-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplugin.rb
45 lines (38 loc) · 1.32 KB
/
plugin.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# name: discourse-pwned-passwords
# about: A password validator using Troy Hunt's Pwned Passwords API
# version: 0.0.1
# authors: Jeff Wong
require 'net/http'
require 'digest/sha1'
enabled_site_setting :pwned_validation_enabled
after_initialize do
module ::DiscoursePwnedPasswords
class PasswordValidator < ActiveModel::EachValidator
def validate_each(record, attribute, value)
return unless record.password_validation_required?
if pwned_password(value)
record.errors.add(attribute, :pwned_common)
end
end
def pwned_password(value)
hash = Digest::SHA1.hexdigest(value).upcase
hash_start = hash.slice(0,5)
hash_rest = hash.slice(5..-1)
uri = URI("https://api.pwnedpasswords.com/range/#{hash_start}")
result = Net::HTTP.get(uri)
pwned_hash = {}
result.split.each do |raw_kv|
kv = raw_kv.split ":"
pwned_hash[kv[0]] = kv[1].to_i
end
return !!pwned_hash[hash_rest] && pwned_hash[hash_rest] >= SiteSetting.pwned_validation_threshold
end
end
class ::User
validate :pwned_passwords_validator
def pwned_passwords_validator
DiscoursePwnedPasswords::PasswordValidator.new(attributes: :password).validate_each(self, :password, @raw_password)
end
end
end
end