search

xsist10 / HaveIBeenPwned

PHP client for the haveibeenpwned.com API
MIT License
15 stars 8 forks source link

Broken? #2

Closed gaigelama closed 6 years ago

gaigelama commented 7 years ago

This API Client hasn't been updated in 3 years, but it seems to be the most popular around. I'm getting no errors, and the object output is empty. This may be based of the v1 API, but I believe it's still supported. I might be able to fix the issue and submit a pull request

xsist10 commented 7 years ago

Hi. The client uses the v2 endpoint: https://github.com/xsist10/HaveIBeenPwned/blob/master/src/HaveIBeenPwned.php#L36

Could you give me an example of your use case that results in an empty response?

xsist10 commented 7 years ago

After looking at the API spec again an empty output object from checkAccount($email) means that there are no known public breaches for the specified email address.

In addition:

Note: the public API will not return accounts from any breaches flagged as sensitive or retired. By default, the API also won't return breaches flagged as unverified, however these can be included by using the following parameter: includeUnverified=true

https://haveibeenpwned.com/api/v2/#BreachesForAccount

gaigelama commented 7 years ago

I tried my email address, which gets results back normally. I tested to make sure it wasn't an issue with their API at the time, and I used guzzle for that, and it worked as expected.

I've tested it on a Windows and macOS Computer, running 7.1.5 and 7.1.6 respectively. Display errors was enabled, and I've tried with xdebug as well no luck. It just returns empty objects according to var_dump().

xsist10 commented 6 years ago

I've modified the library to support different adapters, so you can pass in a cURL handler instead and enable logging on it (using the PSR -3 Logger standard). This should give you an easier way of debugging your problem. If you have time you can even create an adapter for Guzzle (just implement a wrapper class that implements the Adapter interface).

You can install a logging library like monolog to help with this:

composer require monolog/monolog

Implement it like this:

use xsist10\HaveIBeenPwned\HaveIBeenPwned;
use xsist10\HaveIBeenPwned\Adapter\Curl;

use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Monolog\Handler\ErrorLogHandle;

$logger = new Logger('name');
// Push all logging up to the level of DEBUG to your log file
$logger->pushHandler(new StreamHandler('/path/to/log/file', Logger::DEBUG));
// Push all logging up to the level of INFO to your stdout
$logger->pushHandler(new ErrorLogHandler(), Logger::INFO);

$adapter = new Curl();
$adapter->setLogger($logger);
$manager = new HaveIBeenPwned($adapter);