Merge pull request #12 from wneessen/v1_0_2

v1.0.2
This commit is contained in:
Winni Neessen 2022-05-08 12:49:14 +02:00 committed by GitHub
commit 659a359ea0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 42 additions and 14 deletions

View file

@ -1,15 +1,19 @@
# go-hibp - Simple go client for the HIBP API
# go-hibp - Simple Go binding to the "Have I Been Pwned" API
[![Go Reference](https://pkg.go.dev/badge/github.com/wneessen/go-hibp.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp)
[![GoDoc](https://godoc.org/github.com/wneessen/go-hibp?status.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp)
[![Go Report Card](https://goreportcard.com/badge/github.com/wneessen/go-hibp)](https://goreportcard.com/report/github.com/wneessen/go-hibp)
[![Build Status](https://api.cirrus-ci.com/github/wneessen/go-hibp.svg)](https://cirrus-ci.com/github/wneessen/go-hibp)
[![codecov](https://codecov.io/gh/wneessen/go-hibp/branch/main/graph/badge.svg?token=ST96EC0JHU)](https://codecov.io/gh/wneessen/go-hibp)
<a href="https://ko-fi.com/D1D24V9IX"><img src="https://uploads-ssl.webflow.com/5c14e387dab576fe667689cf/5cbed8a4ae2b88347c06c923_BuyMeACoffee_blue.png" height="20" alt="buy ma a coffee"></a>
This Go package provides an simple to use interface to the excellent
"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt.
This Go library provides simple bindings to the excellent
"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt. It implements all 3 APIs
that are provided by HIBP (Breaches, Pastes, Passwords). API key support for the private API endpoints are
supported as well. go-hibp follows idiomatic Go style and best practice. It's only dependency is the Go Standard
Library.
## Usage
Check out the [GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement
access to the HIBP API with this package. You will also find GoDoc code examples there.
The library is fully documented using the execellent GoDoc functionality. Check out the
[GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement
access to any of the 3 APIs with this package. You will also find GoDoc code examples there for each of those
APIs.

View file

@ -1,4 +1,4 @@
// Package hibp provides Go binding to all 3 APIs of the "Have I been Pwned" by Troy Hunt
// Package hibp provides Go binding to all 3 APIs of the "Have I Been Pwned" by Troy Hunt
package hibp
import (

View file

@ -52,6 +52,9 @@ func (p *PwnedPassApi) CheckSHA1(h string) (*Match, *http.Response, error) {
// apiCall performs the API call to the Pwned Password API endpoint and returns
// the http.Response
func (p *PwnedPassApi) apiCall(h string) ([]Match, *http.Response, error) {
if len(h) < 5 {
return nil, nil, fmt.Errorf("password hash cannot be shorter than 5 characters")
}
sh := h[:5]
hreq, err := p.hibp.HttpReq(http.MethodGet, fmt.Sprintf("https://api.pwnedpasswords.com/range/%s", sh),
nil)

View file

@ -40,17 +40,20 @@ func TestPwnedPasswordHash(t *testing.T) {
testName string
pwHash string
isLeaked bool
shouldFail bool
}{
{"weak password 'test123' is expected to be leaked",
"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true},
"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true, false},
{"strong, unknown password is expected to be not leaked",
"90efc095c82eab44e882fda507cfab1a2cd31fc0", false},
"90efc095c82eab44e882fda507cfab1a2cd31fc0", false, false},
{"empty string should fail",
"", false, true},
}
hc := New()
for _, tc := range testTable {
t.Run(tc.testName, func(t *testing.T) {
m, _, err := hc.PwnedPassApi.CheckSHA1(tc.pwHash)
if err != nil {
if err != nil && !tc.shouldFail {
t.Error(err)
return
}
@ -65,6 +68,24 @@ func TestPwnedPasswordHash(t *testing.T) {
}
}
// TestPwnedPassApi_apiCall tests the non-public apiCall method (especially for failures that are not
// tested by the other tests already)
func TestPwnedPassApi_apiCall(t *testing.T) {
hc := New()
// Should return a 404
_, _, err := hc.PwnedPassApi.apiCall("ZZZZZZZZZZZZZZ")
if err == nil {
t.Errorf("apiCall was supposed to fail, but didn't")
}
// Non allowed characters
_, _, err = hc.PwnedPassApi.apiCall(string([]byte{0}))
if err == nil {
t.Errorf("apiCall was supposed to fail, but didn't")
}
}
// ExamplePwnedPassApi_CheckPassword is a code example to show how to check a given password
// against the HIBP passwords API
func ExamplePwnedPassApi_CheckPassword() {