Does GetPwnedPassword even work?

[Robar666]

Hi,

as from what I see on https://github.com/jfversluis/BeenPwned.Api/blob/master/src/BeenPwned.Api/BeenPwnedClient.cs#L100 GetPwnedPassword always returns true if the response is 200 (OK)?

According to https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange this will ALWAYS return 200 and the response have to be checked if the given password is really pwned.

Am I missing something out or is GetPwnedPassword currently not usable?

[jfversluis]

It seems some stuff has changed since I last checked this 🙂

Can't tell if it would not work at all at this point, but that might as well be the case. Any PR's are gladly accepted