wicket-pwnedpasswords-validator

A validator for Apache Wicket that checks if a given password has been pwned. The validator uses the free API of https://haveibeenpwned.com/ by @troyhunt to validate that the password has not been previously exposed in data breaches.

Usage

1. Include maven dependency in your pom.xml

<dependency>
  <groupId>de.martinspielmann.wicket</groupId>
  <artifactId>wicket-pwnedpasswords-validator</artifactId>
  <version>4.0.1</version>
</dependency>

2. Add PwnedPasswordsValidator to your PasswordTextField

// just your every day registration form...
Form form = new Form("form");
add(form);
f.add(new FeedbackPanel("feedback"));
PasswordTextField password = new PasswordTextField("password", new Model<>(""));
form.add(password);

// and here it is:
password.add(new PwnedPasswordsValidator("YOUR-HIBP-API-KEY"));

Prerequisites

• Maven (or download jar from Releases)
• Wicket 6, 7, 8

Development

git clone https://github.com/pingunaut/wicket-pwnedpasswords-validator.git
cd wicket-pwnedpasswords-validator
mvn test

Built With

• Maven

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

• Martin Spielmann - Initial work - pingunaut

See also the list of contributors who participated in this project.

License

This project is licensed under The Apache Software License, Version 2.0 - see the LICENSE.md file for details