mirror of
https://github.com/TeamPiped/Piped-Backend.git
synced 2024-12-13 05:40:30 +05:30
Check if passwords are compromised in HIBP.
This commit is contained in:
parent
721f197bd8
commit
cdcae82c4d
23
src/main/java/me/kavin/piped/utils/RequestUtils.java
Normal file
23
src/main/java/me/kavin/piped/utils/RequestUtils.java
Normal file
@ -0,0 +1,23 @@
|
||||
package me.kavin.piped.utils;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.http.HttpRequest;
|
||||
import java.net.http.HttpResponse.BodyHandlers;
|
||||
|
||||
import me.kavin.piped.consts.Constants;
|
||||
|
||||
public class RequestUtils {
|
||||
|
||||
public static String sendGet(String url) throws IOException, InterruptedException, URISyntaxException {
|
||||
return sendGet(url, Constants.USER_AGENT);
|
||||
}
|
||||
|
||||
public static String sendGet(String url, String ua) throws IOException, InterruptedException, URISyntaxException {
|
||||
|
||||
HttpRequest request = HttpRequest.newBuilder(new URI(url)).GET().setHeader("User-Agent", ua).build();
|
||||
|
||||
return Constants.h2client.send(request, BodyHandlers.ofString()).body();
|
||||
}
|
||||
}
|
@ -4,6 +4,7 @@ import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
import java.net.URL;
|
||||
import java.net.http.HttpRequest;
|
||||
import java.net.http.HttpRequest.BodyPublishers;
|
||||
@ -26,6 +27,7 @@ import javax.persistence.criteria.CriteriaBuilder;
|
||||
import javax.persistence.criteria.CriteriaQuery;
|
||||
import javax.persistence.criteria.Root;
|
||||
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.commons.lang3.exception.ExceptionUtils;
|
||||
@ -88,6 +90,7 @@ import me.kavin.piped.utils.obj.search.SearchPlaylist;
|
||||
import me.kavin.piped.utils.resp.AcceptedResponse;
|
||||
import me.kavin.piped.utils.resp.AlreadyRegisteredResponse;
|
||||
import me.kavin.piped.utils.resp.AuthenticationFailureResponse;
|
||||
import me.kavin.piped.utils.resp.CompromisedPasswordResponse;
|
||||
import me.kavin.piped.utils.resp.IncorrectCredentialsResponse;
|
||||
import me.kavin.piped.utils.resp.InvalidRequestResponse;
|
||||
import me.kavin.piped.utils.resp.LoginResponse;
|
||||
@ -551,8 +554,8 @@ public class ResponseHelper {
|
||||
|
||||
private static final Argon2PasswordEncoder argon2PasswordEncoder = new Argon2PasswordEncoder();
|
||||
|
||||
public static final byte[] registerResponse(String user, String pass)
|
||||
throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
|
||||
public static final byte[] registerResponse(String user, String pass) throws IOException, NoSuchAlgorithmException,
|
||||
InvalidKeySpecException, InterruptedException, URISyntaxException {
|
||||
|
||||
if (user == null || pass == null)
|
||||
return Constants.mapper.writeValueAsBytes(new InvalidRequestResponse());
|
||||
@ -571,6 +574,18 @@ public class ResponseHelper {
|
||||
return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse());
|
||||
}
|
||||
|
||||
{
|
||||
String sha1Hash = DigestUtils.sha1Hex(pass).toUpperCase();
|
||||
String prefix = sha1Hash.substring(0, 5);
|
||||
String suffix = sha1Hash.substring(5);
|
||||
String[] entries = RequestUtils
|
||||
.sendGet("https://api.pwnedpasswords.com/range/" + prefix, "github.com/TeamPiped/Piped-Backend")
|
||||
.split("\n");
|
||||
for (String entry : entries)
|
||||
if (StringUtils.substringBefore(entry, ":").equals(suffix))
|
||||
return Constants.mapper.writeValueAsBytes(new CompromisedPasswordResponse());
|
||||
}
|
||||
|
||||
User newuser = new User(user, argon2PasswordEncoder.encode(pass), Collections.emptyList());
|
||||
|
||||
s.save(newuser);
|
||||
|
@ -0,0 +1,7 @@
|
||||
package me.kavin.piped.utils.resp;
|
||||
|
||||
public class CompromisedPasswordResponse {
|
||||
|
||||
public String error = "The password you have entered has already been compromised.";
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user