mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-26 01:35:54 +03:00
[GH-ISSUE #649] Idea: local HIBP #436
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#436
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @My1 on GitHub (Oct 8, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/649
couldn't one download extract and use the HIBP database locally to avoid the need for any APIs or API keys or whatever?
obviously just extracting wouldnt be enough since a search on a 30GB blob wouldnt be very awesome but by splitting them into several smaller files by prefix (similar to the API) it could be done I even had a PHP script somewhere which I used to split the files (no idea whether it helps but at least it could show the process)
I obviously would not expect bitwarden to do the actual splitting. but rather you split it beforehand and just give it in as a folder to mount and it can have fun
@dani-garcia commented on GitHub (Oct 8, 2019):
Well the Passwords API which is the one you mention works without an API key, the key is only needed for the breached accounts API, which lists all the breaches found for a given email address, and as far as I know there is no way to bulk download that data.
@BlackDex commented on GitHub (Oct 8, 2019):
There isn't.
We could try to generate a link to the correct site with the email prefilled.
There could be an other way i tested before. But that kinda defeates the whole apiv3. And a chance of getting blocked. Also, i think a link would work just as well.
@My1 commented on GitHub (Oct 8, 2019):
okay I am deeply sorry, I misunderstood that part
@My1 commented on GitHub (Oct 8, 2019):
although a local passwords
APIdatabase might be fun for intranet-only systems@dani-garcia commented on GitHub (Oct 8, 2019):
Right, I can imagine for systems with a lot of users it could be useful. Checking the official page, the databases aren't that big and they are easy to obtain (https://haveibeenpwned.com/Passwords).
That said, this change would require modifications in the clients themselves, as the Passwords API is used directly in the clients, so at the moment there isn't much we can do ourselves.
@My1 commented on GitHub (Oct 8, 2019):
well I have no idea how to rust but at least I have some idea how to do it in PHP (the language I know best) maybe that can help adapting it
@BlackDex commented on GitHub (Oct 8, 2019):
@my1, it did triggered me to do some changes. And i created a pull request so you are able to just click on a link to do a data breach check without buying an API key.
Though buying an API key makes the integration a bit more complete.
@mprasil commented on GitHub (Oct 11, 2019):
I'm closing this one as the PR from @BlackDex does very good job for HIBP. The local password API would need client change and actually local implementation of the API which is way out of scope of this project.