pwned_passwords 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/pwned_passwords.rb +33 -0
- metadata +46 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 4dac3d97a7a71263f3e8b19a986f70270b1d47ba1a59d20394318acadb165165
|
|
4
|
+
data.tar.gz: c5767daa36156744b6251f10317cc7b4d8144d2fb2a0d377a631608165a770a6
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: cc29f435714b20a6ab129211da7487c2620346425d5066494cf8a0ff9365734d7de7d2894fb63e2970b87872b03c9c81e13016973a2a0a20dc47af9a1d105030
|
|
7
|
+
data.tar.gz: 1e830f4471b733aa42c911253d888cb3bfa53ecf21132e526a622e143ec9f89c149c390dd2f9f7b922032233c202450c2215b1fad8fa791e4a451ff4493dc28b
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
require 'digest'
|
|
2
|
+
require 'faraday'
|
|
3
|
+
|
|
4
|
+
PWNED_PASSWORD_API = 'https://api.pwnedpasswords.com/range/'.freeze
|
|
5
|
+
|
|
6
|
+
class PwnedPasswords
|
|
7
|
+
def self.check_password(password)
|
|
8
|
+
password_score = 0
|
|
9
|
+
hashed_password = Digest::SHA1.hexdigest password
|
|
10
|
+
hashed_password.upcase!
|
|
11
|
+
# get the first five characters
|
|
12
|
+
hashed_password_prefix = hashed_password[0,5]
|
|
13
|
+
hashed_password_suffix = hashed_password[5..-1]
|
|
14
|
+
query_url = "#{PWNED_PASSWORD_API}#{hashed_password_prefix}"
|
|
15
|
+
api_response = Faraday.get query_url
|
|
16
|
+
if api_response.body.length > 0
|
|
17
|
+
suffixes = api_response.body.split("\r\n")
|
|
18
|
+
suffixes.each do |line|
|
|
19
|
+
suffix,count = line.split(":")
|
|
20
|
+
if suffix == hashed_password_suffix
|
|
21
|
+
password_score = count.to_i
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
if password_score > 100
|
|
26
|
+
puts "This password has been detected in too many breaches"
|
|
27
|
+
elsif (password_score > 20 & password_score < 100)
|
|
28
|
+
puts "This password is not great. Consider changing it."
|
|
29
|
+
else
|
|
30
|
+
puts "This password is okay"
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: pwned_passwords
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 0.0.3
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- Oliver Day
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2018-06-22 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: Checks against the Pwned Passwords API using the first five characters
|
|
14
|
+
of the SHA1 hash of a password to determine if it exists in previously disclosed
|
|
15
|
+
breaches.
|
|
16
|
+
email: oday@vistahigherlearning.com
|
|
17
|
+
executables: []
|
|
18
|
+
extensions: []
|
|
19
|
+
extra_rdoc_files: []
|
|
20
|
+
files:
|
|
21
|
+
- lib/pwned_passwords.rb
|
|
22
|
+
homepage: https://rubygems.org/gems/pwned_passwords
|
|
23
|
+
licenses:
|
|
24
|
+
- MIT
|
|
25
|
+
metadata: {}
|
|
26
|
+
post_install_message:
|
|
27
|
+
rdoc_options: []
|
|
28
|
+
require_paths:
|
|
29
|
+
- lib
|
|
30
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
31
|
+
requirements:
|
|
32
|
+
- - ">="
|
|
33
|
+
- !ruby/object:Gem::Version
|
|
34
|
+
version: '0'
|
|
35
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
36
|
+
requirements:
|
|
37
|
+
- - ">="
|
|
38
|
+
- !ruby/object:Gem::Version
|
|
39
|
+
version: '0'
|
|
40
|
+
requirements: []
|
|
41
|
+
rubyforge_project:
|
|
42
|
+
rubygems_version: 2.7.3
|
|
43
|
+
signing_key:
|
|
44
|
+
specification_version: 4
|
|
45
|
+
summary: Checks Pwned Passwords API for passwords disclosed in previous breaches.
|
|
46
|
+
test_files: []
|