Merge pull request #12 from wneessen/v1_0_2

v1.0.2
2024-09-17 17:12:47 +02:00 · 2022-05-08 12:49:14 +02:00 · 2022-05-08 12:49:14 +02:00 · 659a359ea0
commit 659a359ea0
parent b326983899 504c711df2
4 changed files with 42 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -1,15 +1,19 @@
-# go-hibp - Simple go client for the HIBP API
+# go-hibp - Simple Go binding to the "Have I Been Pwned" API

-[![Go Reference](https://pkg.go.dev/badge/github.com/wneessen/go-hibp.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp) 
+[![GoDoc](https://godoc.org/github.com/wneessen/go-hibp?status.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp) 
 [![Go Report Card](https://goreportcard.com/badge/github.com/wneessen/go-hibp)](https://goreportcard.com/report/github.com/wneessen/go-hibp) 
 [![Build Status](https://api.cirrus-ci.com/github/wneessen/go-hibp.svg)](https://cirrus-ci.com/github/wneessen/go-hibp)
 [![codecov](https://codecov.io/gh/wneessen/go-hibp/branch/main/graph/badge.svg?token=ST96EC0JHU)](https://codecov.io/gh/wneessen/go-hibp)
 <a href="https://ko-fi.com/D1D24V9IX"><img src="https://uploads-ssl.webflow.com/5c14e387dab576fe667689cf/5cbed8a4ae2b88347c06c923_BuyMeACoffee_blue.png" height="20" alt="buy ma a coffee"></a>

-This Go package provides an simple to use interface to the excellent 
-"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt.
-
+This Go library provides simple bindings to the excellent 
+"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt. It implements all 3 APIs
+that are provided by HIBP (Breaches, Pastes, Passwords). API key support for the private API endpoints are 
+supported as well. go-hibp follows idiomatic Go style and best practice. It's only dependency is the Go Standard 
+Library. 

 ## Usage
-Check out the [GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement 
-access to the HIBP API with this package. You will also find GoDoc code examples there.
+The library is fully documented using the execellent GoDoc functionality. Check out the
+[GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement 
+access to any of the 3 APIs with this package. You will also find GoDoc code examples there for each of those
+APIs.
--- a/hibp.go
+++ b/hibp.go
@ -1,4 +1,4 @@
-// Package hibp provides Go binding to all 3 APIs of the "Have I been Pwned" by Troy Hunt
+// Package hibp provides Go binding to all 3 APIs of the "Have I Been Pwned" by Troy Hunt
 package hibp

 import (
--- a/password.go
+++ b/password.go
@ -52,6 +52,9 @@ func (p *PwnedPassApi) CheckSHA1(h string) (*Match, *http.Response, error) {
 // apiCall performs the API call to the Pwned Password API endpoint and returns
 // the http.Response
 func (p *PwnedPassApi) apiCall(h string) ([]Match, *http.Response, error) {
+	if len(h) < 5 {
+		return nil, nil, fmt.Errorf("password hash cannot be shorter than 5 characters")
+	}
 	sh := h[:5]
 	hreq, err := p.hibp.HttpReq(http.MethodGet, fmt.Sprintf("https://api.pwnedpasswords.com/range/%s", sh),
 		nil)
--- a/password_test.go
+++ b/password_test.go
@ -37,20 +37,23 @@ func TestPwnedPasswordString(t *testing.T) {
 // TestPwnedPasswordHash verifies the Pwned Passwords API with the CheckSHA1 method
 func TestPwnedPasswordHash(t *testing.T) {
 	testTable := []struct {
-		testName string
-		pwHash   string
-		isLeaked bool
+		testName   string
+		pwHash     string
+		isLeaked   bool
+		shouldFail bool
 	}{
 		{"weak password 'test123' is expected to be leaked",
-			"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true},
+			"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true, false},
 		{"strong, unknown password is expected to be not leaked",
-			"90efc095c82eab44e882fda507cfab1a2cd31fc0", false},
+			"90efc095c82eab44e882fda507cfab1a2cd31fc0", false, false},
+		{"empty string should fail",
+			"", false, true},
 	}
 	hc := New()
 	for _, tc := range testTable {
 		t.Run(tc.testName, func(t *testing.T) {
 			m, _, err := hc.PwnedPassApi.CheckSHA1(tc.pwHash)
-			if err != nil {
+			if err != nil && !tc.shouldFail {
 				t.Error(err)
 				return
 			}
@ -65,6 +68,24 @@ func TestPwnedPasswordHash(t *testing.T) {
 	}
 }

+// TestPwnedPassApi_apiCall tests the non-public apiCall method (especially for failures that are not
+// tested by the other tests already)
+func TestPwnedPassApi_apiCall(t *testing.T) {
+	hc := New()
+
+	// Should return a 404
+	_, _, err := hc.PwnedPassApi.apiCall("ZZZZZZZZZZZZZZ")
+	if err == nil {
+		t.Errorf("apiCall was supposed to fail, but didn't")
+	}
+
+	// Non allowed characters
+	_, _, err = hc.PwnedPassApi.apiCall(string([]byte{0}))
+	if err == nil {
+		t.Errorf("apiCall was supposed to fail, but didn't")
+	}
+}
+
 // ExamplePwnedPassApi_CheckPassword is a code example to show how to check a given password
 // against the HIBP passwords API
 func ExamplePwnedPassApi_CheckPassword() {