This packages provides an easy way to test a password against https://haveibeenpwned.com/API/v2#PwnedPasswords in your Vapor app.
This package is a fork of joscdk/pwnedpasswords-provider
In your Package.swift
add:
.package(url: "https://github.com/ezfe/pwnedpasswords-provider.git", .from: "1.0.0")
Then to test a password, run e.g.:
import PwnedPasswords
router.get("password") { req -> String in
try PwnedPasswords().test(password: "password", with: req.client()).map { breached in
if breached {
print("Password breached")
} else {
print("Password is not breached")
}
}
}
You need to parse the password in as plaintext.
No passwords will ever leave the server in plaintext.
Pwned Passwords V2 uses https://en.wikipedia.org/wiki/K-anonymity to protect passwords. You can read more about it here: https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/
- Special thanks to https://www.troyhunt.com/ for providing the API.
- Better documentation, and security information