summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel García <[email protected]>2024-11-10 23:59:06 +0100
committerDaniel García <[email protected]>2024-11-10 23:59:06 +0100
commit38aad4f7bedfb4279ecb385e036b1d84f3d59483 (patch)
tree53c284490db3f4ce154434f7ae2a99758d3871cb
parent20d9e885bfcd7df7828d92c6e59ed5fe7b40a879 (diff)
downloadvaultwarden-38aad4f7bedfb4279ecb385e036b1d84f3d59483.tar.gz
vaultwarden-38aad4f7bedfb4279ecb385e036b1d84f3d59483.zip
Limit HIBP to authed users1.32.4
-rw-r--r--src/api/core/mod.rs12
1 files changed, 6 insertions, 6 deletions
diff --git a/src/api/core/mod.rs b/src/api/core/mod.rs
index 4ac6b777..1638afe5 100644
--- a/src/api/core/mod.rs
+++ b/src/api/core/mod.rs
@@ -135,13 +135,13 @@ async fn put_eq_domains(data: Json<EquivDomainData>, headers: Headers, conn: DbC
}
#[get("/hibp/breach?<username>")]
-async fn hibp_breach(username: &str) -> JsonResult {
- let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect();
- let url = format!(
- "https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false"
- );
-
+async fn hibp_breach(username: &str, _headers: Headers) -> JsonResult {
if let Some(api_key) = crate::CONFIG.hibp_api_key() {
+ let username: String = url::form_urlencoded::byte_serialize(username.as_bytes()).collect();
+ let url = format!(
+ "https://haveibeenpwned.com/api/v3/breachedaccount/{username}?truncateResponse=false&includeUnverified=false"
+ );
+
let res = make_http_request(Method::GET, &url)?.header("hibp-api-key", api_key).send().await?;
// If we get a 404, return a 404, it means no breached accounts