Hello community,
here is the log from the commit of package python-pyhibp for openSUSE:Factory
checked in at 2020-04-07 10:32:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pyhibp (Old)
and /work/SRC/openSUSE:Factory/.python-pyhibp.new.3248 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pyhibp"
Tue Apr 7 10:32:06 2020 rev:4 rq:791910 version:4.1.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pyhibp/python-pyhibp.changes
2019-08-28 18:37:07.869266500 +0200
+++ /work/SRC/openSUSE:Factory/.python-pyhibp.new.3248/python-pyhibp.changes
2020-04-07 10:32:50.586617544 +0200
@@ -1,0 +2,10 @@
+Mon Apr 6 18:35:28 UTC 2020 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 4.1.0
+ * Adds the capability to request that the Pwned Passwords API
+ return padding to the responses to calls made via
+ pwnedpasswords. Set the parameter add_padding to True on
+ suffix_search or is_password_breached. See the HIBP API for
+ additional information.
+
+-------------------------------------------------------------------
Old:
----
pyhibp-4.0.0.tar.gz
New:
----
pyhibp-4.1.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pyhibp.spec ++++++
--- /var/tmp/diff_new_pack.aNdPyc/_old 2020-04-07 10:32:51.054618153 +0200
+++ /var/tmp/diff_new_pack.aNdPyc/_new 2020-04-07 10:32:51.058618159 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-pyhibp
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define skip_python2 1
Name: python-pyhibp
-Version: 4.0.0
+Version: 4.1.0
Release: 0
Summary: An interface to Troy Hunt's 'Have I Been Pwned' public API
License: AGPL-3.0-or-later
++++++ pyhibp-4.0.0.tar.gz -> pyhibp-4.1.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/CHANGELOG.md
new/pyhibp-4.1.0/CHANGELOG.md
--- old/pyhibp-4.0.0/CHANGELOG.md 2019-08-11 06:27:23.000000000 +0200
+++ new/pyhibp-4.1.0/CHANGELOG.md 2020-04-06 15:55:42.000000000 +0200
@@ -1,5 +1,11 @@
pyHIBP Changelog
================
+v4.1.0 (2020-04-06)
+------------------------
+- Adds the capability to request that the Pwned Passwords API return padding
to the responses to calls made via
+ ``pwnedpasswords``. Set the parameter ``add_padding`` to ``True`` on
``suffix_search`` or ``is_password_breached``.
+ See [the HIBP API](https://haveibeenpwned.com/API/v3#PwnedPasswordsPadding)
for additional information.
+
v4.0.0 (2019-08-11)
------------------------
- **Breaking API change**: The HIBP API now requires an API key for calls
which search by account. This means calls to
@@ -27,6 +33,18 @@
- ``get_single_breach`` -> ``{} / dict``
- ``get_pastes`` -> ``[] / list``
+v3.2.0 (2020-03-28)
+-----------------------
+- **FINAL SUPPORTED PYTHON 2.7 RELEASE**: All following releases will require
Python 3. CPython discontinued support as of
+ January 1, 2020, and we dropped support in v4.0.0. (Yes, we dropped support
and are releasing a backport; ironic.)
+- **Backported functions (from v4.0.0)**: The following functions are required
to consume the API, either in general (user agent), or for querying for
specific account information (API key).
+ - `pyhibp.set_user_agent(ua=agent)`: The HIBP API requires the calling
application to set a descriptive UA string to
+ describe the application consuming the API. This must be called prior to
invoking any functions in
+ `pyhibp` or `pwnedpasswords` which actually make requests to the HIBP
API.
+ - `pyhibp.set_api_key(key=your_key)`: For `pyhibp` functions which
retrieve information about specific accounts, an
+ API key must be purchased from the HIBP website. This must be set prior
to calling the relevant functions.
+- Note: As this is was a backport, this change is not in the main master
branch of source control, however the tagged release may [be found
here](https://gitlab.com/kitsunix/pyHIBP/pyHIBP/-/tags/v3.2.0).
+
v3.1.0 (2019-06-30)
-----------------------
- **New function**: ``pwnedpasswords.suffix_search(hash_prefix=prefix)`` was
created in order to have a dedicated function
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/MANIFEST.in new/pyhibp-4.1.0/MANIFEST.in
--- old/pyhibp-4.0.0/MANIFEST.in 2019-08-10 02:55:56.000000000 +0200
+++ new/pyhibp-4.1.0/MANIFEST.in 2020-04-06 15:55:42.000000000 +0200
@@ -6,8 +6,11 @@
include Pipfile
include tox.ini
+recursive-include src *.py
+recursive-include test *.py
+
exclude .bandit
exclude .gitlab-ci.yml
-recursive-include src *.py
-recursive-include test *.py
+exclude .gitlab
+recursive-exclude .gitlab *
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/PKG-INFO new/pyhibp-4.1.0/PKG-INFO
--- old/pyhibp-4.0.0/PKG-INFO 2019-08-11 06:27:37.000000000 +0200
+++ new/pyhibp-4.1.0/PKG-INFO 2020-04-06 15:58:01.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pyhibp
-Version: 4.0.0
+Version: 4.1.0
Summary: An interface to Troy Hunt's 'Have I Been Pwned' public API
Home-page: https://gitlab.com/kitsunix/pyHIBP/pyHIBP
Author: Kyra F. Kitsune
@@ -13,7 +13,7 @@
A Python interface to Troy Hunt's 'Have I Been Pwned?' (HIBP) public
API. A full reference to the API
- specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v2).
+ specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v3).
This module detects when the rate limit of the API has been hit, and
raises a RuntimeError when the limit
is exceeded, or when another API-defined error condition is
encountered based on the submitted data. When
@@ -75,7 +75,8 @@
Developing
----------
- This project is currently intended to be compatible with Python 2 and
Python 3. As such, we use virtual environments via `pipenv`.
+ In order to ensure we have a consistent and repeatable development
environment
+ we use a virtual environment, namely `pipenv`.
To develop or test, execute the following:
```bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/README.md new/pyhibp-4.1.0/README.md
--- old/pyhibp-4.0.0/README.md 2019-08-11 06:27:23.000000000 +0200
+++ new/pyhibp-4.1.0/README.md 2020-04-06 15:55:42.000000000 +0200
@@ -6,7 +6,7 @@
A Python interface to Troy Hunt's 'Have I Been Pwned?' (HIBP) public API. A
full reference to the API
-specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v2).
+specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v3).
This module detects when the rate limit of the API has been hit, and raises a
RuntimeError when the limit
is exceeded, or when another API-defined error condition is encountered based
on the submitted data. When
@@ -68,7 +68,8 @@
Developing
----------
-This project is currently intended to be compatible with Python 2 and Python
3. As such, we use virtual environments via `pipenv`.
+In order to ensure we have a consistent and repeatable development environment
+we use a virtual environment, namely `pipenv`.
To develop or test, execute the following:
```bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/src/pyhibp/__version__.py
new/pyhibp-4.1.0/src/pyhibp/__version__.py
--- old/pyhibp-4.0.0/src/pyhibp/__version__.py 2019-08-11 06:27:23.000000000
+0200
+++ new/pyhibp-4.1.0/src/pyhibp/__version__.py 2020-04-06 15:55:42.000000000
+0200
@@ -4,5 +4,5 @@
# |)\/| |||)|
# | /
-__version__ = '4.0.0'
+__version__ = '4.1.0'
__url__ = 'https://gitlab.com/kitsunix/pyHIBP/pyHIBP'
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/src/pyhibp/pwnedpasswords.py
new/pyhibp-4.1.0/src/pyhibp/pwnedpasswords.py
--- old/pyhibp-4.0.0/src/pyhibp/pwnedpasswords.py 2019-08-11
06:27:23.000000000 +0200
+++ new/pyhibp-4.1.0/src/pyhibp/pwnedpasswords.py 2020-04-06
15:55:42.000000000 +0200
@@ -2,8 +2,7 @@
import requests
-import pyhibp
-from pyhibp import _require_user_agent
+from pyhibp import _require_user_agent, pyHIBP_HEADERS
PWNED_PASSWORDS_API_BASE_URI = "https://api.pwnedpasswords.com/";
PWNED_PASSWORDS_API_ENDPOINT_RANGE_SEARCH = "range/"
@@ -11,7 +10,7 @@
RESPONSE_ENCODING = "utf-8-sig"
-def is_password_breached(password: str = None, sha1_hash: str = None) -> int:
+def is_password_breached(password: str = None, sha1_hash: str = None,
add_padding: bool = False) -> int:
"""
Execute a search for a password via the k-anonymity model, checking for
hashes which match a specified
prefix instead of supplying the full hash to the Pwned Passwords API.
@@ -27,12 +26,10 @@
2) sha1_hash - The hash prefix (hash[0:5]) is passed to the HIBP API, and
this function will check the returned list of
hash suffixes to determine if a breached password was in the HIBP database.
- Note: Suffix searches, that is, to retrieve a list of hash suffixes by
supplying a hash prefix, have moved to
- `suffix_search()` as of this release (v3.1.0). A compatability shim has
been left for this release, but will be removed on the
- next major version release.
-
:param password: The password to check. Will be converted to a SHA-1
string. `str` type.
:param sha1_hash: A full SHA-1 hash. `str` type.
+ :param add_padding: Whether padding should be used when performing the
check (obfuscates response size, does not
+ alter return type/value.
:return: An Integer representing the number of times the password is in
the data set; if not found,
Integer zero (0) is returned.
:rtype: int
@@ -52,7 +49,7 @@
sha1_hash = sha1_hash.upper()
hash_prefix = sha1_hash[0:5]
- suffix_list = suffix_search(hash_prefix=hash_prefix)
+ suffix_list = suffix_search(hash_prefix=hash_prefix,
add_padding=add_padding)
# Since the full SHA-1 hash was provided, check to see if it was in the
resultant hash suffixes returned.
for hash_suffix in suffix_list:
@@ -65,7 +62,7 @@
@_require_user_agent
-def suffix_search(hash_prefix: str = None) -> list:
+def suffix_search(hash_prefix: str = None, add_padding: bool = False) -> list:
"""
Returns a list of SHA-1 hash suffixes, consisting of the SHA-1 hash
characters after position five,
and the number of times that password hash was found in the HIBP database,
colon separated.
@@ -88,6 +85,9 @@
If the `prefix` and `suffix` form a complete SHA-1 hash for the password
being compared, then it
indicates the password has been found in the HIBP database.
+ :param add_padding: Boolean. Adds padding to the response to include hash
suffixes which have not been breached, in
+ order to prevent sniffing of response size to infer what hash prefix was
searched. Entries which end in zero can be
+ disregarded.
:param hash_prefix: The first five characters of a SHA-1 hash. `str` type.
:return: A list of hash suffixes.
:rtype: list
@@ -99,7 +99,10 @@
uri = PWNED_PASSWORDS_API_BASE_URI +
PWNED_PASSWORDS_API_ENDPOINT_RANGE_SEARCH + hash_prefix
- resp = requests.get(url=uri, headers=pyhibp.pyHIBP_HEADERS)
+ _headers = pyHIBP_HEADERS
+ _headers['Add-Padding'] = "true" if add_padding else None
+
+ resp = requests.get(url=uri, headers=_headers)
if resp.status_code != 200:
# The HTTP Status should always be 200 for this request
raise RuntimeError("Response from the endpoint was not HTTP200; this
should not happen. Code was: {0}".format(resp.status_code))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/src/pyhibp.egg-info/PKG-INFO
new/pyhibp-4.1.0/src/pyhibp.egg-info/PKG-INFO
--- old/pyhibp-4.0.0/src/pyhibp.egg-info/PKG-INFO 2019-08-11
06:27:37.000000000 +0200
+++ new/pyhibp-4.1.0/src/pyhibp.egg-info/PKG-INFO 2020-04-06
15:58:01.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: pyhibp
-Version: 4.0.0
+Version: 4.1.0
Summary: An interface to Troy Hunt's 'Have I Been Pwned' public API
Home-page: https://gitlab.com/kitsunix/pyHIBP/pyHIBP
Author: Kyra F. Kitsune
@@ -13,7 +13,7 @@
A Python interface to Troy Hunt's 'Have I Been Pwned?' (HIBP) public
API. A full reference to the API
- specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v2).
+ specification can be found at the [HIBP API
Reference](https://haveibeenpwned.com/API/v3).
This module detects when the rate limit of the API has been hit, and
raises a RuntimeError when the limit
is exceeded, or when another API-defined error condition is
encountered based on the submitted data. When
@@ -75,7 +75,8 @@
Developing
----------
- This project is currently intended to be compatible with Python 2 and
Python 3. As such, we use virtual environments via `pipenv`.
+ In order to ensure we have a consistent and repeatable development
environment
+ we use a virtual environment, namely `pipenv`.
To develop or test, execute the following:
```bash
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/test/test_pwnedpasswords.py
new/pyhibp-4.1.0/test/test_pwnedpasswords.py
--- old/pyhibp-4.0.0/test/test_pwnedpasswords.py 2019-08-11
06:27:23.000000000 +0200
+++ new/pyhibp-4.1.0/test/test_pwnedpasswords.py 2020-04-06
15:55:42.000000000 +0200
@@ -79,19 +79,26 @@
assert "hash_prefix must be of length 5." in str(execinfo.value)
@pytest.mark.usefixtures('sleep')
- def test_list_of_hashes_returned(self):
+ @pytest.mark.parametrize("add_padding", [True, False])
+ def test_list_of_hashes_returned(self, add_padding):
"""
Test all parameters: The response format for all parameters is the
same.
"""
- resp = pw.suffix_search(hash_prefix=TEST_PASSWORD_SHA1_HASH[0:5])
+ resp = pw.suffix_search(hash_prefix=TEST_PASSWORD_SHA1_HASH[0:5],
add_padding=add_padding)
assert isinstance(resp, list)
assert len(resp) > 100
match_found = False
for entry in resp:
- if TEST_PASSWORD_SHA1_HASH[5:] in entry.lower():
- match_found = True
- break
+ partial_hash, count = entry.split(":")
+ if not add_padding:
+ if TEST_PASSWORD_SHA1_HASH[5:] == partial_hash.lower():
+ match_found = True
+ break
+ elif add_padding:
+ if count == "0":
+ match_found = True
+ break
assert match_found
def test_user_agent_must_be_set_or_raise(self, monkeypatch):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pyhibp-4.0.0/tox.ini new/pyhibp-4.1.0/tox.ini
--- old/pyhibp-4.0.0/tox.ini 2019-08-11 06:27:23.000000000 +0200
+++ new/pyhibp-4.1.0/tox.ini 2020-04-06 15:55:42.000000000 +0200
@@ -1,11 +1,12 @@
[tox]
-envlist = py{35,36,37}
+envlist = py{35,36,37,38}
[testenv]
basepython =
py35: python3.5
py36: python3.6
py37: python3.7
+ py38: python3.8
passenv =
TOXENV
PIP_CACHE_DIR
