-
Notifications
You must be signed in to change notification settings - Fork 13
/
haveibeenpwned_wrapper.py
64 lines (51 loc) · 2.1 KB
/
haveibeenpwned_wrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import time
from hashlib import sha1
from urllib.parse import urlparse, quote, urljoin
try:
from requests_cache import CachedSession as Session
except ImportError:
from requests import Session
class HaveIBeenPwned(Session):
def __init__(self, *args, **kwargs):
self.last_request = time.time()
super().__init__(*args, **kwargs)
def request(self, *args, **kwargs):
headers = kwargs.pop('headers', {})
headers['User-Agent'] = headers.pop('User-Agent', 'haveibeenpwned_lastpass v0.666 github.com/dionysio/haveibeenpwned_lastpass')
kwargs['headers'] = headers
response = super().request(*args, **kwargs)
if not response.from_cache:
self.last_request = time.time()
return response
def get(self, url, **kwargs):
since_last_request = (time.time() - self.last_request)
if since_last_request < 1.5:
time.sleep(1.5 - since_last_request)
response = super().get(url, **kwargs)
if response.status_code == 429:
time.sleep(int(response.headers['Retry-After']))
response = super().get(url, **kwargs)
return response
@staticmethod
def _get_sha1(text):
return sha1(text).hexdigest().upper()
@staticmethod
def _get_domain(url):
parsed_uri = urlparse(url.decode())
return '{uri.netloc}'.format(uri=parsed_uri)
def check_password(self, password, *args, **kwargs):
hsh = self._get_sha1(password)
response = self.get('https://api.pwnedpasswords.com/range/{}'.format(hsh[:5]))
for value in response.text.splitlines():
returned_hash, count = value.split(':')
if hsh[5:] in (returned_hash, returned_hash[1:]):
return count
return 0
def check_username(self, username, domain='', *args, **kwargs):
url = 'https://haveibeenpwned.com/api/breachedaccount/{}'.format(quote(username))
domain = self._get_domain(domain)
response = self.get(url, params={'domain': domain})
if response.text:
pass