From aac9b78c0342e1b566a5d21211d7bffef4d94b51 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 25 Oct 2018 16:51:40 +0000
Subject: [PATCH] We aint using that online thing :|

---
 src/yunohost/utils/password.py | 32 ++------------------------------
 1 file changed, 2 insertions(+), 30 deletions(-)

diff --git a/src/yunohost/utils/password.py b/src/yunohost/utils/password.py
index 306be6103..e3e99075d 100644
--- a/src/yunohost/utils/password.py
+++ b/src/yunohost/utils/password.py
@@ -30,7 +30,6 @@ PWDDICT_PATH = '/usr/local/share/dict/cracklib/'
 SMALL_PWD_LIST = ["yunohost", "olinuxino", "olinux", "raspberry", "admin",
                   "root", "test", "rpi"]
 PWD_LIST_FILE = '100000-most-used'
-ACTIVATE_ONLINE_PWNED_LIST = False
 
 class PasswordValidator(object):
     """
@@ -55,7 +54,7 @@ class PasswordValidator(object):
         if self.validation_strength <= 0:
             return ("success", "")
 
-        self.strength = self.compute(password, ACTIVATE_ONLINE_PWNED_LIST)
+        self.strength = self.compute(password)
         if self.strength < self.validation_strength:
             if self.listed:
                 return ("error", "password_listed_" + str(self.validation_strength))
@@ -66,7 +65,7 @@ class PasswordValidator(object):
             return ("warning", 'password_advice')
         return ("success", "")
 
-    def compute(self, password, online=False):
+    def compute(self, password):
         # Indicators
         length = len(password)
         digits = 0
@@ -92,10 +91,6 @@ class PasswordValidator(object):
         # Check big list
         size_list = 100000
         if unlisted > 0 and not self.is_in_cracklib_list(password, PWD_LIST_FILE):
-            unlisted = size_list if online else 320000000
-
-        # Check online big list
-        if unlisted > size_list and online and not self.is_in_online_pwned_list(password):
             unlisted = 320000000
 
         self.listed = unlisted < 320000000
@@ -112,29 +107,6 @@ class PasswordValidator(object):
             strength = i + 1
         return strength
 
-    def is_in_online_pwned_list(self, password, silent=True):
-        """
-        Check if a password is in the list of breached passwords from
-        haveibeenpwned.com
-        """
-
-        from hashlib import sha1
-        import requests
-        hash = sha1(password).hexdigest()
-        range = hash[:5]
-        needle = (hash[5:].upper())
-
-        try:
-            hash_list =requests.get('https://api.pwnedpasswords.com/range/' +
-                                      range, timeout=30)
-        except e:
-            if not silent:
-                raise
-        else:
-            if hash_list.find(needle) != -1:
-                return True
-        return False
-
     def is_in_cracklib_list(self, password, pwd_dict):
         try:
             cracklib.VeryFascistCheck(password, None,