Adds configuration variable for hibp api url

canaille/app/forms.py

@@ -95,7 +95,10 @@ def compromised_password_validator(form, field):
             hashed_password[5:].upper(),
         )
 
-        api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
+        api_url = (
+            current_app.config["CANAILLE"]["API_URL_HIBP"] + hashed_password_prefix
+        )
+        print(api_url)
 
         try:
             response = requests.api.get(api_url, timeout=10)

canaille/config.sample.toml

@@ -95,6 +95,9 @@ SECRET_KEY = "change me before you go in production"
 #   (https://haveibeenpwned.com/)
 #   ENABLE_PASSWORD_COMPROMISSION_CHECK = False
 
+# Have i been pwned api url for compromission checks.
+# This url should not be modified.
+# API_URL_HIBP = "https://api.pwnedpasswords.com/range/"
 
 # [CANAILLE_SQL]
 # The SQL database connection string

canaille/core/configuration.py

@@ -321,9 +321,15 @@ class CoreSettings(BaseModel):
     email.
     """
 
-    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
+    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = True
     """If :py:data:`True`, Canaille will check for password compromise on HIBP
     every time a new password is register.
 
     (https://haveibeenpwned.com/)
     """
+
+    API_URL_HIBP: str = "https://api.pwnedpasswords.com/range/"
+    """Have i been pwned api url for compromission checks.
+
+    This url should not be modified.
+    """

tests/conftest.py

@@ -152,6 +152,7 @@ def configuration(smtpd):
                 "disable_existing_loggers": False,
             },
             "ADMIN_EMAIL": "admin_default_mail@mymail.com",
+            "API_URL_HIBP": "https://api.pwnedpasswords.test/range/",
         },
     }
     return conf