vendor/symfony/validator/Constraints/NotCompromisedPasswordValidator.php line 39

  1. <?php
  3. /*
  4.  * This file is part of the Symfony package.
  5.  *
  6.  * (c) Fabien Potencier <fabien@symfony.com>
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. namespace Symfony\Component\Validator\Constraints;
  14. use Symfony\Component\HttpClient\HttpClient;
  15. use Symfony\Component\Validator\Constraint;
  16. use Symfony\Component\Validator\ConstraintValidator;
  17. use Symfony\Component\Validator\Exception\UnexpectedTypeException;
  18. use Symfony\Component\Validator\Exception\UnexpectedValueException;
  19. use Symfony\Contracts\HttpClient\Exception\ExceptionInterface;
  20. use Symfony\Contracts\HttpClient\HttpClientInterface;
  22. /**
  23.  * Checks if a password has been leaked in a data breach using haveibeenpwned.com's API.
  24.  * Use a k-anonymity model to protect the password being searched for.
  25.  *
  26.  * @see https://haveibeenpwned.com/API/v2#SearchingPwnedPasswordsByRange
  27.  *
  28.  * @author Kévin Dunglas <dunglas@gmail.com>
  29.  */
  30. class NotCompromisedPasswordValidator extends ConstraintValidator
  31. {
  32.     private const DEFAULT_API_ENDPOINT 'https://api.pwnedpasswords.com/range/%s';
  34.     private HttpClientInterface $httpClient;
  35.     private string $charset;
  36.     private bool $enabled;
  37.     private string $endpoint;
  39.     public function __construct(HttpClientInterface $httpClient nullstring $charset 'UTF-8'bool $enabled truestring $endpoint null)
  40.     {
  41.         if (null === $httpClient && !class_exists(HttpClient::class)) {
  42.             throw new \LogicException(sprintf('The "%s" class requires the "HttpClient" component. Try running "composer require symfony/http-client".'self::class));
  43.         }
  45.         $this->httpClient $httpClient ?? HttpClient::create();
  46.         $this->charset $charset;
  47.         $this->enabled $enabled;
  48.         $this->endpoint $endpoint ?? self::DEFAULT_API_ENDPOINT;
  49.     }
  51.     /**
  52.      * @throws ExceptionInterface
  53.      */
  54.     public function validate(mixed $valueConstraint $constraint)
  55.     {
  56.         if (!$constraint instanceof NotCompromisedPassword) {
  57.             throw new UnexpectedTypeException($constraintNotCompromisedPassword::class);
  58.         }
  60.         if (!$this->enabled) {
  61.             return;
  62.         }
  64.         if (null !== $value && !\is_scalar($value) && !$value instanceof \Stringable) {
  65.             throw new UnexpectedValueException($value'string');
  66.         }
  68.         $value = (string) $value;
  69.         if ('' === $value) {
  70.             return;
  71.         }
  73.         if ('UTF-8' !== $this->charset) {
  74.             $value mb_convert_encoding($value'UTF-8'$this->charset);
  75.         }
  77.         $hash strtoupper(sha1($value));
  78.         $hashPrefix substr($hash05);
  79.         $url sprintf($this->endpoint$hashPrefix);
  81.         try {
  82.             $result $this->httpClient->request('GET'$url, ['headers' => ['Add-Padding' => 'true']])->getContent();
  83.         } catch (ExceptionInterface $e) {
  84.             if ($constraint->skipOnError) {
  85.                 return;
  86.             }
  88.             throw $e;
  89.         }
  91.         foreach (explode("\r\n"$result) as $line) {
  92.             if (!str_contains($line':')) {
  93.                 continue;
  94.             }
  96.             [$hashSuffix$count] = explode(':'$line);
  98.             if ($hashPrefix.$hashSuffix === $hash && $constraint->threshold <= (int) $count) {
  99.                 $this->context->buildViolation($constraint->message)
  100.                     ->setCode(NotCompromisedPassword::COMPROMISED_PASSWORD_ERROR)
  101.                     ->addViolation();
  103.                 return;
  104.             }
  105.         }
  106.     }
  107. }