File Coverage

blib/lib/Password/Policy/Rule/Pwned.pm
Criterion Covered Total %
statement 33 33 100.0
branch 4 4 100.0
condition n/a
subroutine 8 8 100.0
pod 1 1 100.0
total 46 46 100.0


line stmt bran cond sub pod time code
1             #
2             #===============================================================================
3             #
4             # FILE: Pwned.pm
5             #
6             # DESCRIPTION: Check HIBP to see if this password has been pwned
7             #
8             # FILES: ---
9             # BUGS: ---
10             # NOTES: https://haveibeenpwned.com/API/v2#PwnedPasswords
11             # AUTHOR: Pete Houston (pete), cpan@openstrike.co.uk
12             # ORGANIZATION: Openstrike
13             # VERSION: See $VERSION in code
14             # CREATED: 29/05/18 14:44:30
15             # REVISION: ---
16             #===============================================================================
17              
18 4     4   211184 use strict;
  4         15  
  4         169  
19 4     4   23 use warnings;
  4         9  
  4         143  
20              
21             package Password::Policy::Rule::Pwned;
22              
23 4     4   50 use parent 'Password::Policy::Rule';
  4         9  
  4         19  
24              
25 4     4   3586 use Password::Policy::Exception::Pwned;
  4         10  
  4         97  
26 4     4   1260 use Password::Policy::Exception::PwnedError;
  4         12  
  4         92  
27 4     4   2752 use LWP::UserAgent;
  4         183398  
  4         156  
28 4     4   2573 use Digest::SHA 'sha1_hex';
  4         13031  
  4         1177  
29              
30             our $VERSION = '0.02';
31             my $ua = __PACKAGE__ . '/' . $VERSION;
32             my $timeout = 5;
33             our $base_url = 'https://api.pwnedpasswords.com/range/';
34              
35             sub check {
36 14     14 1 74635 my $self = shift;
37 14         63 my $password = $self->prepare (shift);
38 14         228 my $hash = uc sha1_hex ($password);
39 14         64 my $range = substr ($hash, 0, 5, '');
40 14         47 my $url = $base_url . $range;
41 14         136 my $res = LWP::UserAgent->new (agent => $ua, timeout => $timeout)->get ($url);
42 14 100       6619191 if ($res->code != 200) {
43 3         100 warn $res->status_line;
44 3         673 Password::Policy::Exception::PwnedError->throw;
45             }
46 11 100       205 if (index ($res->content, "$hash:") > -1) {
47 6         2706 Password::Policy::Exception::Pwned->throw;
48             }
49 5         1859 return 1;
50             }
51              
52             __END__