nswdpc / silverstripe-pwnage-hinter
Verify hashed passwords against HIBP
Installs: 4 473
Dependents: 1
Suggesters: 0
Security: 0
Stars: 1
Watchers: 4
Forks: 0
Open Issues: 0
Type:silverstripe-vendormodule
Requires
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3
- phpunit/phpunit: ^9.5
This package is auto-updated.
Last update: 2024-10-30 01:48:26 UTC
README
This module allows checking of passwords against the HIBP corpus.
For more information on how the Pwned Password API works, including how password hashes are sent to the API, please read: https://haveibeenpwned.com/API/v3#PwnedPasswords
Background
This module uses MFlor/pwned to interface with the Password and Breach API.
From a Silverstripe perspective, the module:
- checks for pwned passwords and optionally prohibits (by default) their use via a
PasswordValidatorextension - flags relevant records
- optionally sends digest emails containing volume of pwned passwords
In addition to password checking it can be used to check for breaches, or a count of breaches, linked to a supplied email address. Breach checking requires an API key to be purchased from haveibeenpwned
Configuration
The module comes with a default configuration that should get you up and running.
Read the configuration documentation for configuration instructions
Read the email documentation for information about email and templates
License
Documentation
Maintainers
PD web team
Bugtracker
We welcome bug reports, pull requests and feature requests on the Github Issue tracker for this project.
Please review the code of conduct prior to opening a new issue.
Security
If you have found a security issue with this module, please email digital[@]dpc.nsw.gov.au in the first instance, detailing your findings.
Development and contribution
If you would like to make contributions to the module please ensure you raise a pull request and discuss with the module maintainers.
Please review the code of conduct prior to completing a pull request.