mirror of
https://github.com/TeamPiped/Piped-Backend.git
synced 2024-12-13 13:50:28 +05:30
Check if passwords are compromised in HIBP.
This commit is contained in:
parent
721f197bd8
commit
cdcae82c4d
23
src/main/java/me/kavin/piped/utils/RequestUtils.java
Normal file
23
src/main/java/me/kavin/piped/utils/RequestUtils.java
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
package me.kavin.piped.utils;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
|
import java.net.http.HttpRequest;
|
||||||
|
import java.net.http.HttpResponse.BodyHandlers;
|
||||||
|
|
||||||
|
import me.kavin.piped.consts.Constants;
|
||||||
|
|
||||||
|
public class RequestUtils {
|
||||||
|
|
||||||
|
public static String sendGet(String url) throws IOException, InterruptedException, URISyntaxException {
|
||||||
|
return sendGet(url, Constants.USER_AGENT);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String sendGet(String url, String ua) throws IOException, InterruptedException, URISyntaxException {
|
||||||
|
|
||||||
|
HttpRequest request = HttpRequest.newBuilder(new URI(url)).GET().setHeader("User-Agent", ua).build();
|
||||||
|
|
||||||
|
return Constants.h2client.send(request, BodyHandlers.ofString()).body();
|
||||||
|
}
|
||||||
|
}
|
@ -4,6 +4,7 @@ import java.io.IOException;
|
|||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.net.MalformedURLException;
|
import java.net.MalformedURLException;
|
||||||
import java.net.URI;
|
import java.net.URI;
|
||||||
|
import java.net.URISyntaxException;
|
||||||
import java.net.URL;
|
import java.net.URL;
|
||||||
import java.net.http.HttpRequest;
|
import java.net.http.HttpRequest;
|
||||||
import java.net.http.HttpRequest.BodyPublishers;
|
import java.net.http.HttpRequest.BodyPublishers;
|
||||||
@ -26,6 +27,7 @@ import javax.persistence.criteria.CriteriaBuilder;
|
|||||||
import javax.persistence.criteria.CriteriaQuery;
|
import javax.persistence.criteria.CriteriaQuery;
|
||||||
import javax.persistence.criteria.Root;
|
import javax.persistence.criteria.Root;
|
||||||
|
|
||||||
|
import org.apache.commons.codec.digest.DigestUtils;
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||||
@ -88,6 +90,7 @@ import me.kavin.piped.utils.obj.search.SearchPlaylist;
|
|||||||
import me.kavin.piped.utils.resp.AcceptedResponse;
|
import me.kavin.piped.utils.resp.AcceptedResponse;
|
||||||
import me.kavin.piped.utils.resp.AlreadyRegisteredResponse;
|
import me.kavin.piped.utils.resp.AlreadyRegisteredResponse;
|
||||||
import me.kavin.piped.utils.resp.AuthenticationFailureResponse;
|
import me.kavin.piped.utils.resp.AuthenticationFailureResponse;
|
||||||
|
import me.kavin.piped.utils.resp.CompromisedPasswordResponse;
|
||||||
import me.kavin.piped.utils.resp.IncorrectCredentialsResponse;
|
import me.kavin.piped.utils.resp.IncorrectCredentialsResponse;
|
||||||
import me.kavin.piped.utils.resp.InvalidRequestResponse;
|
import me.kavin.piped.utils.resp.InvalidRequestResponse;
|
||||||
import me.kavin.piped.utils.resp.LoginResponse;
|
import me.kavin.piped.utils.resp.LoginResponse;
|
||||||
@ -551,8 +554,8 @@ public class ResponseHelper {
|
|||||||
|
|
||||||
private static final Argon2PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
|
private static final Argon2PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
|
||||||
|
|
||||||
public static final byte[] registerResponse(String user, String pass)
|
public static final byte[] registerResponse(String user, String pass) throws IOException, NoSuchAlgorithmException,
|
||||||
throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
|
InvalidKeySpecException, InterruptedException, URISyntaxException {
|
||||||
|
|
||||||
if (user == null || pass == null)
|
if (user == null || pass == null)
|
||||||
return Constants.mapper.writeValueAsBytes(new InvalidRequestResponse());
|
return Constants.mapper.writeValueAsBytes(new InvalidRequestResponse());
|
||||||
@ -571,6 +574,18 @@ public class ResponseHelper {
|
|||||||
return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse());
|
return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
String sha1Hash = DigestUtils.sha1Hex(pass).toUpperCase();
|
||||||
|
String prefix = sha1Hash.substring(0, 5);
|
||||||
|
String suffix = sha1Hash.substring(5);
|
||||||
|
String[] entries = RequestUtils
|
||||||
|
.sendGet("https://api.pwnedpasswords.com/range/" + prefix, "github.com/TeamPiped/Piped-Backend")
|
||||||
|
.split("\n");
|
||||||
|
for (String entry : entries)
|
||||||
|
if (StringUtils.substringBefore(entry, ":").equals(suffix))
|
||||||
|
return Constants.mapper.writeValueAsBytes(new CompromisedPasswordResponse());
|
||||||
|
}
|
||||||
|
|
||||||
User newuser = new User(user, argon2PasswordEncoder.encode(pass), Collections.emptyList());
|
User newuser = new User(user, argon2PasswordEncoder.encode(pass), Collections.emptyList());
|
||||||
|
|
||||||
s.save(newuser);
|
s.save(newuser);
|
||||||
|
@ -0,0 +1,7 @@
|
|||||||
|
package me.kavin.piped.utils.resp;
|
||||||
|
|
||||||
|
public class CompromisedPasswordResponse {
|
||||||
|
|
||||||
|
public String error = "The password you have entered has already been compromised.";
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user