1.0.3 • Published 6 years ago

ng-haveibeenpwned v1.0.3

Weekly downloads
7
License
MIT
Repository
github
Last release
6 years ago

Package Moved

This version of the pakage is no longer suppoted. Please head to the new package to get the latest changes. Apologies for any inconveniences.

ng-haveibeenpwned

A collection of tools that leverage the Have I Been Pwned API V2.

Installation

Install the npm package.

npm install ng-haveibeenpwned --save

Import the HIBPService and HIBPValidator into your app.module.ts.

import { BrowserModule } from '@angular/platform-browser';
import { NgModule } from '@angular/core';
import { HttpClientModule } from '@angular/common/http';
import { ReactiveFormsModule } from '@angular/forms';

import { AppComponent } from './app.component';

// HIBP Library
import { HIBPService, HIBPValidator } from 'ng-haveibeenpwned';

@NgModule({
    declarations: [
        AppComponent
    ],
    imports: [
        BrowserModule,
        HttpClientModule,
        ReactiveFormsModule
    ],
    providers: [
        HIBPService,
        HIBPValidator
    ],
    bootstrap: [AppComponent]
})
export class AppModule { }

Usage

Import the HIBPService and HIBPValidator into your component and inject them into the constructor.

import { Component, OnInit } from '@angular/core';
import { AbstractControl, FormBuilder, FormControl, FormGroup, Validators } from '@angular/forms';
// HIBP Library
import { HIBPService, HIBPValidator } from 'ng-haveibeenpwned';

@Component({
    selector: 'hibp-root',
    templateUrl: './app.component.html',
    styleUrls: ['./app.component.scss']
})
export class AppComponent implements OnInit {

    ...

    constructor(
        private hibpService: HIBPService,
        private hibpValidator: HIBPValidator,
        private fb: FormBuilder
    ) { }

   ...

Validators

The HIBPValidator currently has three validators:

  • checkPassword: Test the password against the HIBP API using the non-anonymous pwnedpassword API. Returns the number of breaches the password has been pwned in in the numBreaches validator response.

  • checkPasswordAnon: Test the password using the anonymous pwnedRange API. In this API, the password is SHA1 hashed and the first five characters are sent to the API. The API responws with the hash-suffixes what have the same hash-prefix, along with the number of breaches the has appeared in. The prefix is then joined with each of the suffixes and compared with the original password hash. TL;DR the full password is never sent to the API, protecting your anonymity.

  • matchPasswordValidator: A form validator that compares two passwords submitted in the password and confirmPassword form fields.

// Password minimum length
passwordminLength = 10;

this.registrationForm = this.fb.group(
    {
        email: ['', Validators.required],
        password: ['', [
            Validators.required,
            Validators.minLength(this.passwordminLength)],
            this.hibpValidator.checkPasswordAnon.bind(this.hibpValidator)],
        confirmPassword: ['', Validators.required]
    }, { validator: this.hibpValidator.matchPasswordValidator });

Service

The HIBP service supports each of the API endpoints offered by the HIBP V2 API. The services return an observable, so they can be used like this:

this.hibpService.pwnedPassword('Password01')
    .subscribe((numBreaches: number) => {
        // Return the number of breaches containing the password
        console.log('This password has appeared in ' + numBreaches + ' breaches.');
    });
angularhaveibeenpwnedsecuritypassword
sha1tslib
@infinitebrahmanuniverse/nolb-ng-h@everything-registry/sub-chunk-2273@zalastax/nolb-ng-h
1.0.3

6 years ago

1.0.2

6 years ago

1.0.1

6 years ago

1.0.0

6 years ago

0.0.1

6 years ago