Add method that does not make use of the real password

DivineOmega / password_exposed

🔒 Password Exposed Helper Function - Check if a password has been exposed in a data breach.

GNU Lesser General Public License v3.0

213 stars 34 forks source link

Add method that does not make use of the real password #18

Closed tacovandenbroek closed 5 years ago

tacovandenbroek commented 5 years ago

However unlikely, passing a real password to a library is a risk in itself. Since there is no need to do that in this case we should provide a method to check a password by it's SHA-1 hash.

DivineOmega commented 5 years ago

This looks good to me. Thanks. 👍

Would you mind adding some tests specifically for the passwordExposedByHash method, and then I'll get this merged? Feel free to just copy the code from PasswordExposedTest.php and supply the method with pre-hashed values instead of the plaintext password.

tacovandenbroek commented 5 years ago

After some trouble with the styleci check, I've managed to add those tests ;)

DivineOmega commented 5 years ago

Thanks for adding the tests! 🙂

Just added some documentation for the new method. This will go into a new release shortly.

coveralls commented 5 years ago

Pull Request Test Coverage Report for Build 115

1 of 1 (100.0%) changed or added relevant line in 1 file are covered.
No unchanged relevant lines lost coverage.
Overall coverage decreased (-0.2%) to 89.13%

Totals
Change from base Build 109:	-0.2%
Covered Lines:	41
Relevant Lines:	46

DivineOmega / password_exposed

Add method that does not make use of the real password #18

Pull Request Test Coverage Report for Build 115

💛 - Coveralls