plugin-PasswordVerifier/PasswordVerifier.php

<?php
/**
 * Piwik - free/libre analytics platform
 *
 * @link http://piwik.org
 * @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
 */

namespace Piwik\Plugins\PasswordVerifier;

use Piwik\Container\StaticContainer;
use Piwik\Http;
use Piwik\Piwik;
use Piwik\Plugins\BulkTracking\Tracker\Response;
use Piwik\Validators\Exception;
use Psr\Log\LoggerInterface;

class PasswordVerifier extends \Piwik\Plugin
{

    public function registerEvents() {
        return array(
            'UsersManager.checkPassword' => 'verifyPassword'
        );
    }

    public function verifyPassword($password) {
        $hash = strtoupper(sha1($password));
        $prefix = substr($hash, 0, 5);
        $suffix = substr($hash, 5);
        $url = 'https://api.pwnedpasswords.com/range/' . $prefix;


        try {
            $response = Http::sendHttpRequest($url, $timeout = 10);
        } catch (\Exception $e) {
            $logger = StaticContainer::getContainer()->get('Psr\Log\LoggerInterface');
            $logger->warning("Can't reach haveibeenpwned.com");
            $logger->warning($e->getMessage());
            throw new Exception(Piwik::translate("PasswordVerifier_CantReachAPI"));
        }
        $hashes = [];
        if (strpos($response, $suffix) === false) {
            return true;
        }
        foreach (explode("\n", $response) as $hash) {
            $split = explode(":", $hash);
            $hashes[$split[0]] = (int)$split[1];
        }

        if (empty($hashes[$suffix])) {
            return true;
        }
        throw new \Exception(Piwik::translate('PasswordVerifier_PasswordFoundInDb', $hashes[$suffix]));
    }
}
first working version 2018-11-06 14:22:20 +01:00			`<?php`
			`/**`
			`* Piwik - free/libre analytics platform`
			`*`
			`* @link http://piwik.org`
			`* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later`
			`*/`

			`namespace Piwik\Plugins\PasswordVerifier;`

			`use Piwik\Container\StaticContainer;`
			`use Piwik\Http;`
			`use Piwik\Piwik;`
			`use Piwik\Plugins\BulkTracking\Tracker\Response;`
			`use Piwik\Validators\Exception;`
			`use Psr\Log\LoggerInterface;`

			`class PasswordVerifier extends \Piwik\Plugin`
			`{`

			`public function registerEvents() {`
			`return array(`
			`'UsersManager.checkPassword' => 'verifyPassword'`
			`);`
			`}`

			`public function verifyPassword($password) {`
			`$hash = strtoupper(sha1($password));`
			`$prefix = substr($hash, 0, 5);`
			`$suffix = substr($hash, 5);`
			`$url = 'https://api.pwnedpasswords.com/range/' . $prefix;`


			`try {`
			`$response = Http::sendHttpRequest($url, $timeout = 10);`
			`} catch (\Exception $e) {`
			`$logger = StaticContainer::getContainer()->get('Psr\Log\LoggerInterface');`
			`$logger->warning("Can't reach haveibeenpwned.com");`
			`$logger->warning($e->getMessage());`
			`throw new Exception(Piwik::translate("PasswordVerifier_CantReachAPI"));`
			`}`
			`$hashes = [];`
			`if (strpos($response, $suffix) === false) {`
			`return true;`
			`}`
			`foreach (explode("\n", $response) as $hash) {`
			`$split = explode(":", $hash);`
			`$hashes[$split[0]] = (int)$split[1];`
			`}`

			`if (empty($hashes[$suffix])) {`
			`return true;`
			`}`
			`throw new \Exception(Piwik::translate('PasswordVerifier_PasswordFoundInDb', $hashes[$suffix]));`
			`}`
			`}`