diff options
author | Daniel Baumann <daniel@debian.org> | 2024-10-18 20:33:49 +0200 |
---|---|---|
committer | Daniel Baumann <daniel@debian.org> | 2024-12-12 23:57:56 +0100 |
commit | e68b9d00a6e05b3a941f63ffb696f91e554ac5ec (patch) | |
tree | 97775d6c13b0f416af55314eb6a89ef792474615 /modules/auth/password/pwn.go | |
parent | Initial commit. (diff) | |
download | forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.tar.xz forgejo-e68b9d00a6e05b3a941f63ffb696f91e554ac5ec.zip |
Adding upstream version 9.0.3.
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '')
-rw-r--r-- | modules/auth/password/pwn.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/modules/auth/password/pwn.go b/modules/auth/password/pwn.go new file mode 100644 index 0000000..e00205e --- /dev/null +++ b/modules/auth/password/pwn.go @@ -0,0 +1,52 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package password + +import ( + "context" + "errors" + "fmt" + + "code.gitea.io/gitea/modules/auth/password/pwn" + "code.gitea.io/gitea/modules/setting" +) + +var ErrIsPwned = errors.New("password has been pwned") + +type ErrIsPwnedRequest struct { + err error +} + +func IsErrIsPwnedRequest(err error) bool { + _, ok := err.(ErrIsPwnedRequest) + return ok +} + +func (err ErrIsPwnedRequest) Error() string { + return fmt.Sprintf("using Have-I-Been-Pwned service failed: %v", err.err) +} + +func (err ErrIsPwnedRequest) Unwrap() error { + return err.err +} + +// IsPwned checks whether a password has been pwned +// If a password has not been pwned, no error is returned. +func IsPwned(ctx context.Context, password string) error { + if !setting.PasswordCheckPwn { + return nil + } + + client := pwn.New(pwn.WithContext(ctx)) + count, err := client.CheckPassword(password, true) + if err != nil { + return ErrIsPwnedRequest{err} + } + + if count > 0 { + return ErrIsPwned + } + + return nil +} |