File Coverage

blib/lib/Password/Policy/Rule/Pwned.pm
Criterion Covered Total %
statement 33 33 100.0
branch 4 4 100.0
condition n/a
subroutine 8 8 100.0
pod 1 1 100.0
total 46 46 100.0


line stmt bran cond sub pod time code
1             #
2             #===============================================================================
3             #
4             # FILE: Pwned.pm
5             #
6             # DESCRIPTION: Check HIBP to see if this password has been pwned
7             #
8             # FILES: ---
9             # BUGS: ---
10             # NOTES: https://haveibeenpwned.com/API/v2#PwnedPasswords
11             # AUTHOR: Pete Houston (pete), cpan@openstrike.co.uk
12             # ORGANIZATION: Openstrike
13             # VERSION: See $VERSION in code
14             # CREATED: 29/05/18 14:44:30
15             # REVISION: ---
16             #===============================================================================
17              
18 4     4   159378 use strict;
  4         13  
  4         84  
19 4     4   12 use warnings;
  4         8  
  4         101  
20              
21             package Password::Policy::Rule::Pwned;
22              
23 4     4   18 use parent 'Password::Policy::Rule';
  4         8  
  4         13  
24              
25 4     4   2539 use Password::Policy::Exception::Pwned;
  4         7  
  4         69  
26 4     4   902 use Password::Policy::Exception::PwnedError;
  4         6  
  4         69  
27 4     4   1887 use LWP::UserAgent;
  4         126770  
  4         115  
28 4     4   1577 use Digest::SHA 'sha1_hex';
  4         8923  
  4         791  
29              
30             our $VERSION = '0.01';
31             my $ua = __PACKAGE__ . '/' . $VERSION;
32             my $timeout = 5;
33             our $base_url = 'https://api.pwnedpasswords.com/range/';
34              
35             sub check {
36 14     14 1 54448 my $self = shift;
37 14         47 my $password = $self->prepare (shift);
38 14         187 my $hash = uc sha1_hex ($password);
39 14         46 my $range = substr ($hash, 0, 5, '');
40 14         33 my $url = $base_url . $range;
41 14         89 my $res = LWP::UserAgent->new (agent => $ua, timeout => $timeout)->get ($url);
42 14 100       1608601 if ($res->code != 200) {
43 3         33 warn $res->status_line;
44 3         457 Password::Policy::Exception::PwnedError->throw;
45             }
46 11 100       168 if (index ($res->content, "$hash:") > -1) {
47 6         1871 Password::Policy::Exception::Pwned->throw;
48             }
49 5         1771 return 1;
50             }
51              
52             __END__