have-i-been-pwned 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.travis.yml +6 -0
- data/README.md +9 -2
- data/have-i-been-pwned.gemspec +1 -1
- data/lib/have-i-been-pwned.rb +36 -2
- data/lib/version.rb +1 -1
- data/test/test_have_i_been_pwned_account.rb +24 -0
- data/test/{test_have_i_been_pwned.rb → test_have_i_been_pwned_password.rb} +0 -0
- metadata +7 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4499b60218687b62e447a57c6942bd86f1d924ed2d330dea67382357de80a0c5
|
4
|
+
data.tar.gz: 37392cbb2e17412aa5baf742feb998a1c885e40457f310a163b3caa24b8e04f6
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: bfec05fb4004c1ed692c9be17c794b5c877ae93701a61582f197ba9494e03e9bd8a104be971306d8b404138918759a9654bd44770a03140d5d82313f18d67077
|
7
|
+
data.tar.gz: 4ef2fbe0eeca0901c3aee39e92c49887b0ca7c287b6f88f3380a9274fef1b2cf653c273c54de2756822076a779ecf1e6c020320b63215a5af5799f12b6a11e5e
|
data/.travis.yml
CHANGED
@@ -1,7 +1,10 @@
|
|
1
1
|
language: ruby
|
2
2
|
rvm:
|
3
3
|
- 2.0.0
|
4
|
+
- 2.2.0
|
4
5
|
- 2.3.1
|
6
|
+
- 2.5.0
|
7
|
+
- 2.6.1
|
5
8
|
script:
|
6
9
|
- bundle exec rake
|
7
10
|
deploy:
|
@@ -16,3 +19,6 @@ notification:
|
|
16
19
|
slack:
|
17
20
|
rooms:
|
18
21
|
secure: YtIdbbN6Fflga3zJI9mN6OLmz6+8fxcJuvHlQO77NIea2CvBUP9jvJ5b2nc2aBxw8MJjJtVwvc0p5DlnA2w3tMSrk5KTJuoGNQa83LgzZEBNZOrvwSTwXoHRVWP+KoSnMwdhzknzZqC7dbskku/1MAfVnEvgpJxdrjeGF4z6/lDMb2GPHhRyYOaIiTLM8Ig/j8TeGAB5Javt4MbrQOgmhl76lNzNb6BhHUgVice4HNAEJKnYB+aKElGdVC1L+gy1Qqf7bGBpciz0omODo0UXxADV+KA2NzApFctEiElarvb2MN+K9PAu70ouz5q9GQ97KbGuVQzzpNJ2R5WHxrYTj4tRsAkhjHeUnv1Otues6Uhnc6jYLGZZHtQs5qyC3sFJz2bVMqJd0VIUl9BLnBPhRaZ2pOHYHJoLpVgNUX2WurEDew46MwnvojBnxOQ1A4/PLttH/n8ApYSQVM2Ynrgr7ZRdPCm14YfCrG6jDZylL6RqX5NsJFUKLP5wl5q8siESDVgecyMBFcTSitKI+BF7asIAth4Mw/Q3IUEPT8LwcQqVvvzssYbMUsJayhOC5aNXBQbadJeFRDZBdMeL1buNuZnITtBQTOdkkTxnf2DbK3eb5rBz9MDaUICm01QArADbANDrIl8qugnKta7o7xgn3yxa8FghmoklC9z+QCyYHSM=
|
22
|
+
env:
|
23
|
+
matrix:
|
24
|
+
secure: N8raPga/MVy7t/QTxGpgYCqS8DzeDZxIkVa2jovcaHDc0Ul3v1oPnmlMbeE5dOHi2K9iiLnIH3Pe+u62Km4Vxp4xx7zS7Vm6yeMQyswUSkBGnMU75h3kaXGoaCIXR9b8yuJZajmME3fm5QH/rXBIOFQOCYEqLRpQzJgrGnHdgUGXm+QRL/anfFLcQGlH44Oyv1R4dAs0SFWZRcap3bnZLp04sSmvV5vG3pmca1YqSmMnUpptwP3UxIyTofwGbcDBHr86wxnaeUQYY/6ql52Di/yGhaswszJiKlQbI59beLhO/CGWQBrvjKyQR6Zk7YpX1pzfksQy/JWL8GW4ayB3qqifohRNChLH0/vD/EX219Cd02YXAXVVCAFvcAxRMab1Fct7rv/QHhzMfpsR6xazcFS+w6GBGcx1HtUvnPQXvt6kZ7oaQ1bTJ+5s02pz3BAJe5NoAYvxls12ou/ca6/B8pmCNDwwLzzO1XeiztKt0xE8tPpCYROeI4nel99i4nnYMMpoSUWqjwR4YKmoqkXlvMcKSCznHV7PhfXLF3h8vlK6dJWxJAo7iYcjcT2gRVt7biRt0K61zBRa/HF1zVSSfF/xpDkhSfV3nqu+UFlm9YIOri+2YSpvH4Az7sJPq8M2gaCasQUSevNEQ9BII/ouVvZK77vzUM+8LHo/X43fi0s=
|
data/README.md
CHANGED
@@ -14,7 +14,14 @@ gem install have-i-been-pwned
|
|
14
14
|
require 'have-i-been-pwned'
|
15
15
|
...
|
16
16
|
# returns true if the password is found, false otherwise
|
17
|
-
result = HaveIBeenPwned
|
17
|
+
result = HaveIBeenPwned.pwned 'abc123'
|
18
|
+
```
|
19
|
+
|
20
|
+
```
|
21
|
+
require 'have-i-been-pwned'
|
22
|
+
...
|
23
|
+
# returns an array with symbolized hashs of breachers (ie. [ { :name => 'Adobe' } ]) for that account, nil if none are found
|
24
|
+
result = HaveIBeenPwned.pwned_account 'some-email@gmail.com'
|
18
25
|
```
|
19
26
|
|
20
27
|
#### Rails
|
@@ -26,7 +33,7 @@ gem 'have-i-been-pwned'
|
|
26
33
|
```
|
27
34
|
# some controller
|
28
35
|
# check the password
|
29
|
-
if !HaveIBeenPwned
|
36
|
+
if !HaveIBeenPwned.pwned params[:password]
|
30
37
|
puts "Yay! You can use this password!"
|
31
38
|
else
|
32
39
|
puts "No! Bad!!"
|
data/have-i-been-pwned.gemspec
CHANGED
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
|
|
16
16
|
|
17
17
|
s.required_ruby_version = '>= 2.0.0'
|
18
18
|
|
19
|
-
s.add_runtime_dependency "httparty"
|
19
|
+
s.add_runtime_dependency "httparty", ">= 0.17.0"
|
20
20
|
|
21
21
|
s.add_development_dependency "simplecov"
|
22
22
|
s.add_development_dependency "codecov", ">= 0.1.10"
|
data/lib/have-i-been-pwned.rb
CHANGED
@@ -3,18 +3,23 @@ require 'digest'
|
|
3
3
|
|
4
4
|
module HaveIBeenPwned
|
5
5
|
class << self
|
6
|
+
# Check to see if a given password has been pwned/compromised by a breach.
|
7
|
+
# @param [String] password The *password* you want to check.
|
8
|
+
# @return [Boolean] True if the password has been compromised, false otherwise
|
6
9
|
def pwned password
|
7
10
|
# if password is not nil
|
8
11
|
if password
|
9
12
|
# get a digest of the password
|
10
13
|
digest = Digest::SHA1.hexdigest password
|
14
|
+
# make sure we nil the password
|
15
|
+
password = nil
|
11
16
|
# get the first 5 characters of the hash
|
12
17
|
first_five = digest[0..4]
|
13
18
|
# make the API call
|
14
19
|
results = HTTParty.get("https://api.pwnedpasswords.com/range/#{first_five}")
|
15
20
|
|
16
21
|
# guard: if we dont get something back
|
17
|
-
return unless results.code == 200
|
22
|
+
return false unless results.code == 200
|
18
23
|
|
19
24
|
# split the string based on line breaks into an array
|
20
25
|
res_array = results.split("\n")
|
@@ -23,16 +28,45 @@ module HaveIBeenPwned
|
|
23
28
|
# hashes are formatted hash:count
|
24
29
|
# ex. 0018A45C4D1DEF81644B54AB7F969B88D65:1
|
25
30
|
# return true if we find a match
|
26
|
-
return true if "#{first_five}#{partial_hash.split(
|
31
|
+
return true if "#{first_five}#{partial_hash.split(':')[0]}".upcase == digest.upcase
|
27
32
|
end
|
28
33
|
|
29
34
|
# return false if we dont find anything
|
30
35
|
return false
|
31
36
|
end
|
32
37
|
end
|
38
|
+
|
39
|
+
# Check to see if the given *account* was involved in a data breach
|
40
|
+
# @param [String] email The email address you want to check
|
41
|
+
# @param [String] api_key The v3 API required a paid key from haveibeenpwned.com. Can also be specified as a ENV VAR 'HIBP_API_KEY' {More Information}[https://www.troyhunt.com/authentication-and-the-have-i-been-pwned-api/]
|
42
|
+
# @param [String] user_agent Provide a custom user agent. (default: haveibeenpwned-ruby-sdk)
|
43
|
+
# @return [[Hash], nil] Returns a array of hashes containing the [:name] of places the email was compromised by.
|
44
|
+
def pwned_account email, api_key = nil, user_agent = 'haveibeenpwned-ruby-sdk'
|
45
|
+
api_key ||= ENV['HIBP_API_KEY'] # for testing
|
46
|
+
throw 'You must provide a paid API key from haveibeenpwned.com to use this feature.' if api_key.nil?
|
47
|
+
headers = {
|
48
|
+
'user-agent' => user_agent,
|
49
|
+
'Hibp-Api-Key' => api_key
|
50
|
+
}
|
51
|
+
results = HTTParty.get("https://haveibeenpwned.com/api/v3/breachedaccount/#{email}", headers: headers)
|
52
|
+
return if results.nil?
|
53
|
+
error_check = Hash[results.map { |(k, v)| [k.downcase.to_sym, v] }] rescue nil
|
54
|
+
|
55
|
+
if !error_check
|
56
|
+
results.map! { |item| Hash[item.map { |(k, v)| [k.downcase.to_sym, v] }] }
|
57
|
+
results
|
58
|
+
else
|
59
|
+
throw error_check[:message]
|
60
|
+
end
|
61
|
+
end
|
33
62
|
end
|
34
63
|
end
|
35
64
|
|
36
65
|
# Uncomment and call directly if you want to test this locally
|
37
66
|
# results = HaveIBeenPwned::pwned 'abc123'
|
38
67
|
# puts results
|
68
|
+
|
69
|
+
# results = HaveIBeenPwned.pwned_account('dale@daleslab.com', 'not_a_valid_api_key')
|
70
|
+
# results.each do |result|
|
71
|
+
# puts result[:name]
|
72
|
+
# end
|
data/lib/version.rb
CHANGED
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'helper'
|
2
|
+
|
3
|
+
class PwnedTest < Test::Unit::TestCase
|
4
|
+
|
5
|
+
def test_my_email_is_found
|
6
|
+
assert_not_nil HaveIBeenPwned.pwned_account('john@gmail.com') # just a very generic email that does fail
|
7
|
+
end
|
8
|
+
|
9
|
+
def test_my_email_is_not_found
|
10
|
+
assert_nil HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com')
|
11
|
+
end
|
12
|
+
|
13
|
+
def test_bad_api_key_gives_error
|
14
|
+
assert_raise("UncaughtThrowError") {
|
15
|
+
assert_equal false, HaveIBeenPwned.pwned_account('major.monkey.ha.not.been.hacked@gmail.com', 'not_a_valid_api_key')
|
16
|
+
}
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_no_password_at_all_raises
|
20
|
+
assert_raise("ArgumentError") {
|
21
|
+
HaveIBeenPwned.pwned
|
22
|
+
}
|
23
|
+
end
|
24
|
+
end
|
File without changes
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: have-i-been-pwned
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dale Myszewski
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 0.17.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 0.17.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: simplecov
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -116,7 +116,8 @@ files:
|
|
116
116
|
- lib/have-i-been-pwned.rb
|
117
117
|
- lib/version.rb
|
118
118
|
- test/helper.rb
|
119
|
-
- test/
|
119
|
+
- test/test_have_i_been_pwned_account.rb
|
120
|
+
- test/test_have_i_been_pwned_password.rb
|
120
121
|
- test/test_version.rb
|
121
122
|
homepage: https://github.com/Dales-Lab/haveibeenpwned-ruby-sdk
|
122
123
|
licenses:
|
@@ -137,7 +138,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
137
138
|
- !ruby/object:Gem::Version
|
138
139
|
version: '0'
|
139
140
|
requirements: []
|
140
|
-
|
141
|
+
rubyforge_project:
|
142
|
+
rubygems_version: 2.7.7
|
141
143
|
signing_key:
|
142
144
|
specification_version: 4
|
143
145
|
summary: Check to see if your passwords are safe
|