PrePAN

Sign in to PrePAN

Password::Policy::Rule::Pwned Plug matches against api.pwnedpasswords.com into Password::Policy

Good

Synopsis

use Password::Policy;
use Password::Policy::Rule::Pwned;
use Try::Tiny;

my $pass = 'password1';

my $pp = Password::Policy->new (config => 'policy.yaml');
try {
    $pp->process({ password => $pass });
} catch {
    warn "This password '$pass' is pwned - don't use it";
    # Other actions
}

Description

Password::Policy::Rule::Pwned is a Password::Policy::Rule to match against the pwned password service at https://api.pwnedpasswords.com/range/ as specified at https://haveibeenpwned.com/API/v2#PwnedPasswords

A password found in the list throws an exception as usual. A password not in the list returns itself also as usual.

I invite suggestions for how to deal with the 3rd possibility which is a failure in the API call for whatever reason. My current preference is to throw a separate, distinct, testable error message.

Comments

Please sign up to post a review.