From 7cd8b63b941e199e5c8eb3438d8a87317315edbc Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Thu, 17 Jan 2019 10:46:24 -0500 Subject: [PATCH] use getHibpBreach proxy --- src/abstractions/api.service.ts | 3 +++ src/services/api.service.ts | 8 ++++++++ src/services/audit.service.ts | 17 +++++++++-------- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/src/abstractions/api.service.ts b/src/abstractions/api.service.ts index ee27049121..3fd8e0e430 100644 --- a/src/abstractions/api.service.ts +++ b/src/abstractions/api.service.ts @@ -52,6 +52,7 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove import { VerifyEmailRequest } from '../models/request/verifyEmailRequest'; import { BillingResponse } from '../models/response/billingResponse'; +import { BreachAccountResponse } from '../models/response/breachAccountResponse'; import { CipherResponse } from '../models/response/cipherResponse'; import { CollectionGroupDetailsResponse, @@ -247,6 +248,8 @@ export abstract class ApiService { getUserPublicKey: (id: string) => Promise; + getHibpBreach: (username: string) => Promise; + getActiveBearerToken: () => Promise; fetch: (request: Request) => Promise; } diff --git a/src/services/api.service.ts b/src/services/api.service.ts index 40c7c6c78c..bb9f7faa55 100644 --- a/src/services/api.service.ts +++ b/src/services/api.service.ts @@ -58,6 +58,7 @@ import { VerifyDeleteRecoverRequest } from '../models/request/verifyDeleteRecove import { VerifyEmailRequest } from '../models/request/verifyEmailRequest'; import { BillingResponse } from '../models/response/billingResponse'; +import { BreachAccountResponse } from '../models/response/breachAccountResponse'; import { CipherResponse } from '../models/response/cipherResponse'; import { CollectionGroupDetailsResponse, @@ -818,6 +819,13 @@ export class ApiService implements ApiServiceAbstraction { return new UserKeyResponse(r); } + // HIBP APIs + + async getHibpBreach(username: string): Promise { + const r = await this.send('GET', '/hibp/breach?username=' + username, null, true, true); + return r.map((a: any) => new BreachAccountResponse(a)); + } + // Helpers async getActiveBearerToken(): Promise { diff --git a/src/services/audit.service.ts b/src/services/audit.service.ts index ff7a90b996..7939149299 100644 --- a/src/services/audit.service.ts +++ b/src/services/audit.service.ts @@ -5,9 +5,9 @@ import { CryptoFunctionService } from '../abstractions/cryptoFunction.service'; import { Utils } from '../misc/utils'; import { BreachAccountResponse } from '../models/response/breachAccountResponse'; +import { ErrorResponse } from '../models/response/errorResponse'; const PwnedPasswordsApi = 'https://api.pwnedpasswords.com/range/'; -const HibpBreachApi = 'https://haveibeenpwned.com/api/v2/breachedaccount/'; export class AuditService implements AuditServiceAbstraction { constructor(private cryptoFunctionService: CryptoFunctionService, private apiService: ApiService) { } @@ -18,7 +18,7 @@ export class AuditService implements AuditServiceAbstraction { const hashStart = hash.substr(0, 5); const hashEnding = hash.substr(5); - const response = await fetch(new Request(PwnedPasswordsApi + hashStart)); + const response = await fetch(PwnedPasswordsApi + hashStart); const leakedHashes = await response.text(); const match = leakedHashes.split(/\r?\n/).find((v) => { return v.split(':')[0] === hashEnding; @@ -28,13 +28,14 @@ export class AuditService implements AuditServiceAbstraction { } async breachedAccounts(username: string): Promise { - const response = await fetch(new Request(HibpBreachApi + username)); - if (response.status === 404) { - return []; - } else if (response.status !== 200) { + try { + return await this.apiService.getHibpBreach(username); + } catch (e) { + const error = e as ErrorResponse; + if (error.statusCode === 404) { + return []; + } throw new Error(); } - const responseJson = await response.json(); - return responseJson.map((a: any) => new BreachAccountResponse(a)); } }