hibp-client 0.1.1 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +6 -0
- data/lib/hibp/client.rb +10 -4
- data/lib/hibp/parsers/password.rb +9 -8
- data/lib/hibp/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0b684e158e498990a310f602b8f5f9eceb0526189653e8e3b3ca905b48f10692
|
|
4
|
+
data.tar.gz: 9064ef148bf0d92595de8850148e08b9ba073604e7dc913c7c4e1494b8ec601f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ef6f3da27a13279651d58fb1145b12284a7ba62f168a4d1cec1928425e0491a592dc74647449f4eea5bc682b0478907b4abbf857f787d81ad7c34cff8f5237da
|
|
7
|
+
data.tar.gz: 9ae9e0aff64820ab709ebd8b32c265d7991fda280fc62ebe918837198b4807db5516273221c2381db6362e185e14b4e18984b475407610777a352f398f3be968
|
data/README.md
CHANGED
|
@@ -282,6 +282,12 @@ client.passwords('password').fetch
|
|
|
282
282
|
|
|
283
283
|
```
|
|
284
284
|
|
|
285
|
+
You can optionally pass in a second boolean parameter to the `passwords` command, to enable response padding. This will add a random number of fake password hashes to the response, preventing anyone analysing the encrypted response from guessing the password. The fake data is removed prior to returning the array of password models so there is no additional filtering you need to do.
|
|
286
|
+
```ruby
|
|
287
|
+
client = Hibp::Client.new
|
|
288
|
+
client.passwords('password', add_padding: true).fetch
|
|
289
|
+
```
|
|
290
|
+
|
|
285
291
|
### Errors
|
|
286
292
|
|
|
287
293
|
This gem will throw custom exception if an API error occurred.
|
data/lib/hibp/client.rb
CHANGED
|
@@ -114,23 +114,29 @@ module Hibp
|
|
|
114
114
|
# @param password [String] -
|
|
115
115
|
# The value of the source password being searched for
|
|
116
116
|
#
|
|
117
|
+
# @param add_padding [Boolean] -
|
|
118
|
+
# Pads out the response with a random number of fake requests, to prevent
|
|
119
|
+
# anyone looking at the responses from guessing what the hash prefix was.
|
|
120
|
+
#
|
|
121
|
+
#
|
|
117
122
|
# @note The API will respond with include the suffix of every hash beginning
|
|
118
123
|
# with the specified password prefix(five first chars of the password hash),
|
|
119
124
|
# and with a count of how many times it appears in the data set.
|
|
120
125
|
#
|
|
121
126
|
# @return [Hibp::Query]
|
|
122
127
|
#
|
|
123
|
-
def passwords(password)
|
|
124
|
-
configure_password_query(password)
|
|
128
|
+
def passwords(password, add_padding: false)
|
|
129
|
+
configure_password_query(password, add_padding)
|
|
125
130
|
end
|
|
126
131
|
|
|
127
132
|
private
|
|
128
133
|
|
|
129
|
-
def configure_password_query(password)
|
|
134
|
+
def configure_password_query(password, add_padding)
|
|
130
135
|
pwd_hash = ::Digest::SHA1.hexdigest(password).upcase
|
|
131
136
|
endpoint = "#{PASSWORD_API_HOST}/#{pwd_hash[0..4]}"
|
|
137
|
+
headers = add_padding ? {'Add-Padding' => 'true'} : {}
|
|
132
138
|
|
|
133
|
-
Query.new(endpoint: endpoint, parser: Parsers::Password.new)
|
|
139
|
+
Query.new(endpoint: endpoint, headers: headers, parser: Parsers::Password.new)
|
|
134
140
|
end
|
|
135
141
|
|
|
136
142
|
def configure_core_query(service, parameter = nil)
|
|
@@ -10,7 +10,8 @@ module Hibp
|
|
|
10
10
|
ROWS_SPLITTER = "\r\n"
|
|
11
11
|
ATTRIBUTES_SPLITTER = ':'
|
|
12
12
|
|
|
13
|
-
# Convert API response raw data to the passwords models.
|
|
13
|
+
# Convert API response raw data to the passwords models. If occurrences of
|
|
14
|
+
# a hash suffix are 0 then it's fake data added by the add_padding option
|
|
14
15
|
#
|
|
15
16
|
# @param response [] -
|
|
16
17
|
# Contains the suffix of every hash beginning with the specified prefix,
|
|
@@ -21,15 +22,15 @@ module Hibp
|
|
|
21
22
|
def parse_response(response)
|
|
22
23
|
data = response.body
|
|
23
24
|
|
|
24
|
-
data.split(ROWS_SPLITTER).
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
private
|
|
25
|
+
data.split(ROWS_SPLITTER).inject([]) do |array, row|
|
|
26
|
+
suffix, occurrences = row.split(ATTRIBUTES_SPLITTER)
|
|
28
27
|
|
|
29
|
-
|
|
30
|
-
|
|
28
|
+
if occurrences.to_i > 0
|
|
29
|
+
array << Models::Password.new(suffix: suffix, occurrences: occurrences.to_i)
|
|
30
|
+
end
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
array
|
|
33
|
+
end
|
|
33
34
|
end
|
|
34
35
|
end
|
|
35
36
|
end
|
data/lib/hibp/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: hibp-client
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Warshavski
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-05
|
|
11
|
+
date: 2020-08-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: faraday
|