diff options
author | John Olheiser <john.olheiser@gmail.com> | 2020-09-08 17:06:39 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-09-08 17:06:39 -0500 |
commit | c6e4bc53aad371210f0cb670e36c57132087b230 (patch) | |
tree | ef2eecef855a4257a22eb61aefd5439be23a770e /cmd/admin.go | |
parent | bea343ce0997262e61c5d83812a270090896afbf (diff) | |
download | gitea-c6e4bc53aad371210f0cb670e36c57132087b230.tar.gz gitea-c6e4bc53aad371210f0cb670e36c57132087b230.zip |
Check passwords against HaveIBeenPwned (#12716)
* Implement pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update module
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Apply suggestions mrsdizzie
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Add link to HIBP
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add more details to admin command
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add context to pwn
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Consistency and making some noise ;)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: zeripath <art27@cantab.net>
Diffstat (limited to 'cmd/admin.go')
-rw-r--r-- | cmd/admin.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/cmd/admin.go b/cmd/admin.go index a049f7f2cf..9f81f5284d 100644 --- a/cmd/admin.go +++ b/cmd/admin.go @@ -6,6 +6,7 @@ package cmd import ( + "context" "errors" "fmt" "os" @@ -265,6 +266,13 @@ func runChangePassword(c *cli.Context) error { if !pwd.IsComplexEnough(c.String("password")) { return errors.New("Password does not meet complexity requirements") } + pwned, err := pwd.IsPwned(context.Background(), c.String("password")) + if err != nil { + return err + } + if pwned { + return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords") + } uname := c.String("username") user, err := models.GetUserByName(uname) if err != nil { |