From 3ecda0ceab7f282f609a861fceb02ebb2d2a95b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi@yaal.coop>
Date: Thu, 21 Nov 2024 10:43:31 +0100
Subject: [PATCH] doc: password compromission details

---
 canaille/app/forms.py          |  5 ++++-
 canaille/core/configuration.py | 15 +++++----------
 tests/conftest.py              |  2 +-
 3 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/canaille/app/forms.py b/canaille/app/forms.py
index 684bf2cf..688d4085 100644
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@@ -97,7 +97,10 @@ def compromised_password_validator(form, field):
         hashed_password[5:].upper(),
     )
 
-    api_url = current_app.config["CANAILLE"]["API_URL_HIBP"] + hashed_password_prefix
+    api_url = (
+        current_app.config["CANAILLE"]["PASSWORD_COMPROMISSION_CHECK_API_URL"]
+        + hashed_password_prefix
+    )
 
     try:
         response = requests.api.get(api_url, timeout=10)
diff --git a/canaille/core/configuration.py b/canaille/core/configuration.py
index 0ac6b4ea..3f8f4e17 100644
--- a/canaille/core/configuration.py
+++ b/canaille/core/configuration.py
@@ -322,14 +322,9 @@ class CoreSettings(BaseModel):
     """
 
     ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
-    """If :py:data:`True`, Canaille will check for password compromise on HIBP
-    every time a new password is register.
+    """If :py:data:`True`, Canaille will check if passwords appears in
+    compromission databases such as `HIBP <https://haveibeenpwned.com>`_
+    when users choose a new one."""
 
-    (https://haveibeenpwned.com/)
-    """
-
-    API_URL_HIBP: str = "https://api.pwnedpasswords.com/range/"
-    """Have i been pwned api url for compromission checks.
-
-    This url should not be modified.
-    """
+    PASSWORD_COMPROMISSION_CHECK_API_URL: str = "https://api.pwnedpasswords.com/range/"
+    """Have i been pwned api url for compromission checks."""
diff --git a/tests/conftest.py b/tests/conftest.py
index 0a989b96..d76bc331 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -152,7 +152,7 @@ def configuration(smtpd):
                 "disable_existing_loggers": False,
             },
             "ADMIN_EMAIL": "admin_default_mail@mydomain.test",
-            "API_URL_HIBP": "https://api.pwnedpasswords.test/range/",
+            "PASSWORD_COMPROMISSION_CHECK_API_URL": "https://api.pwnedpasswords.test/range/",
         },
     }
     return conf