MyNixOS website logo
Description

Library for checking for weak/compromised passwords.

This library uses the haveibeenpwned database to check for weak or compromised passwords.

haveibeenpwned

Haskell Hackage Hackage CI Github CI travis-ci BSD3 License

A haskell library for checking passwords against the haveibeenpwned.com database.

By means of this library you can do some basic strength check on new user passwords. Common weak passwords like many plain English words or also many stronger passwords which happen to have been leaked will likely be found in the database and can thus be rejected.

Example

The example below can be built and run using cabal build exe:readme or cabal repl exe:readme.


> {-# LANGUAGE OverloadedStrings #-}
>
> import Control.Monad.IO.Class (liftIO)
> import Control.Monad.Logger (runStdoutLoggingT)
> import Control.Exception (bracket_)
> import Data.Text as T (pack)
> import Network.HTTP.Client (newManager)
> import Network.HTTP.Client.TLS (tlsManagerSettings)
> import System.IO (hFlush, stdout, hGetEcho, stdin, hSetEcho)
>
> import HaveIBeenPwned
>
> -- | A really simple demo of the hibp functionality. Asks the user to enter
> -- a password and then uses the hibp api to check whether that password has
> -- been pwned.
> consoleHaveIBeenPwned :: IO ()
> consoleHaveIBeenPwned = do
>   runStdoutLoggingT $ do
>     mgr <- liftIO $ newManager tlsManagerSettings
>     p <- liftIO $ getPassword
>     let hibpEnv = HaveIBeenPwnedConfig mgr "https://api.pwnedpasswords.com/range"
>     p' <- flip runPwnedT hibpEnv $ haveIBeenPwned $ T.pack p
>     liftIO $ case p' of
>       HaveIBeenPwnedResult_Secure ->
>         putStrLn "Your password does not appear in any known breaches.  Practice good password hygene."
>       HaveIBeenPwnedResult_Pwned p'' ->
>         putStrLn $ "You have been pwned! Your password has appeared in breaches " ++ show p'' ++ " times."
>       HaveIBeenPwnedResult_Error ->
>         putStrLn "Network Error, try again later"
>
> getPassword :: IO String
> getPassword = do
>   putStr "Password: "
>   hFlush stdout
>   password <- withEcho False getLine
>   putChar '\n'
>   return password
>
> withEcho :: Bool -> IO a -> IO a
> withEcho echo action = do
>   old <- hGetEcho stdin
>   bracket_ (hSetEcho stdin echo) (hSetEcho stdin old) action
>
> main :: IO ()
> main = consoleHaveIBeenPwned

Metadata

Version

0.2.0.1

Maintainers (1)

Platforms (75)

    Darwin
    FreeBSD
    Genode
    GHCJS
    Linux
    MMIXware
    NetBSD
    none
    OpenBSD
    Redox
    Solaris
    WASI
    Windows
Show all
  • aarch64-darwin
  • aarch64-genode
  • aarch64-linux
  • aarch64-netbsd
  • aarch64-none
  • aarch64_be-none
  • arm-none
  • armv5tel-linux
  • armv6l-linux
  • armv6l-netbsd
  • armv6l-none
  • armv7a-darwin
  • armv7a-linux
  • armv7a-netbsd
  • armv7l-linux
  • armv7l-netbsd
  • avr-none
  • i686-cygwin
  • i686-darwin
  • i686-freebsd
  • i686-genode
  • i686-linux
  • i686-netbsd
  • i686-none
  • i686-openbsd
  • i686-windows
  • javascript-ghcjs
  • loongarch64-linux
  • m68k-linux
  • m68k-netbsd
  • m68k-none
  • microblaze-linux
  • microblaze-none
  • microblazeel-linux
  • microblazeel-none
  • mips-linux
  • mips-none
  • mips64-linux
  • mips64-none
  • mips64el-linux
  • mipsel-linux
  • mipsel-netbsd
  • mmix-mmixware
  • msp430-none
  • or1k-none
  • powerpc-netbsd
  • powerpc-none
  • powerpc64-linux
  • powerpc64le-linux
  • powerpcle-none
  • riscv32-linux
  • riscv32-netbsd
  • riscv32-none
  • riscv64-linux
  • riscv64-netbsd
  • riscv64-none
  • rx-none
  • s390-linux
  • s390-none
  • s390x-linux
  • s390x-none
  • vc4-none
  • wasm32-wasi
  • wasm64-wasi
  • x86_64-cygwin
  • x86_64-darwin
  • x86_64-freebsd
  • x86_64-genode
  • x86_64-linux
  • x86_64-netbsd
  • x86_64-none
  • x86_64-openbsd
  • x86_64-redox
  • x86_64-solaris
  • x86_64-windows