-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathPasswordVerifier.php
More file actions
56 lines (48 loc) · 1.62 KB
/
PasswordVerifier.php
File metadata and controls
56 lines (48 loc) · 1.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<?php
/**
* Piwik - free/libre analytics platform
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*/
namespace Piwik\Plugins\PasswordVerifier;
use Piwik\Container\StaticContainer;
use Piwik\Http;
use Piwik\Piwik;
use Piwik\Plugins\BulkTracking\Tracker\Response;
use Piwik\Validators\Exception;
use Psr\Log\LoggerInterface;
class PasswordVerifier extends \Piwik\Plugin
{
public function registerEvents() {
return array(
'UsersManager.checkPassword' => 'verifyPassword'
);
}
public function verifyPassword($password) {
$hash = strtoupper(sha1($password));
$prefix = substr($hash, 0, 5);
$suffix = substr($hash, 5);
$url = 'https://api.pwnedpasswords.com/range/' . $prefix;
try {
$response = Http::sendHttpRequest($url, $timeout = 10);
} catch (\Exception $e) {
$logger = StaticContainer::getContainer()->get('Psr\Log\LoggerInterface');
$logger->warning("Can't reach haveibeenpwned.com");
$logger->warning($e->getMessage());
throw new Exception(Piwik::translate("PasswordVerifier_CantReachAPI"));
}
$hashes = [];
if (strpos($response, $suffix) === false) {
return true;
}
foreach (explode("\n", $response) as $hash) {
$split = explode(":", $hash);
$hashes[$split[0]] = (int)$split[1];
}
if (empty($hashes[$suffix])) {
return true;
}
throw new \Exception(Piwik::translate('PasswordVerifier_PasswordFoundInDb', $hashes[$suffix]));
}
}