Pwned Passwords Check
Problem this snippet solves: This snippet makes it possible to use Troy Hunt’s ‘Pwned Passwords’ API. By using this API one can check if the password being used was exposed in earlier data breaches....
Updated Jun 06, 2023
Version 2.0
lnxgeek
MVP
MVPThis is just awesome piece of work!
For iRuleLX newbies (myself included) I will add a couple of hints to the tutorial.
The "hibp_irule" goes under iRules inside the LX Workspace "hibp" and not like I did in the beginning putting them where the "normal" iRules goes. Like this:
Second, the code piece (the actual iRuleLX) goes into the "index.js" in the tree like this:
And last but not least in the VPE you need to edit the macro settings of "Authenticate and Check Password" to allow at least 2 loops otherwise the variable assignment "session.logon.last.change_password" doesn't initiate a change password process and just fails (ends up in deny). Also the "loop" ending isn't available to you when you build it before this is adjusted. This is what it looks like:
Hopefully others will be spared the tedious hours of banging your head against the wall of malfunction, thus this cartoon post :-)
Even if iRuleLX is still a black voodoo box for me this example really show the tremendous potential this tool wheels.
Nodejs guys please keep posting so others like me can learn! :-)
P.S. I don't know how to scale the pictures to fit the post width....