Closed mattlorimor closed 6 years ago
@mattlorimor thank you for pointing this out and fixing this. I merged of course! It still has a bug though that I'll fix as soon as possible. While testing the code with the fixes, providing the sha1-hash:
7c6a61c68ef8b9b6b061b28c348bc1ed7921cb53:passw0rd
it works but it returns a false number 2. From what I saw that occurs because in the code we just check the prefix and count the first occurence only. We need to include the suffix also!
Link with the results from HIBP: https://api.pwnedpasswords.com/range/7c6a6
The bug is here: https://github.com/chrispetrou/FastAudit/blob/master/wp/utils.py#L362.
Should be [5:]
. Not [5:0
]. Dammit.
Troy of HIBP has turned off the ability to search by password. All searches must now use the anonymous range search. This is more desirable as the password itself is never transferred across the wire.
This PR makes the necessary changes to call the correct endpoint.