summaryrefslogtreecommitdiffstats
path: root/modules/auth/password/pwn.go
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/auth/password/pwn.go52
1 files changed, 52 insertions, 0 deletions
diff --git a/modules/auth/password/pwn.go b/modules/auth/password/pwn.go
new file mode 100644
index 0000000..e00205e
--- /dev/null
+++ b/modules/auth/password/pwn.go
@@ -0,0 +1,52 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package password
+
+import (
+ "context"
+ "errors"
+ "fmt"
+
+ "code.gitea.io/gitea/modules/auth/password/pwn"
+ "code.gitea.io/gitea/modules/setting"
+)
+
+var ErrIsPwned = errors.New("password has been pwned")
+
+type ErrIsPwnedRequest struct {
+ err error
+}
+
+func IsErrIsPwnedRequest(err error) bool {
+ _, ok := err.(ErrIsPwnedRequest)
+ return ok
+}
+
+func (err ErrIsPwnedRequest) Error() string {
+ return fmt.Sprintf("using Have-I-Been-Pwned service failed: %v", err.err)
+}
+
+func (err ErrIsPwnedRequest) Unwrap() error {
+ return err.err
+}
+
+// IsPwned checks whether a password has been pwned
+// If a password has not been pwned, no error is returned.
+func IsPwned(ctx context.Context, password string) error {
+ if !setting.PasswordCheckPwn {
+ return nil
+ }
+
+ client := pwn.New(pwn.WithContext(ctx))
+ count, err := client.CheckPassword(password, true)
+ if err != nil {
+ return ErrIsPwnedRequest{err}
+ }
+
+ if count > 0 {
+ return ErrIsPwned
+ }
+
+ return nil
+}