Check passwords against HaveIBeenPwned (#12716)

* Implement pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Update module Signed-off-by: jolheiser <john.olheiser@gmail.com> * Apply suggestions mrsdizzie Co-authored-by: mrsdizzie <info@mrsdizzie.com> * Add link to HIBP Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add more details to admin command Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add context to pwn Signed-off-by: jolheiser <john.olheiser@gmail.com> * Consistency and making some noise ;) Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: mrsdizzie <info@mrsdizzie.com> Co-authored-by: zeripath <art27@cantab.net>
2025-05-31 11:52:10 +00:00 · 2020-09-08 17:06:39 -05:00 · 2020-09-08 17:06:39 -05:00 · c6e4bc53aa
commit c6e4bc53aa
parent bea343ce09
22 changed files with 309 additions and 8 deletions
--- a/routers/user/setting/account.go
+++ b/routers/user/setting/account.go
@ -54,6 +54,13 @@ func AccountPost(ctx *context.Context, form auth.ChangePasswordForm) {
 		ctx.Flash.Error(ctx.Tr("form.password_not_match"))
 	} else if !password.IsComplexEnough(form.Password) {
 		ctx.Flash.Error(password.BuildComplexityError(ctx))
+	} else if pwned, err := password.IsPwned(ctx.Req.Context(), form.Password); pwned || err != nil {
+		errMsg := ctx.Tr("auth.password_pwned")
+		if err != nil {
+			log.Error(err.Error())
+			errMsg = ctx.Tr("auth.password_pwned_err")
+		}
+		ctx.Flash.Error(errMsg)
 	} else {
 		var err error
 		if ctx.User.Salt, err = models.GetUserSalt(); err != nil {