forked from troyhunt/password-purgatory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
index.html
81 lines (74 loc) · 2.73 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="make-hell.js"></script>
<link href="make-hell-pretty.css" rel="stylesheet" />
<title>Password Purgatory</title>
</head>
<body>
<header>
<img src="logo.jpg" alt="Password Purgatory" />
</header>
<section id="search">
<form onsubmit="submitHell(document.getElementById('password').value);return false;">
<input autocapitalize="off" autocorrect="off" id="password" name="password" placeholder="enter password"
spellcheck="false" type="password" />
<button type="submit" id="searchPwnedPasswords">make
hell</button>
<p id="response"></p>
</form>
</section>
<section>
<h1>Documentation</h1>
<p>
Password Purgatory is an intentionally infuriating API to request inane and ultimately unachievable password
criteria intended to deliberately frustrate the user. Regardless of the password used, it will always be rejected
hence subjecting the user to "purgatory". Read more in <a
href="https://www.troyhunt.com/building-password-purgatory-with-cloudflare-pages-and-workers/">the launch blog
post</a>.
</p>
<h2>Request</h2>
<p>
There is a single API endpoint that can be invoked with a GET request passing the password as a query string:
</p>
<code>GET https://api.passwordpurgatory.com/make-hell?password={password}</code>
<h2>Response</h2>
<p>
A JSON response is returned containing a message describing how the password did not meet the required criteria:
</p>
<code>
{
"message": "Password must contain at least 1 number"
}
</code>
<h2>Cross-Origin Resource Sharing (CORS)</h2>
<p>
CORS is enabled to allow calling the API from all origins.
</p>
<h2>Embedding in an External Website</h2>
<p>
To orchestrate the request to the API and display of the returned message, the "make-hell.js" JavaScript file can
be
directly embedded in any consuming websites:
</p>
<code>
<script src="https://passwordpurgatory.com/make-hell.js"></script>
</code>
<p>
ToDo: implement SRI integrity check once version is stable
</p>
<h2>Source Code</h2>
<p>
All code in Password Purgatory is open source and available on GitHub in the following repositories:
</p>
<ol>
<li>This website: <a
href="https://github.com/troyhunt/password-purgatory">github.com/troyhunt/password-purgatory</a></li>
<li>The API: <a
href="https://github.com/troyhunt/password-purgatory-api">github.com/troyhunt/password-purgatory-api</a></li>
</ol>
</section>
</body>
</html>