class HIBPPasswordChecker

Public Class Methods

pwned?(password) click to toggle source

Example usage:

HIBPPasswordChecker.pwned?(“password”)

> true¶ ↑

HIBPPasswordChecker.pwned?(“3WJwP#cnFoUQ.9oPpc2Taivvgea+Qz2*egY”)

> false¶ ↑

# File lib/hibp_password_checker.rb, line 12
def self.pwned?(password)
  hash = hash_password(password)
  pwned_hashes = parse_response(pwned_passwords_from_hash(hash))
  have_i_been_pwned(hash, pwned_hashes)
end

Private Class Methods

hash_password(password) click to toggle source

# File lib/hibp_password_checker.rb, line 36
def self.hash_password(password)
  ::Digest::SHA1.hexdigest(password)
end

have_i_been_pwned(hash, pwned_passwords) click to toggle source

# File lib/hibp_password_checker.rb, line 20
def self.have_i_been_pwned(hash, pwned_passwords)
  pwned = pwned_passwords.select {|hashed| hash.upcase == (hash[0..4] + hashed[0..34]).upcase}
  !pwned.size.zero?
end

parse_response(response_body) click to toggle source

# File lib/hibp_password_checker.rb, line 32
def self.parse_response(response_body)
  response_body.split("\r\n")
end

pwned_passwords_from_hash(hash) click to toggle source

# File lib/hibp_password_checker.rb, line 25
def self.pwned_passwords_from_hash(hash)
  shortened_hash = hash[0..4]
  uri = URI("https://api.pwnedpasswords.com/range/#{shortened_hash}")
  res = Net::HTTP.get_response(uri)
  res.body if res.is_a?(Net::HTTPSuccess)
end