Skip to content
/ pwnedpasswords Public

Package for testing a password against Pwned Passwords V2 API in Vapor

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ezfe/pwnedpasswords

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
Sources/PwnedPasswords
Sources/PwnedPasswords
 
 
.gitignore
.gitignore
 
 
Package.swift
Package.swift
 
 
README.md
README.md
 
 

Repository files navigation

Vapor PwnedPasswords Provider

Swift Vapor

This packages provides an easy way to test a password against https://haveibeenpwned.com/API/v2#PwnedPasswords in your Vapor app.

This package is a fork of joscdk/pwnedpasswords-provider

Getting started

Vapor 3

In your Package.swift add:

.package(url: "https://github.com/ezfe/pwnedpasswords-provider.git", .from: "1.0.0")

Then to test a password, run e.g.:

import PwnedPasswords

router.get("password") { req -> String in        
	try PwnedPasswords().test(password: "password", with: req.client()).map { breached in
		if breached {
			print("Password breached")
		} else {
			print("Password is not breached")
		}
	}
}

You need to parse the password in as plaintext.

Security note

No passwords will ever leave the server in plaintext.

Pwned Passwords V2 uses https://en.wikipedia.org/wiki/K-anonymity to protect passwords. You can read more about it here: https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/

Thanks

TODO

  • Better documentation, and security information

About

Package for testing a password against Pwned Passwords V2 API in Vapor

Topics

swift vapor pwnedpasswords swift-5 vapor-5

Resources

Readme
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases 3

v2.0.3 Latest
Sep 16, 2020
+ 2 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages