Adds configuration variable for hibp api url

2024-11-19 11:20:25 +01:00 · 2024-11-19 11:20:25 +01:00 · b49f1df395
commit b49f1df395
parent ce8dba03fe
4 changed files with 15 additions and 2 deletions
--- a/canaille/app/forms.py
+++ b/canaille/app/forms.py
@ -95,7 +95,10 @@ def compromised_password_validator(form, field):
            hashed_password[5:].upper(),
        )

-        api_url = f"https://api.pwnedpasswords.com/range/{hashed_password_prefix}"
+        api_url = (
+            current_app.config["CANAILLE"]["API_URL_HIBP"] + hashed_password_prefix
+        )
+        print(api_url)

        try:
            response = requests.api.get(api_url, timeout=10)
--- a/canaille/config.sample.toml
+++ b/canaille/config.sample.toml
@ -95,6 +95,9 @@ SECRET_KEY = "change me before you go in production"
 #   (https://haveibeenpwned.com/)
 #   ENABLE_PASSWORD_COMPROMISSION_CHECK = False

+# Have i been pwned api url for compromission checks.
+# This url should not be modified.
+# API_URL_HIBP = "https://api.pwnedpasswords.com/range/"

 # [CANAILLE_SQL]
 # The SQL database connection string
--- a/canaille/core/configuration.py
+++ b/canaille/core/configuration.py
@ -321,9 +321,15 @@ class CoreSettings(BaseModel):
    email.
    """

-    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = False
+    ENABLE_PASSWORD_COMPROMISSION_CHECK: bool = True
    """If :py:data:`True`, Canaille will check for password compromise on HIBP
    every time a new password is register.

    (https://haveibeenpwned.com/)
    """
+
+    API_URL_HIBP: str = "https://api.pwnedpasswords.com/range/"
+    """Have i been pwned api url for compromission checks.
+
+    This url should not be modified.
+    """
--- a/tests/conftest.py
+++ b/tests/conftest.py
@ -152,6 +152,7 @@ def configuration(smtpd):
                "disable_existing_loggers": False,
            },
            "ADMIN_EMAIL": "admin_default_mail@mymail.com",
+            "API_URL_HIBP": "https://api.pwnedpasswords.test/range/",
        },
    }
    return conf