Skip to content

nbaars/pwnedpasswords4j

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits

pwnedpasswords4j-client

pwnedpasswords4j-client

 
 

pwnedpasswords4j-demo

pwnedpasswords4j-demo

 
 

pwnedpasswords4j-spring-boot-starter

pwnedpasswords4j-spring-boot-starter

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

CHANGELOG.md

CHANGELOG.md

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

pom.xml

pom.xml

 
 

Repository files navigation

Java client for pwnedpasswords.com

Build Status Maintainability Quality Gate Coverage

Introduction

A Java client for checking a password against pwnedpasswords.com using the Searching by range API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange

News: Artifacts are available through Maven Central

Pure Java client

The artifact client can be used in a standalone Java program and does not rely on Spring Boot To use the checker you need to add the following library to the pom.xml:

<dependency>
  <groupId>com.github.nbaars</groupId>
  <artifactId>pwnedpasswords4j-client</artifactId>
  <version>1.1.0</version>
</dependency>

In the code you can check a password as follows:

PwnedPasswordChecker checker = PwnedPasswordChecker.standalone("My user agent")
boolean result = checker.check("password");

//OR for non blocking:

CompletableFuture<Boolean> result = checker.asyncCheck("password");

The user-agent is necessary to specify as described in the API description at haveibeenpwned.com.

Spring Boot autoconfigure

For Spring Boot there is an autoconfigure module, to use this use the following dependency inside your project:

<dependency>
  <groupId>com.github.nbaars</groupId>
  <artifactId>pwnedpasswords4j-spring-boot-starter</artifactId>
  <version>1.0.1</version>
</dependency>

In the application.properties you should add:

pwnedpasswords4j.user_agent=Testing   # Required as described in the documentation of haveibeenpwned.com API
pwnedpasswords4j.url=https://api.pwnedpasswords.com/range/ # Optional

Wire up the checker as follows:

 @Autowired
 private PwnedPasswordChecker checker;
 
 ...
 
 public void signup() {
    boolean result = checker.check("password");
    
    //or for non-blocking use:
    
    CompletableFuture<Boolean> result = checker.asyncCheck("password");
 }

As an example see the demo project:

@RestController
public class SignupController {

    @Autowired
    private PwnedPasswordChecker checker;

    @PostMapping
    public ResponseEntity<?> login(@RequestBody Login login) {
        if (checker.check("password")) {
            return ResponseEntity.badRequest().body("Consider changing your password");
        }
        return ResponseEntity.ok().build();
    }
}

Releasing

This is a manual process for now, make sure the GPG keys are in place

mvn clean deploy -Prelease

Go to https://oss.sonatype.org/#stagingRepositories and search the uploaded bundle, click Close wait for all the rules to finish and click Release.

About

A Java client for checking a password against pwnedpasswords.com using the `Searching by range` API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange

Topics

java spring-boot passwords haveibeenpwned security-tools

Resources

Readme

License

View license

Code of conduct

Code of conduct
Activity

Stars

5 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

10 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages