Skip to content

A validator for Apache Wicket that checks if a given password has been breached

License

Notifications You must be signed in to change notification settings

martinspielmann/wicket-pwnedpasswords-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

58 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

wicket-pwnedpasswords-validator

A validator for Apache Wicket that checks if a given password has been pwned. The validator uses the free API of https://haveibeenpwned.com/ by @troyhunt to validate that the password has not been previously exposed in data breaches.

Build Status Coverage

Usage

  1. Include maven dependency in your pom.xml
<dependency>
  <groupId>de.martinspielmann.wicket</groupId>
  <artifactId>wicket-pwnedpasswords-validator</artifactId>
  <version>4.0.1</version>
</dependency>
  1. Add PwnedPasswordsValidator to your PasswordTextField
// just your every day registration form...
Form form = new Form("form");
add(form);
f.add(new FeedbackPanel("feedback"));
PasswordTextField password = new PasswordTextField("password", new Model<>(""));
form.add(password);

// and here it is:
password.add(new PwnedPasswordsValidator("YOUR-HIBP-API-KEY"));

Prerequisites

  • Maven (or download jar from Releases)
  • Wicket 6, 7, 8

Development

git clone https://github.com/pingunaut/wicket-pwnedpasswords-validator.git
cd wicket-pwnedpasswords-validator
mvn test

Built With

Contributing

Please read CONTRIBUTING.md for details on our code of conduct, and the process for submitting pull requests to us.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

  • Martin Spielmann - Initial work - pingunaut

See also the list of contributors who participated in this project.

License

This project is licensed under The Apache Software License, Version 2.0 - see the LICENSE.md file for details