map { |(k, v)| [k.downcase.to_sym, v] }] }
57
+ results
58
+ else
59
+ throw error_check[:message]
60
+ end
61
+ end
33
62
  end
34
63
  end
35
64
 
36
65
  # Uncomment and call directly if you want to test this locally
37
66
  # results = HaveIBeenPwned::pwned 'abc123'
38
67
  # puts results
68
+
69
+ # results = HaveIBeenPwned.pwned_account('dale@daleslab.com', 'not_a_valid_api_key')
70
+ # results.each do |result|
71
+ # puts result[:name]
72
+ # end
data/lib/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module HaveIBeenPwned
2
- VERSION = '1.0.0'.freeze
2
+ VERSION = '1.1.0'.freeze
3
3
  end
data/test/test_have_i_been_pwned_account.rb ADDED
@@ -0,0 +1,24 @@
1
+ require 'helper'
2
+
3
+ class PwnedTest < Test::Unit::TestCase
4
+
5
+ def test_my_email_is_found
6
+ assert_not_nil HaveIBeenPwned.pwned_account('john@gmail.com') # just a very generic email that does fail
7
+ end
8
+
9
+ def test_my_email_is_not_found
10
+ assert_nil HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com')
11
+ end
12
+
13
+ def test_bad_api_key_gives_error
14
+ assert_raise("UncaughtThrowError") {
15
+ assert_equal false, HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com', 'not_a_valid_api_key')
16
+ }
17
+ end
18
+
19
+ def test_no_password_at_all_raises
20
+ assert_raise("ArgumentError") {
21
+ HaveIBeenPwned.pwned
22
+ }
23
+ end
24
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: have-i-been-pwned
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dale Myszewski
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - ">="
18
18
  - !ruby/object:Gem::Version
19
- version: '0'
19
+ version: 0.17.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - ">="
25
25
  - !ruby/object:Gem::Version
26
- version: '0'
26
+ version: 0.17.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: simplecov
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -116,7 +116,8 @@ files:
116
116
  - lib/have-i-been-pwned.rb
117
117
  - lib/version.rb
118
118
  - test/helper.rb
119
- - test/test_have_i_been_pwned.rb
119
+ - test/test_have_i_been_pwned_account.rb
120
+ - test/test_have_i_been_pwned_password.rb
120
121
  - test/test_version.rb
121
122
  homepage: https://github.com/Dales-Lab/haveibeenpwned-ruby-sdk
122
123
  licenses:
@@ -137,7 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
137
138
  - !ruby/object:Gem::Version
138
139
  version: '0'
139
140
  requirements: []
140
- rubygems_version: 3.0.4
141
+ rubyforge_project:
142
+ rubygems_version: 2.7.7
141
143
  signing_key:
142
144
  specification_version: 4
143
145
  summary: Check to see if your passwords are safe