search

andrewlock / PwnedPasswords

An ASP.NET Core Identity validator that checks for PwnedPasswords
MIT License
103 stars 12 forks source link

Provide support for the new V3 API #21

Closed SeanFarrow closed 4 years ago

SeanFarrow commented 4 years ago

Given that V2 of the API has been deprecated, should we support V3?

This is the API requiring a key.

andrewlock commented 4 years ago

Yeah definitely, v2 will be shut off soon, so we need to do this. I'm happy to take a look, or defer to you? 🙂

SeanFarrow commented 4 years ago

Hi,

I’m happy to review a PR once you’ve finished this. I think V2 has already gone, so was amazed this is still working. Given this now costs, should we add a way for people to use an offline version of the database?

From: Andrew Lock [mailto:notifications@github.com] Sent: 30 October 2019 21:38 To: andrewlock/PwnedPasswords PwnedPasswords@noreply.github.com Cc: Sean Farrow sean.farrow@seanfarrow.co.uk; Author author@noreply.github.com Subject: Re: [andrewlock/PwnedPasswords] Provide support for the new V3 API (#21)

Yeah definitely, v2 will be shut off soon, so we need to do this. I'm happy to take a look, or defer to you? 🙂

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/andrewlock/PwnedPasswords/issues/21?email_source=notifications&email_token=AALDK7UDE6E3UQJW7F6JO5DQRH5EBA5CNFSM4JGH5FC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECV3IRA#issuecomment-548123716, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALDK7VWR3IAWDV7MI4NO7LQRH5EBANCNFSM4JGH5FCQ.

andrewlock commented 4 years ago

I looked into this again, as far as I can tell from the docs, V3 only applies to the haveIbeenpwned API, not the PwnedPasswords API. Which explains why there's been no complaints 🙂

SeanFarrow commented 4 years ago

Makes sense. Feel free to close. Or, should we extend this project to check for pwned Email addresses?

From: Andrew Lock [mailto:notifications@github.com] Sent: 31 October 2019 23:00 To: andrewlock/PwnedPasswords PwnedPasswords@noreply.github.com Cc: Sean Farrow sean.farrow@seanfarrow.co.uk; Author author@noreply.github.com Subject: Re: [andrewlock/PwnedPasswords] Provide support for the new V3 API (#21)

I looked into this again, as far as I can tell from the docshttps://haveibeenpwned.com/API/v3#PwnedPasswords, V3 only applies to the haveIbeenpwned API, not the PwnedPasswords API. Which explains why there's been no complaints 🙂

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/andrewlock/PwnedPasswords/issues/21?email_source=notifications&email_token=AALDK7TONFNHWBYKFJVWRTTQRNPPJA5CNFSM4JGH5FC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOECZQAZA#issuecomment-548601956, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AALDK7QZMPWFYPYL5SW26FTQRNPPJANCNFSM4JGH5FCQ.

andrewlock commented 4 years ago

I believe there's already other libraries that handle the email/breach side of HaveIBeenPwnedApi, and I think it would complicate matters. I'm definitely inclined to keep this library as-is!