jugmac00 / hibpcli Goto Github PK

In order to not have to think about code formatting, the black code formatter should be used for all Python code, cf https://github.com/ambv/black

maybe related to https://mastodon.social/@hynek/109539593583271270

see libkeepass/pykeepass#244

This has been fixed upstream, but not released yet -> cannot use PyKeePass 4.0.0

• extract "release history" from README.md
• introduce a "unreleased" section at the top of the new CHANGELOG.md
• introduce sub headings like
  -- added
  -- changed
  -- fixed

https://pypi.org/project/flake8-click/

One should be able to check single password against the hibp API for being leaked or not.

Also see #17 for more information about the new interface.

The newly introduced requires.io badge shows that some packages are outdated.

... and run pre-commit via tox.

Travis builds do no longer show up on the pr page.

current behaviour
When the user enters a wrong path, a nasty traceback is returned to the user.

wished behaviour
When the user enters a wrong path, a decent error message is returned.

bonus
The user gets another prompt and has a chance to enter a correct path, again.

cli.py makes use of the click framework, and thus it is a bit harder to test it.

Fortunately, click supports testing.

There is some documenation how to test a click application at
https://click.palletsprojects.com/en/7.x/testing/

Above message is shown when checking the local test.kdbx / on Python 3.8.

Not only for graphical applications, but also for CLI applications a good interface is important.

I will collect ideas about how to desgin the interface, ie the commands, subcommands, arguments and options.

I'd be very happy if you share your ideas.

Current favorite design

1. hibpcli keepass --password --password-only/--email-only

• you are able to enter the password if you want - otherwise you get prompted for it
• you can also provide an option so the keepass database only gets checked for leaked passwords, or only for leaked emails
• defaults to both

2. hibpcli password [password]

• check a single password
• if no password entered, you get a prompt
• security implications:
  -- possibly password will be in the bash_history
  -- password will be visible when you type it

3. hibpcli email [email]

• check a single email
• if no email entered, you get a prompt

The above checks will be tested against the online API - local checks will be added later.

Any thoughts?

currently users get to see:

pykeepass.exceptions.CredentialsIntegrityError: Credentials are wrong or integrity check failed

The wording of messages “Hooray, everything is safe!” and “Your password is safe!” implies these passwords are safe. Actually they only have not been reported as unsafe until now.

How about: “Your password is probably safe.” or “This password has not been reported unsafe until now.” or let's find a better message in the discussion.

current behaviour
When the hibp API is not available, the user gets a nasty traceback.

wished behaviour
When the hibp API is not available, the user gets a decent error message.

Currently, the test calls the real hibp API -when the internet connection is down, the test would fail.

=> mock the call