JarCasting
JarCasting JarCasting

Demo project for Spring Boot pwned password checker

Spring Boot autoconfiguration for easy checking passwords against the pwdpassword service of Troy Hunt

License

License
GroupId

GroupId

com.github.nbaars
ArtifactId

ArtifactId

pwnedpasswords4j-demo
Last Version

Last Version

1.1.0
Release Date

Release Date
Type

Type

jar
Description

Description

Demo project for Spring Boot pwned password checker
Spring Boot autoconfiguration for easy checking passwords against the pwdpassword service of Troy Hunt

Download pwnedpasswords4j-demo

Filename Size
pwnedpasswords4j-demo-1.1.0.pom
pwnedpasswords4j-demo-1.1.0.jar 4 KB
pwnedpasswords4j-demo-1.1.0-sources.jar 2 KB
pwnedpasswords4j-demo-1.1.0-javadoc.jar 22 KB
Browse

How to add to project

<!-- https://jarcasting.com/artifacts/com.github.nbaars/pwnedpasswords4j-demo/ -->
<dependency>
    <groupId>com.github.nbaars</groupId>
    <artifactId>pwnedpasswords4j-demo</artifactId>
    <version>1.1.0</version>
</dependency>
// https://jarcasting.com/artifacts/com.github.nbaars/pwnedpasswords4j-demo/
implementation 'com.github.nbaars:pwnedpasswords4j-demo:1.1.0'
// https://jarcasting.com/artifacts/com.github.nbaars/pwnedpasswords4j-demo/
implementation ("com.github.nbaars:pwnedpasswords4j-demo:1.1.0")
'com.github.nbaars:pwnedpasswords4j-demo:jar:1.1.0'
<dependency org="com.github.nbaars" name="pwnedpasswords4j-demo" rev="1.1.0">
  <artifact name="pwnedpasswords4j-demo" type="jar" />
</dependency>
@Grapes(
@Grab(group='com.github.nbaars', module='pwnedpasswords4j-demo', version='1.1.0')
)
libraryDependencies += "com.github.nbaars" % "pwnedpasswords4j-demo" % "1.1.0"
[com.github.nbaars/pwnedpasswords4j-demo "1.1.0"]

Dependencies

compile (7)

Group / Artifact Type Version
com.github.nbaars : pwnedpasswords4j-spring-boot-starter jar 1.1.0
org.springframework.boot : spring-boot-autoconfigure jar
org.springframework.boot : spring-boot-starter-web jar
org.springframework.boot : spring-boot-starter-test jar
org.springframework.boot : spring-boot-configuration-processor Optional jar
junit : junit jar
org.mockito : mockito-core jar

Project Modules

There are no modules declared in this project.

Java client for pwnedpasswords.com

Build Status Maintainability Quality Gate Coverage

Introduction

A Java client for checking a password against pwnedpasswords.com using the Searching by range API For more details see: https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange

News: Artifacts are available through Maven Central

Pure Java client

The artifact client can be used in a standalone Java program and does not rely on Spring Boot To use the checker you need to add the following library to the pom.xml:

<dependency>
  <groupId>com.github.nbaars</groupId>
  <artifactId>pwnedpasswords4j-client</artifactId>
  <version>1.1.0</version>
</dependency>

In the code you can check a password as follows:

PwnedPasswordChecker checker = PwnedPasswordChecker.standalone("My user agent")
boolean result = checker.check("password");

//OR for non blocking:

CompletableFuture<Boolean> result = checker.asyncCheck("password");

The user-agent is necessary to specify as described in the API description at haveibeenpwned.com.

Spring Boot autoconfigure

For Spring Boot there is an autoconfigure module, to use this use the following dependency inside your project:

<dependency>
  <groupId>com.github.nbaars</groupId>
  <artifactId>pwnedpasswords4j-spring-boot-starter</artifactId>
  <version>1.0.1</version>
</dependency>

In the application.properties you should add:

pwnedpasswords4j.user_agent=Testing   # Required as described in the documentation of haveibeenpwned.com API
pwnedpasswords4j.url=https://api.pwnedpasswords.com/range/ # Optional

Wire up the checker as follows:

 @Autowired
 private PwnedPasswordChecker checker;
 
 ...
 
 public void signup() {
    boolean result = checker.check("password");
    
    //or for non-blocking use:
    
    CompletableFuture<Boolean> result = checker.asyncCheck("password");
 }

As an example see the demo project:

@RestController
public class SignupController {

    @Autowired
    private PwnedPasswordChecker checker;

    @PostMapping
    public ResponseEntity<?> login(@RequestBody Login login) {
        if (checker.check("password")) {
            return ResponseEntity.badRequest().body("Consider changing your password");
        }
        return ResponseEntity.ok().build();
    }
}

Releasing

This is a manual process for now, make sure the GPG keys are in place

mvn clean deploy -Prelease

Go to https://oss.sonatype.org/#stagingRepositories and search the uploaded bundle, click Close wait for all the rules to finish and click Release.

Versions

Version
1.1.0