From b49f1df395c6fa7ceacd6fcb1e84644bdd25e582 Mon Sep 17 00:00:00 2001
From: sebastien <sebastien@yaal.coop>
Date: Tue, 19 Nov 2024 11:20:25 +0100
Subject: [PATCH] Adds configuration variable for hibp api url

---
 canaille/app/forms.py          | 5 ++++-
 canaille/config.sample.toml    | 3 +++
 canaille/core/configuration.py | 8 +++++++-
 tests/conftest.py              | 1 +
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/canaille/app/forms.py b/canaille/app/forms.py
index af92dff8..b029cd37 100644
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@@ -95,7 +95,10 @@ def compromised_password_validator(form, field):
             hashed_password[5:].upper(),
         )
 
-        api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
+        api_url = (
+            current_app.config["CANAILLE"]["API_URL_HIBP"] + hashed_password_prefix
+        )
+        print(api_url)
 
         try:
             response = requests.api.get(api_url, timeout=10)
diff --git a/canaille/config.sample.toml b/canaille/config.sample.toml
index c3acc051..79faac15 100644
--- a/canaille/config.sample.toml
+++ b/canaille/config.sample.toml
@@ -95,6 +95,9 @@ SECRET_KEY = "change me before you go in production"
 #   (https://haveibeenpwned.com/)
 #   ENABLE_PASSWORD_COMPROMISSION_CHECK = False
 
+# Have i been pwned api url for compromission checks.
+# This url should not be modified.
+# API_URL_HIBP = "https://api.pwnedpasswords.com/range/"
 
 # [CANAILLE_SQL]
 # The SQL database connection string
diff --git a/canaille/core/configuration.py b/canaille/core/configuration.py
index 79557f0f..07e984c0 100644
--- a/canaille/core/configuration.py
+++ b/canaille/core/configuration.py
@@ -321,9 +321,15 @@ class CoreSettings(BaseModel):
     email.
     """
 
-    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
+    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = True
     """If :py:data:`True`, Canaille will check for password compromise on HIBP
     every time a new password is register.
 
     (https://haveibeenpwned.com/)
     """
+
+    API_URL_HIBP: str = "https://api.pwnedpasswords.com/range/"
+    """Have i been pwned api url for compromission checks.
+
+    This url should not be modified.
+    """
diff --git a/tests/conftest.py b/tests/conftest.py
index 94c7a774..d517ce25 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -152,6 +152,7 @@ def configuration(smtpd):
                 "disable_existing_loggers": False,
             },
             "ADMIN_EMAIL": "admin_default_mail@mymail.com",
+            "API_URL_HIBP": "https://api.pwnedpasswords.test/range/",
         },
     }
     return conf