Check passwords against HaveIBeenPwned (#12716)

* Implement pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply suggestions mrsdizzie Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Add link to HIBP Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add more details to admin command Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Consistency and making some noise ;) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: zeripath <art27@cantab.net>
2025-07-22 18:28:37 +00:00 · 2020-09-08 17:06:39 -05:00
parent bea343ce09
commit c6e4bc53aa
22 changed files with 309 additions and 8 deletions
--- a/modules/password/password.go
+++ b/modules/password/password.go
@@ -6,6 +6,7 @@ package password

 import (
 	"bytes"
+	goContext "context"
 	"crypto/rand"
 	"math/big"
 	"strings"
@@ -88,7 +89,7 @@ func IsComplexEnough(pwd string) bool {
 	return true
 }

-// Generate  a random password
+// Generate a random password
 func Generate(n int) (string, error) {
 	NewComplexity()
 	buffer := make([]byte, n)
@@ -101,7 +102,11 @@ func Generate(n int) (string, error) {
 			}
 			buffer[j] = validChars[rnd.Int64()]
 		}
-		if IsComplexEnough(string(buffer)) && string(buffer[0]) != " " && string(buffer[n-1]) != " " {
+		pwned, err := IsPwned(goContext.Background(), string(buffer))
+		if err != nil {
+			return "", err
+		}
+		if IsComplexEnough(string(buffer)) && !pwned && string(buffer[0]) != " " && string(buffer[n-1]) != " " {
 			return string(buffer), nil
 		}
 	}