search

craftpulse / craft-password-policy

Enforce a password policy on your Craft CMS users.
MIT License
27 stars 9 forks source link

[WIP] Fix pwnd to range #11

Closed lenvanessen closed 5 years ago

lenvanessen commented 5 years ago

Fixed #10

riasvdv commented 5 years ago

This won't fully work, as the API now returns a different response that has to be checked (https://haveibeenpwned.com/API/v3#PwnedPasswords)

For example it would return this:

0018A45C4D1DEF81644B54AB7F969B88D65:1
00D4F6E8FA6EECAD2A3AA415EEC418D38EC:2
011053FD0102E94D6AE2F8B83D76FAF94F6:1
012A7CA357541F0AC487871FEEC1891C49C:2
0136E006E24E7D152139815FB0FC6A50B15:2
...

For the following request: GET https://api.pwnedpasswords.com/range/21BD1

We then have to check if the remainder of the full hash exists in the response

riasvdv commented 5 years ago

Thanks!