have-i-been-pwned 1.0.0 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +6 -0
- data/README.md +9 -2
- data/have-i-been-pwned.gemspec +1 -1
- data/lib/have-i-been-pwned.rb +36 -2
- data/lib/version.rb +1 -1
- data/test/test_have_i_been_pwned_account.rb +24 -0
- data/test/{test_have_i_been_pwned.rb → test_have_i_been_pwned_password.rb} +0 -0
- metadata +7 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 4499b60218687b62e447a57c6942bd86f1d924ed2d330dea67382357de80a0c5
|
|
4
|
+
data.tar.gz: 37392cbb2e17412aa5baf742feb998a1c885e40457f310a163b3caa24b8e04f6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: bfec05fb4004c1ed692c9be17c794b5c877ae93701a61582f197ba9494e03e9bd8a104be971306d8b404138918759a9654bd44770a03140d5d82313f18d67077
|
|
7
|
+
data.tar.gz: 4ef2fbe0eeca0901c3aee39e92c49887b0ca7c287b6f88f3380a9274fef1b2cf653c273c54de2756822076a779ecf1e6c020320b63215a5af5799f12b6a11e5e
|
data/.travis.yml
CHANGED
|
@@ -1,7 +1,10 @@
|
|
|
1
1
|
language: ruby
|
|
2
2
|
rvm:
|
|
3
3
|
- 2.0.0
|
|
4
|
+
- 2.2.0
|
|
4
5
|
- 2.3.1
|
|
6
|
+
- 2.5.0
|
|
7
|
+
- 2.6.1
|
|
5
8
|
script:
|
|
6
9
|
- bundle exec rake
|
|
7
10
|
deploy:
|
|
@@ -16,3 +19,6 @@ notification:
|
|
|
16
19
|
slack:
|
|
17
20
|
rooms:
|
|
18
21
|
secure: YtIdbbN6Fflga3zJI9mN6OLmz6+8fxcJuvHlQO77NIea2CvBUP9jvJ5b2nc2aBxw8MJjJtVwvc0p5DlnA2w3tMSrk5KTJuoGNQa83LgzZEBNZOrvwSTwXoHRVWP+KoSnMwdhzknzZqC7dbskku/1MAfVnEvgpJxdrjeGF4z6/lDMb2GPHhRyYOaIiTLM8Ig/j8TeGAB5Javt4MbrQOgmhl76lNzNb6BhHUgVice4HNAEJKnYB+aKElGdVC1L+gy1Qqf7bGBpciz0omODo0UXxADV+KA2NzApFctEiElarvb2MN+K9PAu70ouz5q9GQ97KbGuVQzzpNJ2R5WHxrYTj4tRsAkhjHeUnv1Otues6Uhnc6jYLGZZHtQs5qyC3sFJz2bVMqJd0VIUl9BLnBPhRaZ2pOHYHJoLpVgNUX2WurEDew46MwnvojBnxOQ1A4/PLttH/n8ApYSQVM2Ynrgr7ZRdPCm14YfCrG6jDZylL6RqX5NsJFUKLP5wl5q8siESDVgecyMBFcTSitKI+BF7asIAth4Mw/Q3IUEPT8LwcQqVvvzssYbMUsJayhOC5aNXBQbadJeFRDZBdMeL1buNuZnITtBQTOdkkTxnf2DbK3eb5rBz9MDaUICm01QArADbANDrIl8qugnKta7o7xgn3yxa8FghmoklC9z+QCyYHSM=
|
|
22
|
+
env:
|
|
23
|
+
matrix:
|
|
24
|
+
secure: N8raPga/MVy7t/QTxGpgYCqS8DzeDZxIkVa2jovcaHDc0Ul3v1oPnmlMbeE5dOHi2K9iiLnIH3Pe+u62Km4Vxp4xx7zS7Vm6yeMQyswUSkBGnMU75h3kaXGoaCIXR9b8yuJZajmME3fm5QH/rXBIOFQOCYEqLRpQzJgrGnHdgUGXm+QRL/anfFLcQGlH44Oyv1R4dAs0SFWZRcap3bnZLp04sSmvV5vG3pmca1YqSmMnUpptwP3UxIyTofwGbcDBHr86wxnaeUQYY/6ql52Di/yGhaswszJiKlQbI59beLhO/CGWQBrvjKyQR6Zk7YpX1pzfksQy/JWL8GW4ayB3qqifohRNChLH0/vD/EX219Cd02YXAXVVCAFvcAxRMab1Fct7rv/QHhzMfpsR6xazcFS+w6GBGcx1HtUvnPQXvt6kZ7oaQ1bTJ+5s02pz3BAJe5NoAYvxls12ou/ca6/B8pmCNDwwLzzO1XeiztKt0xE8tPpCYROeI4nel99i4nnYMMpoSUWqjwR4YKmoqkXlvMcKSCznHV7PhfXLF3h8vlK6dJWxJAo7iYcjcT2gRVt7biRt0K61zBRa/HF1zVSSfF/xpDkhSfV3nqu+UFlm9YIOri+2YSpvH4Az7sJPq8M2gaCasQUSevNEQ9BII/ouVvZK77vzUM+8LHo/X43fi0s=
|
data/README.md
CHANGED
|
@@ -14,7 +14,14 @@ gem install have-i-been-pwned
|
|
|
14
14
|
require 'have-i-been-pwned'
|
|
15
15
|
...
|
|
16
16
|
# returns true if the password is found, false otherwise
|
|
17
|
-
result = HaveIBeenPwned
|
|
17
|
+
result = HaveIBeenPwned.pwned 'abc123'
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
```
|
|
21
|
+
require 'have-i-been-pwned'
|
|
22
|
+
...
|
|
23
|
+
# returns an array with symbolized hashs of breachers (ie. [ { :name => 'Adobe' } ]) for that account, nil if none are found
|
|
24
|
+
result = HaveIBeenPwned.pwned_account 'some-email@gmail.com'
|
|
18
25
|
```
|
|
19
26
|
|
|
20
27
|
#### Rails
|
|
@@ -26,7 +33,7 @@ gem 'have-i-been-pwned'
|
|
|
26
33
|
```
|
|
27
34
|
# some controller
|
|
28
35
|
# check the password
|
|
29
|
-
if !HaveIBeenPwned
|
|
36
|
+
if !HaveIBeenPwned.pwned params[:password]
|
|
30
37
|
puts "Yay! You can use this password!"
|
|
31
38
|
else
|
|
32
39
|
puts "No! Bad!!"
|
data/have-i-been-pwned.gemspec
CHANGED
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
|
|
|
16
16
|
|
|
17
17
|
s.required_ruby_version = '>= 2.0.0'
|
|
18
18
|
|
|
19
|
-
s.add_runtime_dependency "httparty"
|
|
19
|
+
s.add_runtime_dependency "httparty", ">= 0.17.0"
|
|
20
20
|
|
|
21
21
|
s.add_development_dependency "simplecov"
|
|
22
22
|
s.add_development_dependency "codecov", ">= 0.1.10"
|
data/lib/have-i-been-pwned.rb
CHANGED
|
@@ -3,18 +3,23 @@ require 'digest'
|
|
|
3
3
|
|
|
4
4
|
module HaveIBeenPwned
|
|
5
5
|
class << self
|
|
6
|
+
# Check to see if a given password has been pwned/compromised by a breach.
|
|
7
|
+
# @param [String] password The *password* you want to check.
|
|
8
|
+
# @return [Boolean] True if the password has been compromised, false otherwise
|
|
6
9
|
def pwned password
|
|
7
10
|
# if password is not nil
|
|
8
11
|
if password
|
|
9
12
|
# get a digest of the password
|
|
10
13
|
digest = Digest::SHA1.hexdigest password
|
|
14
|
+
# make sure we nil the password
|
|
15
|
+
password = nil
|
|
11
16
|
# get the first 5 characters of the hash
|
|
12
17
|
first_five = digest[0..4]
|
|
13
18
|
# make the API call
|
|
14
19
|
results = HTTParty.get("https://api.pwnedpasswords.com/range/#{first_five}")
|
|
15
20
|
|
|
16
21
|
# guard: if we dont get something back
|
|
17
|
-
return unless results.code == 200
|
|
22
|
+
return false unless results.code == 200
|
|
18
23
|
|
|
19
24
|
# split the string based on line breaks into an array
|
|
20
25
|
res_array = results.split("\n")
|
|
@@ -23,16 +28,45 @@ module HaveIBeenPwned
|
|
|
23
28
|
# hashes are formatted hash:count
|
|
24
29
|
# ex. 0018A45C4D1DEF81644B54AB7F969B88D65:1
|
|
25
30
|
# return true if we find a match
|
|
26
|
-
return true if "#{first_five}#{partial_hash.split(
|
|
31
|
+
return true if "#{first_five}#{partial_hash.split(':')[0]}".upcase == digest.upcase
|
|
27
32
|
end
|
|
28
33
|
|
|
29
34
|
# return false if we dont find anything
|
|
30
35
|
return false
|
|
31
36
|
end
|
|
32
37
|
end
|
|
38
|
+
|
|
39
|
+
# Check to see if the given *account* was involved in a data breach
|
|
40
|
+
# @param [String] email The email address you want to check
|
|
41
|
+
# @param [String] api_key The v3 API required a paid key from haveibeenpwned.com. Can also be specified as a ENV VAR 'HIBP_API_KEY' {More Information}[https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/]
|
|
42
|
+
# @param [String] user_agent Provide a custom user agent. (default: haveibeenpwned-ruby-sdk)
|
|
43
|
+
# @return [[Hash], nil] Returns a array of hashes containing the [:name] of places the email was compromised by.
|
|
44
|
+
def pwned_account email, api_key = nil, user_agent = 'haveibeenpwned-ruby-sdk'
|
|
45
|
+
api_key ||= ENV['HIBP_API_KEY'] # for testing
|
|
46
|
+
throw 'You must provide a paid API key from haveibeenpwned.com to use this feature.' if api_key.nil?
|
|
47
|
+
headers = {
|
|
48
|
+
'user-agent' => user_agent,
|
|
49
|
+
'Hibp-Api-Key' => api_key
|
|
50
|
+
}
|
|
51
|
+
results = HTTParty.get("https://haveibeenpwned.com/api/v3/breachedaccount/#{email}", headers: headers)
|
|
52
|
+
return if results.nil?
|
|
53
|
+
error_check = Hash[results.map { |(k, v)| [k.downcase.to_sym, v] }] rescue nil
|
|
54
|
+
|
|
55
|
+
if !error_check
|
|
56
|
+
results.map! { |item| Hash[item.map { |(k, v)| [k.downcase.to_sym, v] }] }
|
|
57
|
+
results
|
|
58
|
+
else
|
|
59
|
+
throw error_check[:message]
|
|
60
|
+
end
|
|
61
|
+
end
|
|
33
62
|
end
|
|
34
63
|
end
|
|
35
64
|
|
|
36
65
|
# Uncomment and call directly if you want to test this locally
|
|
37
66
|
# results = HaveIBeenPwned::pwned 'abc123'
|
|
38
67
|
# puts results
|
|
68
|
+
|
|
69
|
+
# results = HaveIBeenPwned.pwned_account('dale@daleslab.com', 'not_a_valid_api_key')
|
|
70
|
+
# results.each do |result|
|
|
71
|
+
# puts result[:name]
|
|
72
|
+
# end
|
data/lib/version.rb
CHANGED
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
require 'helper'
|
|
2
|
+
|
|
3
|
+
class PwnedTest < Test::Unit::TestCase
|
|
4
|
+
|
|
5
|
+
def test_my_email_is_found
|
|
6
|
+
assert_not_nil HaveIBeenPwned.pwned_account('john@gmail.com') # just a very generic email that does fail
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def test_my_email_is_not_found
|
|
10
|
+
assert_nil HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com')
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
def test_bad_api_key_gives_error
|
|
14
|
+
assert_raise("UncaughtThrowError") {
|
|
15
|
+
assert_equal false, HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com', 'not_a_valid_api_key')
|
|
16
|
+
}
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def test_no_password_at_all_raises
|
|
20
|
+
assert_raise("ArgumentError") {
|
|
21
|
+
HaveIBeenPwned.pwned
|
|
22
|
+
}
|
|
23
|
+
end
|
|
24
|
+
end
|
|
File without changes
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: have-i-been-pwned
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.1.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dale Myszewski
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - ">="
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version:
|
|
19
|
+
version: 0.17.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - ">="
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version:
|
|
26
|
+
version: 0.17.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: simplecov
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -116,7 +116,8 @@ files:
|
|
|
116
116
|
- lib/have-i-been-pwned.rb
|
|
117
117
|
- lib/version.rb
|
|
118
118
|
- test/helper.rb
|
|
119
|
-
- test/
|
|
119
|
+
- test/test_have_i_been_pwned_account.rb
|
|
120
|
+
- test/test_have_i_been_pwned_password.rb
|
|
120
121
|
- test/test_version.rb
|
|
121
122
|
homepage: https://github.com/Dales-Lab/haveibeenpwned-ruby-sdk
|
|
122
123
|
licenses:
|
|
@@ -137,7 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
137
138
|
- !ruby/object:Gem::Version
|
|
138
139
|
version: '0'
|
|
139
140
|
requirements: []
|
|
140
|
-
|
|
141
|
+
rubyforge_project:
|
|
142
|
+
rubygems_version: 2.7.7
|
|
141
143
|
signing_key:
|
|
142
144
|
specification_version: 4
|
|
143
145
|
summary: Check to see if your passwords are safe
|