[BUG]: Too many requests to pwned

[X-Raph-X]

⚠️ This issue respects the following points: ⚠️

• [X] This is a single bug, not a question or a configuration/webserver/proxy issue.
• [X] This is not a bug in the browser extension or another client.
• [X] This issue is not already reported on Github (I've searched it).
• [X] Nextcloud Server and the Passwords App is up to date. See Nextcloud Apps.
• [X] There are no warnings and errors reported in the Passwords App settings in the admin area
• [X] The following apps are not installed: Rainloop

Server Information

www-data@nextcloud:~/nextcloud$ php ./occ passwords:system:report debug
{
    "version": {
        "server": "28.0.3.2",
        "app": "2024.7.20",
        "lsr": false,
        "php": "8.2.22",
        "cronPhp": "8.2.22"
    },
    "environment": {
        "os": "Linux",
        "architecture": "x86_64",
        "bits": 64,
        "database": "mysql",
        "cron": "cron",
        "proxy": false,
        "sslProxy": true,
        "subdirectory": false
    },
    "services": {
        "images": "imagick",
        "favicons": "bi",
        "previews": "screeenly",
        "security": "hibp",
        "words": "auto",
        "previewApi": true,
        "faviconApi": false
    },
    "status": {
        "autoBackupRestored": false
    },
    "settings": {
        "channel": "stable",
        "nightlies": false,
        "handbook": false,
        "performance": 5
    },
    "encryption": {
        "sse": {
            "SSEv1r1": false,
            "SSEv1r2": true,
            "SSEv2r1": false,
            "SSEv3r1": false,
            "none": true,
            "default": "none"
        },
        "cse": {
            "CSEv1r1": true,
            "none": true,
            "default": "CSEv1r1"
        }
    }
}

Client Information

Browser and Version: Firefox up to date 129.0.2 Client OS and Version: Windows 11 and Linux Debian SID

Bug description

Hi, I use your application since a while and I am very satisfyed, this piece of software keeps all my life into his hands. I use the service pwned to check the validity of my passwords and I can see that the service is asked very often by the server, something like 10 times per minutes. Is it normal? Is it too much?

Thank you for your great job!

Steps to reproduce

1. install the app on Nextcloud
2. choose pwned as service to check the password quality
3. store some passwords
4. check the DNS queries made by the Nexcloud server

Expected behavior

In my opinion, there is too much requests but I might be wrong. The purpose of this issue is to share this information and have a feedback. Perhaps it is normal and in this case I would like to know why? Otherwise it is something that can be corrected but there is no emergency.

Nextcloud Logs

No response

Browser Logs

No response

[marius-wieschollek]

This looks completely normal. The app checks the password hashes every day, so there should be some requests. The app also checks if HIBP can be reached, e.g. when you open the settings page.