diff options
Diffstat (limited to 'modules/auth/password/pwn.go')
-rw-r--r-- | modules/auth/password/pwn.go | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/modules/auth/password/pwn.go b/modules/auth/password/pwn.go new file mode 100644 index 0000000..e00205e --- /dev/null +++ b/modules/auth/password/pwn.go @@ -0,0 +1,52 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// SPDX-License-Identifier: MIT + +package password + +import ( + "context" + "errors" + "fmt" + + "code.gitea.io/gitea/modules/auth/password/pwn" + "code.gitea.io/gitea/modules/setting" +) + +var ErrIsPwned = errors.New("password has been pwned") + +type ErrIsPwnedRequest struct { + err error +} + +func IsErrIsPwnedRequest(err error) bool { + _, ok := err.(ErrIsPwnedRequest) + return ok +} + +func (err ErrIsPwnedRequest) Error() string { + return fmt.Sprintf("using Have-I-Been-Pwned service failed: %v", err.err) +} + +func (err ErrIsPwnedRequest) Unwrap() error { + return err.err +} + +// IsPwned checks whether a password has been pwned +// If a password has not been pwned, no error is returned. +func IsPwned(ctx context.Context, password string) error { + if !setting.PasswordCheckPwn { + return nil + } + + client := pwn.New(pwn.WithContext(ctx)) + count, err := client.CheckPassword(password, true) + if err != nil { + return ErrIsPwnedRequest{err} + } + + if count > 0 { + return ErrIsPwned + } + + return nil +} |