From dd136858f1ea40ad3c94191d647487fa4f31926c Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel@debian.org>
Date: Fri, 18 Oct 2024 20:33:49 +0200
Subject: Adding upstream version 9.0.0.

Signed-off-by: Daniel Baumann <daniel@debian.org>
---
 modules/auth/password/pwn.go | 52 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 modules/auth/password/pwn.go

(limited to 'modules/auth/password/pwn.go')

diff --git a/modules/auth/password/pwn.go b/modules/auth/password/pwn.go
new file mode 100644
index 0000000..e00205e
--- /dev/null
+++ b/modules/auth/password/pwn.go
@@ -0,0 +1,52 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package password
+
+import (
+	"context"
+	"errors"
+	"fmt"
+
+	"code.gitea.io/gitea/modules/auth/password/pwn"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+var ErrIsPwned = errors.New("password has been pwned")
+
+type ErrIsPwnedRequest struct {
+	err error
+}
+
+func IsErrIsPwnedRequest(err error) bool {
+	_, ok := err.(ErrIsPwnedRequest)
+	return ok
+}
+
+func (err ErrIsPwnedRequest) Error() string {
+	return fmt.Sprintf("using Have-I-Been-Pwned service failed: %v", err.err)
+}
+
+func (err ErrIsPwnedRequest) Unwrap() error {
+	return err.err
+}
+
+// IsPwned checks whether a password has been pwned
+// If a password has not been pwned, no error is returned.
+func IsPwned(ctx context.Context, password string) error {
+	if !setting.PasswordCheckPwn {
+		return nil
+	}
+
+	client := pwn.New(pwn.WithContext(ctx))
+	count, err := client.CheckPassword(password, true)
+	if err != nil {
+		return ErrIsPwnedRequest{err}
+	}
+
+	if count > 0 {
+		return ErrIsPwned
+	}
+
+	return nil
+}
-- 
cgit v1.2.3