mirror of
https://github.com/Findus23/plugin-PasswordVerifier.git
synced 2024-09-11 06:43:46 +02:00
first working version
This commit is contained in:
commit
6904451ef2
8 changed files with 114 additions and 0 deletions
5
CHANGELOG.md
Normal file
5
CHANGELOG.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
## Changelog
|
||||
|
||||
#### 0.1.0
|
||||
|
||||
first working version
|
56
PasswordVerifier.php
Normal file
56
PasswordVerifier.php
Normal file
|
@ -0,0 +1,56 @@
|
|||
<?php
|
||||
/**
|
||||
* Piwik - free/libre analytics platform
|
||||
*
|
||||
* @link http://piwik.org
|
||||
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
|
||||
*/
|
||||
|
||||
namespace Piwik\Plugins\PasswordVerifier;
|
||||
|
||||
use Piwik\Container\StaticContainer;
|
||||
use Piwik\Http;
|
||||
use Piwik\Piwik;
|
||||
use Piwik\Plugins\BulkTracking\Tracker\Response;
|
||||
use Piwik\Validators\Exception;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
||||
class PasswordVerifier extends \Piwik\Plugin
|
||||
{
|
||||
|
||||
public function registerEvents() {
|
||||
return array(
|
||||
'UsersManager.checkPassword' => 'verifyPassword'
|
||||
);
|
||||
}
|
||||
|
||||
public function verifyPassword($password) {
|
||||
$hash = strtoupper(sha1($password));
|
||||
$prefix = substr($hash, 0, 5);
|
||||
$suffix = substr($hash, 5);
|
||||
$url = 'https://api.pwnedpasswords.com/range/' . $prefix;
|
||||
|
||||
|
||||
try {
|
||||
$response = Http::sendHttpRequest($url, $timeout = 10);
|
||||
} catch (\Exception $e) {
|
||||
$logger = StaticContainer::getContainer()->get('Psr\Log\LoggerInterface');
|
||||
$logger->warning("Can't reach haveibeenpwned.com");
|
||||
$logger->warning($e->getMessage());
|
||||
throw new Exception(Piwik::translate("PasswordVerifier_CantReachAPI"));
|
||||
}
|
||||
$hashes = [];
|
||||
if (strpos($response, $suffix) === false) {
|
||||
return true;
|
||||
}
|
||||
foreach (explode("\n", $response) as $hash) {
|
||||
$split = explode(":", $hash);
|
||||
$hashes[$split[0]] = (int)$split[1];
|
||||
}
|
||||
|
||||
if (empty($hashes[$suffix])) {
|
||||
return true;
|
||||
}
|
||||
throw new \Exception(Piwik::translate('PasswordVerifier_PasswordFoundInDb', $hashes[$suffix]));
|
||||
}
|
||||
}
|
7
README.md
Normal file
7
README.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Matomo PasswordVerifier Plugin
|
||||
|
||||
## Description
|
||||
|
||||
This plugin sends the first 5 characters of the SHA1 hash of the password to the [haveibeenpwned.com database](https://haveibeenpwned.com/Passwords) of over 500 million passwords exposed in data breaches. If the password is found, Matomo rejects it and asks the user to use a more secure password.
|
||||
|
||||
This plugin only acts on passwords changes and can't access existing passwords as they are stored securely hashed by Matomo.
|
5
docs/faq.md
Normal file
5
docs/faq.md
Normal file
|
@ -0,0 +1,5 @@
|
|||
## FAQ
|
||||
|
||||
__This plugin is rejecting too many passwords. Can I set a threshold of occurances required to reject a password?__
|
||||
|
||||
Not yet, but it would be very easy to add. If you are interested, just contact me.
|
6
lang/de.json
Normal file
6
lang/de.json
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"PasswordVerifier": {
|
||||
"PasswordFoundInDb": "Das gewählte Passwort kommt %1$s Mal in der haveibeenpwned.com Datenbank vor. Bitte wählen Sie ein sicheres Passwort.",
|
||||
"CantReachAPI": "haveibeenpwned.com ist nicht erreichbar. Bitte überprüfen Sie das Matomo Log für mehr Informationen."
|
||||
}
|
||||
}
|
6
lang/en.json
Normal file
6
lang/en.json
Normal file
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
"PasswordVerifier": {
|
||||
"PasswordFoundInDb": "Your password occurs %1$s times in the haveibeenpwned.com database. Please choose a secure password",
|
||||
"CantReachAPI": "Can't reach haveibeenpwned.com to verify the password. Please check the Matomo log for more information"
|
||||
}
|
||||
}
|
29
plugin.json
Normal file
29
plugin.json
Normal file
|
@ -0,0 +1,29 @@
|
|||
{
|
||||
"name": "PasswordVerifier",
|
||||
"description": "Reject insecure passwords by searching for their hash in the haveibeenpwned.com database",
|
||||
"version": "0.1.0",
|
||||
"theme": false,
|
||||
"require": {
|
||||
"piwik": ">=3.6.1,<4.0.0-b1"
|
||||
},
|
||||
"authors": [
|
||||
{
|
||||
"name": "Lukas Winkler",
|
||||
"email": "lukas@matomo.org",
|
||||
"homepage": "https://lw1.at"
|
||||
}
|
||||
],
|
||||
"support": {
|
||||
"email": "lukas@matomo.org",
|
||||
"issues": "https://github.com/Findus23/plugin-PasswordVerifier/issues",
|
||||
"forum": "https://forum.matomo.org",
|
||||
"source": "https://github.com/Findus23/plugin-PasswordVerifier"
|
||||
},
|
||||
"homepage": "https://lw1.at",
|
||||
"license": "GPL v3+",
|
||||
"keywords": [
|
||||
"security",
|
||||
"passwords",
|
||||
"haveibeenpwned"
|
||||
]
|
||||
}
|
0
screenshots/.gitkeep
Normal file
0
screenshots/.gitkeep
Normal file
Loading…
Reference in a new issue