Upstream/bitwarden-browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser.git synced 2024-11-23 11:56:00 +01:00
Code Issues Projects Releases Wiki Activity

use getHibpBreach proxy

Browse Source
This commit is contained in:
Kyle Spearrin 2019-01-17 10:46:24 -05:00
parent cbcf0adad5
commit 7cd8b63b94
3 changed files with 20 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/abstractions/api.service.ts
View File

@ -52,6 +52,7 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove
import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';
import { BillingResponse } from '../models/response/billingResponse';
import { BreachAccountResponse } from '../models/response/breachAccountResponse';
import { CipherResponse } from '../models/response/cipherResponse';
import {
CollectionGroupDetailsResponse,
@ -247,6 +248,8 @@ export abstract class ApiService {
getUserPublicKey: (id: string) => Promise<UserKeyResponse>;
getHibpBreach: (username: string) => Promise<BreachAccountResponse[]>;
getActiveBearerToken: () => Promise<string>;
fetch: (request: Request) => Promise<Response>;
}

8
src/services/api.service.ts
View File

@ -58,6 +58,7 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove
import { VerifyEmailRequest } from '../models/request/verifyEmailRequest';
import { BillingResponse } from '../models/response/billingResponse';
import { BreachAccountResponse } from '../models/response/breachAccountResponse';
import { CipherResponse } from '../models/response/cipherResponse';
import {
CollectionGroupDetailsResponse,
@ -818,6 +819,13 @@ export class ApiService implements ApiServiceAbstraction {
return new UserKeyResponse(r);
}
// HIBP APIs
async getHibpBreach(username: string): Promise<BreachAccountResponse[]> {
const r = await this.send('GET', '/hibp/breach?username=' + username, null, true, true);
return r.map((a: any) => new BreachAccountResponse(a));
}
// Helpers
async getActiveBearerToken(): Promise<string> {

17
src/services/audit.service.ts
View File

@ -5,9 +5,9 @@ import { CryptoFunctionService } from '../abstractions/cryptoFunction.service';
import { Utils } from '../misc/utils';
import { BreachAccountResponse } from '../models/response/breachAccountResponse';
import { ErrorResponse } from '../models/response/errorResponse';
const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/';
const HibpBreachApi = 'https://haveibeenpwned.com/api/v2/breachedaccount/';
export class AuditService implements AuditServiceAbstraction {
constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { }
@ -18,7 +18,7 @@ export class AuditService implements AuditServiceAbstraction {
const hashStart = hash.substr(0, 5);
const hashEnding = hash.substr(5);
const response = await fetch(new Request(PwnedPasswordsApi + hashStart));
const response = await fetch(PwnedPasswordsApi + hashStart);
const leakedHashes = await response.text();
const match = leakedHashes.split(/\r?\n/).find((v) => {
return v.split(':')[0] === hashEnding;
@ -28,13 +28,14 @@ export class AuditService implements AuditServiceAbstraction {
}
async breachedAccounts(username: string): Promise<BreachAccountResponse[]> {
const response = await fetch(new Request(HibpBreachApi + username));
if (response.status === 404) {
return [];
} else if (response.status !== 200) {
try {
return await this.apiService.getHibpBreach(username);
} catch (e) {
const error = e as ErrorResponse;
if (error.statusCode === 404) {
return [];
}
throw new Error();
}
const responseJson = await response.json();
return responseJson.map((a: any) => new BreachAccountResponse(a));
}
}