Roundup Tracker - Issues

Issue 2551171

classification
Add support for have I been powned password checking/email address
Type: security Severity: normal
Components: Web interface Versions:
process
Status: new
:
: : rouilj
Priority: : Effort-Low, StarterTicket

Created on 2021-11-24 22:36 by rouilj, last changed 2021-11-24 22:36 by rouilj.

Messages
msg7371 Author: [hidden] (rouilj) Date: 2021-11-24 22:36
Somebody asked if Roundup supported Have I been Powned (https://haveibeenpwned.com/)
using the password API:

  https://haveibeenpwned.com/API/v3

It doesn't but along the lines of https://wiki.roundup-tracker.org/TestPasswordComplexity
a similar mechanism can use:

 https://pypi.org/project/pyhibp/

to get a password check.

Also adding support for specifying an API key (https://haveibeenpwned.com/API/Key) in:

  detectors/config.ini

for the tracker allows use of checks for the email address(es) of the user that can be
done in a detector.
History
Date User Action Args
2021-11-24 22:36:58rouiljcreate