Skip to content

Commit 659a359

Browse files
author
Winni Neessen
authored
Merge pull request #12 from wneessen/v1_0_2
v1.0.2
2 parents b326983 + 504c711 commit 659a359

4 files changed

Lines changed: 42 additions & 14 deletions

File tree

README.md

Lines changed: 11 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,19 @@
1-
# go-hibp - Simple go client for the HIBP API
1+
# go-hibp - Simple Go binding to the "Have I Been Pwned" API
22

3-
[![Go Reference](https://pkg.go.dev/badge/github.com/wneessen/go-hibp.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp)
3+
[![GoDoc](https://godoc.org/github.com/wneessen/go-hibp?status.svg)](https://pkg.go.dev/github.com/wneessen/go-hibp)
44
[![Go Report Card](https://goreportcard.com/badge/github.com/wneessen/go-hibp)](https://goreportcard.com/report/github.com/wneessen/go-hibp)
55
[![Build Status](https://api.cirrus-ci.com/github/wneessen/go-hibp.svg)](https://cirrus-ci.com/github/wneessen/go-hibp)
66
[![codecov](https://codecov.io/gh/wneessen/go-hibp/branch/main/graph/badge.svg?token=ST96EC0JHU)](https://codecov.io/gh/wneessen/go-hibp)
77
<a href="https://ko-fi.com/D1D24V9IX"><img src="https://uploads-ssl.webflow.com/5c14e387dab576fe667689cf/5cbed8a4ae2b88347c06c923_BuyMeACoffee_blue.png" height="20" alt="buy ma a coffee"></a>
88

9-
This Go package provides an simple to use interface to the excellent
10-
"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt.
11-
9+
This Go library provides simple bindings to the excellent
10+
"[Have I Been Pwned](https://haveibeenpwned.com/API/v3)" (HIBP) API by Troy Hunt. It implements all 3 APIs
11+
that are provided by HIBP (Breaches, Pastes, Passwords). API key support for the private API endpoints are
12+
supported as well. go-hibp follows idiomatic Go style and best practice. It's only dependency is the Go Standard
13+
Library.
1214

1315
## Usage
14-
Check out the [GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement
15-
access to the HIBP API with this package. You will also find GoDoc code examples there.
16+
The library is fully documented using the execellent GoDoc functionality. Check out the
17+
[GoDocs Reference](https://pkg.go.dev/github.com/wneessen/go-hibp) for details on how to implement
18+
access to any of the 3 APIs with this package. You will also find GoDoc code examples there for each of those
19+
APIs.

hibp.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// Package hibp provides Go binding to all 3 APIs of the "Have I been Pwned" by Troy Hunt
1+
// Package hibp provides Go binding to all 3 APIs of the "Have I Been Pwned" by Troy Hunt
22
package hibp
33

44
import (

password.go

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,9 @@ func (p *PwnedPassApi) CheckSHA1(h string) (*Match, *http.Response, error) {
5252
// apiCall performs the API call to the Pwned Password API endpoint and returns
5353
// the http.Response
5454
func (p *PwnedPassApi) apiCall(h string) ([]Match, *http.Response, error) {
55+
if len(h) < 5 {
56+
return nil, nil, fmt.Errorf("password hash cannot be shorter than 5 characters")
57+
}
5558
sh := h[:5]
5659
hreq, err := p.hibp.HttpReq(http.MethodGet, fmt.Sprintf("https://api.pwnedpasswords.com/range/%s", sh),
5760
nil)

password_test.go

Lines changed: 27 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -37,20 +37,23 @@ func TestPwnedPasswordString(t *testing.T) {
3737
// TestPwnedPasswordHash verifies the Pwned Passwords API with the CheckSHA1 method
3838
func TestPwnedPasswordHash(t *testing.T) {
3939
testTable := []struct {
40-
testName string
41-
pwHash string
42-
isLeaked bool
40+
testName string
41+
pwHash string
42+
isLeaked bool
43+
shouldFail bool
4344
}{
4445
{"weak password 'test123' is expected to be leaked",
45-
"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true},
46+
"7288edd0fc3ffcbe93a0cf06e3568e28521687bc", true, false},
4647
{"strong, unknown password is expected to be not leaked",
47-
"90efc095c82eab44e882fda507cfab1a2cd31fc0", false},
48+
"90efc095c82eab44e882fda507cfab1a2cd31fc0", false, false},
49+
{"empty string should fail",
50+
"", false, true},
4851
}
4952
hc := New()
5053
for _, tc := range testTable {
5154
t.Run(tc.testName, func(t *testing.T) {
5255
m, _, err := hc.PwnedPassApi.CheckSHA1(tc.pwHash)
53-
if err != nil {
56+
if err != nil && !tc.shouldFail {
5457
t.Error(err)
5558
return
5659
}
@@ -65,6 +68,24 @@ func TestPwnedPasswordHash(t *testing.T) {
6568
}
6669
}
6770

71+
// TestPwnedPassApi_apiCall tests the non-public apiCall method (especially for failures that are not
72+
// tested by the other tests already)
73+
func TestPwnedPassApi_apiCall(t *testing.T) {
74+
hc := New()
75+
76+
// Should return a 404
77+
_, _, err := hc.PwnedPassApi.apiCall("ZZZZZZZZZZZZZZ")
78+
if err == nil {
79+
t.Errorf("apiCall was supposed to fail, but didn't")
80+
}
81+
82+
// Non allowed characters
83+
_, _, err = hc.PwnedPassApi.apiCall(string([]byte{0}))
84+
if err == nil {
85+
t.Errorf("apiCall was supposed to fail, but didn't")
86+
}
87+
}
88+
6889
// ExamplePwnedPassApi_CheckPassword is a code example to show how to check a given password
6990
// against the HIBP passwords API
7091
func ExamplePwnedPassApi_CheckPassword() {

0 commit comments

Comments
 (0)