pwned_passwords 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/pwned_passwords.rb +33 -0
- metadata +46 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4dac3d97a7a71263f3e8b19a986f70270b1d47ba1a59d20394318acadb165165
|
|
4
|
+
data.tar.gz: c5767daa36156744b6251f10317cc7b4d8144d2fb2a0d377a631608165a770a6
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: cc29f435714b20a6ab129211da7487c2620346425d5066494cf8a0ff9365734d7de7d2894fb63e2970b87872b03c9c81e13016973a2a0a20dc47af9a1d105030
|
|
7
|
+
data.tar.gz: 1e830f4471b733aa42c911253d888cb3bfa53ecf21132e526a622e143ec9f89c149c390dd2f9f7b922032233c202450c2215b1fad8fa791e4a451ff4493dc28b
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
require 'faraday'
|
|
3
|
+
|
|
4
|
+
PWNED_PASSWORD_API = 'https://api.pwnedpasswords.com/range/'.freeze
|
|
5
|
+
|
|
6
|
+
class PwnedPasswords
|
|
7
|
+
def self.check_password(password)
|
|
8
|
+
password_score = 0
|
|
9
|
+
hashed_password = Digest::SHA1.hexdigest password
|
|
10
|
+
hashed_password.upcase!
|
|
11
|
+
# get the first five characters
|
|
12
|
+
hashed_password_prefix = hashed_password[0,5]
|
|
13
|
+
hashed_password_suffix = hashed_password[5..-1]
|
|
14
|
+
query_url = "#{PWNED_PASSWORD_API}#{hashed_password_prefix}"
|
|
15
|
+
api_response = Faraday.get query_url
|
|
16
|
+
if api_response.body.length > 0
|
|
17
|
+
suffixes = api_response.body.split("\r\n")
|
|
18
|
+
suffixes.each do |line|
|
|
19
|
+
suffix,count = line.split(":")
|
|
20
|
+
if suffix == hashed_password_suffix
|
|
21
|
+
password_score = count.to_i
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
if password_score > 100
|
|
26
|
+
puts "This password has been detected in too many breaches"
|
|
27
|
+
elsif (password_score > 20 & password_score < 100)
|
|
28
|
+
puts "This password is not great. Consider changing it."
|
|
29
|
+
else
|
|
30
|
+
puts "This password is okay"
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: pwned_passwords
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.3
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Oliver Day
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2018-06-22 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: Checks against the Pwned Passwords API using the first five characters
|
|
14
|
+
of the SHA1 hash of a password to determine if it exists in previously disclosed
|
|
15
|
+
breaches.
|
|
16
|
+
email: oday@vistahigherlearning.com
|
|
17
|
+
executables: []
|
|
18
|
+
extensions: []
|
|
19
|
+
extra_rdoc_files: []
|
|
20
|
+
files:
|
|
21
|
+
- lib/pwned_passwords.rb
|
|
22
|
+
homepage: https://rubygems.org/gems/pwned_passwords
|
|
23
|
+
licenses:
|
|
24
|
+
- MIT
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubyforge_project:
|
|
42
|
+
rubygems_version: 2.7.3
|
|
43
|
+
signing_key:
|
|
44
|
+
specification_version: 4
|
|
45
|
+
summary: Checks Pwned Passwords API for passwords disclosed in previous breaches.
|
|
46
|
+
test_files: []
|