code.gitea.io/gitea@v1.19.3/modules/auth/password/pwn.go

code.gitea.io/gitea@v1.19.3/modules/auth/password/pwn.go (about)

     1  // Copyright 2020 The Gitea Authors. All rights reserved.
     2  // SPDX-License-Identifier: MIT
     3  
     4  package password
     5  
     6  import (
     7  	"context"
     8  
     9  	"code.gitea.io/gitea/modules/auth/password/pwn"
    10  	"code.gitea.io/gitea/modules/setting"
    11  )
    12  
    13  // IsPwned checks whether a password has been pwned
    14  // NOTE: This func returns true if it encounters an error under the assumption that you ALWAYS want to check against
    15  // HIBP, so not getting a response should block a password until it can be verified.
    16  func IsPwned(ctx context.Context, password string) (bool, error) {
    17  	if !setting.PasswordCheckPwn {
    18  		return false, nil
    19  	}
    20  
    21  	client := pwn.New(pwn.WithContext(ctx))
    22  	count, err := client.CheckPassword(password, true)
    23  	if err != nil {
    24  		return true, err
    25  	}
    26  
    27  	return count > 0, nil
    28  }