add haveibeenpwned password check

author: gumi <git@gumi.ca> 2018-11-11 16:02:05 -0500
committer: gumi <git@gumi.ca> 2018-11-11 16:02:05 -0500
commit: 7f3f119aefedce748de125124999e8106f600e92 (patch)
tree: 5b2a736ca88292220d9f3d7394bb60ce65dc50f0 /src
parent: cae9e1bc617f78d656ad4814c230b8cc6db37d15 (diff)
download: landing-7f3f119aefedce748de125124999e8106f600e92.tar.gz
landing-7f3f119aefedce748de125124999e8106f600e92.tar.bz2
landing-7f3f119aefedce748de125124999e8106f600e92.tar.xz
landing-7f3f119aefedce748de125124999e8106f600e92.zip
1 files changed, 44 insertions, 0 deletions
diff --git a/src/register.html b/src/register.html
index 32b65bc..e5b1baf 100644
--- a/src/register.html
+++ b/src/register.html
@@ -234,6 +234,49 @@
                 validateInput(event.target);
             });
 
+            nodes.pwd.addEventListener("change", e => {
+                if (e.isTrusted && nodes.form.querySelector("input") && Reflect.has(window, "Rusha") && nodes.pwd.checkValidity()) {
+                    const full_hash = Rusha.createHash().update(nodes.pwd.value).digest("hex");
+                    const hash_prefix = full_hash.substring(0, 5);
+                    const hash_suffix = full_hash.substring(5);
+
+                    const req = new Request(`https://api.pwnedpasswords.com/range/${hash_prefix}`, {
+                        method: "GET",
+                        mode: "cors",
+                        cache: "force-cache",
+                        referrer: "no-referrer",
+                    });
+
+                    fetch(req)
+                    .then(response => response.text())
+                    .then(response => {
+                        const found = response.split("\n").some(h => {
+                            const [hs, times] = h.split(":");
+
+                            if (hash_suffix.toUpperCase() === hs.toUpperCase()) {
+                                return true;
+                            }
+
+                            return false;
+                        });
+
+                        if (found === true) {
+                            nodes.form.classList.add("error");
+                            nodes.status.innerText = "WARNING: This password has previously appeared in a data breach. Please use a more secure alternative.\n>> checked by haveibeenpwned.com\n\n";
+                            nodes.status.style.display = "block"; // <= MS Edge bug
+                            nodes.pwd.focus();
+                            nodes.pwd.classList.add("invalid");
+                        } else {
+                            nodes.form.classList.remove("error");
+                            nodes.status.style.display = "none";
+                        }
+                    })
+                    .catch(error => {
+                        // we don't really have any reason to catch that one
+                    });
+                }
+            });
+
             nodes.form.addEventListener("submit", e => {
                 e.preventDefault();
                 e.stopPropagation();
@@ -322,5 +365,6 @@
             }
         </script>
         <script src="https://www.google.com/recaptcha/api.js?onload=ReInit" async defer></script>
+        <script src="/rusha.min.js"></script>
     </body>
 </html>
author	gumi <git@gumi.ca>	2018-11-11 16:02:05 -0500
committer	gumi <git@gumi.ca>	2018-11-11 16:02:05 -0500
commit	7f3f119aefedce748de125124999e8106f600e92 (patch)
tree	5b2a736ca88292220d9f3d7394bb60ce65dc50f0 /src
parent	cae9e1bc617f78d656ad4814c230b8cc6db37d15 (diff)
download	landing-7f3f119aefedce748de125124999e8106f600e92.tar.gz landing-7f3f119aefedce748de125124999e8106f600e92.tar.bz2 landing-7f3f119aefedce748de125124999e8106f600e92.tar.xz landing-7f3f119aefedce748de125124999e8106f600e92.zip