From a1a3e717b2e0581de3be3640edcef2e54218e357 Mon Sep 17 00:00:00 2001 From: FireMaskterK <20838718+FireMasterK@users.noreply.github.com> Date: Mon, 4 Oct 2021 19:57:56 +0100 Subject: [PATCH] Add option to disable HIBP password check. Usage of this option is discouraged for password security reason. --- config.properties | 3 +++ src/main/java/me/kavin/piped/consts/Constants.java | 3 +++ src/main/java/me/kavin/piped/utils/ResponseHelper.java | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/config.properties b/config.properties index dacbc89..39bd40a 100644 --- a/config.properties +++ b/config.properties @@ -20,6 +20,9 @@ API_URL: https://pipedapi.kavin.rocks # Public Frontend URL FRONTEND_URL: https://piped.kavin.rocks +# Enable haveibeenpwned compromised password API +COMPROMISED_PASSWORD_CHECK: true + # Hibernate properties hibernate.connection.url: jdbc:postgresql://postgres:5432/piped hibernate.connection.driver_class: org.postgresql.Driver diff --git a/src/main/java/me/kavin/piped/consts/Constants.java b/src/main/java/me/kavin/piped/consts/Constants.java index ca4e2bb..acaf9ff 100644 --- a/src/main/java/me/kavin/piped/consts/Constants.java +++ b/src/main/java/me/kavin/piped/consts/Constants.java @@ -41,6 +41,8 @@ public class Constants { public static final HttpClient h2client; public static final HttpClient h2_no_redir_client; + public static final boolean COMPROMISED_PASSWORD_CHECK; + public static final ObjectMapper mapper = new ObjectMapper().addMixIn(Page.class, PageMixin.class); public static final Object2ObjectOpenHashMap hibernateProperties = new Object2ObjectOpenHashMap<>(); @@ -59,6 +61,7 @@ public class Constants { PUBLIC_URL = prop.getProperty("API_URL"); HTTP_PROXY = prop.getProperty("HTTP_PROXY"); FRONTEND_URL = prop.getProperty("FRONTEND_URL", "https://pipedapi.kavin.rocks"); + COMPROMISED_PASSWORD_CHECK = Boolean.parseBoolean(prop.getProperty("COMPROMISED_PASSWORD_CHECK", "true")); prop.forEach((_key, _value) -> { String key = String.valueOf(_key), value = String.valueOf(_value); if (key.startsWith("hibernate")) diff --git a/src/main/java/me/kavin/piped/utils/ResponseHelper.java b/src/main/java/me/kavin/piped/utils/ResponseHelper.java index ade8ea7..c4a45fb 100644 --- a/src/main/java/me/kavin/piped/utils/ResponseHelper.java +++ b/src/main/java/me/kavin/piped/utils/ResponseHelper.java @@ -536,7 +536,7 @@ public class ResponseHelper { return Constants.mapper.writeValueAsBytes(new AlreadyRegisteredResponse()); } - { + if (Constants.COMPROMISED_PASSWORD_CHECK) { String sha1Hash = DigestUtils.sha1Hex(pass).toUpperCase(); String prefix = sha1Hash.substring(0, 5); String suffix = sha1Hash.substring(5);