Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/nbaars/pwnedpasswords4j

A Java client for checking a password against pwnedpasswords.com using the `Searching by range` API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
https://github.com/nbaars/pwnedpasswords4j

haveibeenpwned java passwords security-tools spring-boot

Last synced: 6 months ago
JSON representation

A Java client for checking a password against pwnedpasswords.com using the `Searching by range` API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange

Awesome Lists containing this project

README 

          
# Java client for pwnedpasswords.com



[![Build Status](https://travis-ci.org/nbaars/pwnedpasswords4j.svg?branch=master)](https://travis-ci.org/nbaars/pwnedpasswords4j)

[![Maintainability](https://api.codeclimate.com/v1/badges/c9a83bdca79e94f32c59/maintainability)](https://codeclimate.com/github/nbaars/pwnedpasswords4j/maintainability)

[![Quality Gate](https://sonarcloud.io/api/badges/gate?key=com.github.nbaars%3Apwnedpasswords4j-parent)](https://sonarcloud.io/dashboard/index/com.github.nbaars%3Apwnedpasswords4j-parent)

[![Coverage](https://img.shields.io/sonar/https/sonarcloud.io/com.github.nbaars%3Apwnedpasswords4j-parent/coverage.svg)](https://sonarcloud.io/dashboard/index/com.github.nbaars%3Apwnedpasswords4j-parent)



## Introduction



A Java client for checking a password against pwnedpasswords.com using the `Searching by range` API

For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange



__News: Artifacts are available through Maven Central__



## Pure Java client



The artifact `client` can be used in a standalone Java program and does not rely on Spring Boot

To use the checker you need to add the following library to the `pom.xml`:



```



  com.github.nbaars

  pwnedpasswords4j-client

  1.1.0



```



In the code you can check a password as follows:



```

PwnedPasswordChecker checker = PwnedPasswordChecker.standalone("My user agent")

boolean result = checker.check("password");



//OR for non blocking:



CompletableFuture result = checker.asyncCheck("password");

```



The user-agent is necessary to specify as described in the API description at haveibeenpwned.com.



## Spring Boot autoconfigure



For Spring Boot there is an autoconfigure module, to use this use the following dependency inside your project:



```



  com.github.nbaars

  pwnedpasswords4j-spring-boot-starter

  1.0.1



``` 



In the application.properties you should add:



```

pwnedpasswords4j.user_agent=Testing   # Required as described in the documentation of haveibeenpwned.com API

pwnedpasswords4j.url=https://api.pwnedpasswords.com/range/ # Optional

```



Wire up the checker as follows: 



```

 @Autowired

 private PwnedPasswordChecker checker;

 

 ...

 

 public void signup() {

    boolean result = checker.check("password");

    

    //or for non-blocking use:

    

    CompletableFuture result = checker.asyncCheck("password");

 }

 

    

```



As an example see the demo project:



```

@RestController

public class SignupController {



    @Autowired

    private PwnedPasswordChecker checker;



    @PostMapping

    public ResponseEntity> login(@RequestBody Login login) {

        if (checker.check("password")) {

            return ResponseEntity.badRequest().body("Consider changing your password");

        }

        return ResponseEntity.ok().build();

    }

}

```



## Releasing 



This is a manual process for now, make sure the GPG keys are in place



```

mvn clean deploy -Prelease

```



Go to `https://oss.sonatype.org/#stagingRepositories` and search the uploaded bundle, click `Close` wait for 

all the rules to finish and click `Release`.