Skip to content

feat: when login, add passsword leaked warning for the user to change… #50

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: when login, add passsword leaked warning for the user to change… #50

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
631573e
feat: when login, add passsword leaked warning for the user to change…
NipunSGeeTH Sep 20, 2025
7c3d519
feat:add mobile responsive popup warning
NipunSGeeTH Sep 20, 2025
64b2dde
fix:timeout added to fetch
NipunSGeeTH Sep 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions resources/views/components/layouts/public.blade.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -170,6 +170,74 @@ class="w-10 h-10 rounded-full bg-primary text-primary-content flex items-center
</div>
</header>


<!-- Password Breach Warning Alert -->
<!-- Password Breach Warning Alert -->
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate comment. The comment on line 174 and 175 are redundant.

Suggested change
<!-- Password Breach Warning Alert -->

Copilot uses AI. Check for mistakes.

@if ( session('password_breach_warning'))
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the unnecessary space after the opening parenthesis. Should be @if (session('password_breach_warning')).

Suggested change
@if ( session('password_breach_warning'))
@if (session('password_breach_warning'))

Copilot uses AI. Check for mistakes.

<!-- Inline alert for desktop -->
<div class="hidden sm:block">
<x-mary-alert
title="Warning {{ session('password_breach_warning') }}"
icon="o-exclamation-triangle"
dismissible
class="alert-warning px-42 text-lg"
x-data="{ show: true }"
x-show="show"
>
<x-slot:actions>
<a href="{{ route('settings.password') }}" @click="show = false">
<x-mary-button label="Change password" class="btn-warning btn-soft"/>
</a>
</x-slot:actions>
</x-mary-alert>
</div>

<!-- Mobile popup alert -->
<div class="sm:hidden" x-data="{ open: true }" x-show="open">
<!-- Full-screen dark overlay -->
<div
class="fixed inset-0 bg-black/70 z-40"
@click="open = false"
></div>

<!-- Modal -->
<div class="fixed inset-0 flex items-center justify-center z-50 px-4">
<div class="bg-base-100 rounded-lg w-full max-w-sm p-6 relative shadow-lg">

<!-- Close button -->
<!-- Close button -->
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Duplicate comment. Remove one of the redundant 'Close button' comments.

Suggested change
<!-- Close button -->

Copilot uses AI. Check for mistakes.

<button
@click="open = false"
class="absolute top-3 right-3 text-gray-800 hover:text-gray-900 text-3xl font-bold"
aria-label="Close"
>
&times;
</button>


<!-- Warning message -->
<div class="mb-6 flex flex-col items-center text-center gap-2">
<x-mary-icon name="o-exclamation-triangle" class="h-8 w-8 "/>
<span class="font-medium content">
Warning: {{ session('password_breach_warning') }}
</span>
</div>

<!-- Change password button -->
<a href="{{ route('settings.password') }}" @click="open = false">
<x-mary-button label="Change password" class="btn-warning btn-soft w-full"/>
</a>
</div>
</div>
</div>


@endif





<!-- Main Content -->
<main class="min-h-screen">
{{ $slot }}
Expand Down
56 changes: 51 additions & 5 deletions resources/views/livewire/auth/login.blade.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

use Illuminate\Auth\Events\Lockout;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Session;
Expand Down Expand Up @@ -40,6 +41,11 @@ public function login(): void
RateLimiter::clear($this->throttleKey());
Session::regenerate();

if ($this->isPasswordPwned($this->password)) {
// Flash a warning message after successful login
session()->flash('password_breach_warning', ' Your password has appeared in a data breach. For your safety, please change it soon.');
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The error message has an extra space at the beginning. Remove the leading space before 'Your password'.

Suggested change
session()->flash('password_breach_warning', ' Your password has appeared in a data breach. For your safety, please change it soon.');
session()->flash('password_breach_warning', 'Your password has appeared in a data breach. For your safety, please change it soon.');

Copilot uses AI. Check for mistakes.

}

$this->redirectIntended(default: route('home', absolute: false), navigate: true);
}

Expand Down Expand Up @@ -71,6 +77,44 @@ protected function throttleKey(): string
{
return Str::transliterate(Str::lower($this->email).'|'.request()->ip());
}




Comment on lines +81 to +83
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the excessive blank lines (lines 80-83) before the isPasswordPwned method to maintain consistent code formatting.

Suggested change

Copilot uses AI. Check for mistakes.

protected function isPasswordPwned(string $password): bool
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent indentation. The method signature should align with other methods in the class (no leading spaces).

Suggested change
protected function isPasswordPwned(string $password): bool
protected function isPasswordPwned(string $password): bool

Copilot uses AI. Check for mistakes.

{
$sha1 = strtoupper(sha1($password));
$prefix = substr($sha1, 0, 5);
$suffix = substr($sha1, 5);

$response = Http::get("https://api.pwnedpasswords.com/range/{$prefix}");
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The API call is synchronous and could cause login delays if the service is slow. Consider adding a timeout or making this check asynchronous.

Suggested change
$response = Http::get("https://api.pwnedpasswords.com/range/{$prefix}");
try {
$response = Http::timeout(2)->get("https://api.pwnedpasswords.com/range/{$prefix}");
} catch (\Exception $e) {
return false; // fail-safe on timeout or connection error
}

Copilot uses AI. Check for mistakes.

if ($response->failed()) {
return false; // fail-safe
}

foreach (explode("\n", $response->body()) as $line) {
$line = trim($line);
if (empty($line) || strpos($line, ':') === false) {
continue; // skip empty or malformed lines
}

[$hashSuffix, $count] = explode(':', $line, 2); // limit to 2 parts
if ($suffix === $hashSuffix) {
return true;
}
}

return false;
}









Comment on lines +113 to +121
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the excessive blank lines (lines 104-112) at the end of the class to maintain consistent code formatting.

Suggested change

Copilot uses AI. Check for mistakes.

Comment on lines +114 to +121
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excessive blank lines after the method. Remove unnecessary empty lines to maintain consistent code formatting.

Suggested change

Copilot uses AI. Check for mistakes.

Comment on lines +114 to +121
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the excessive blank lines at the end of the function. Use consistent spacing with at most one blank line.

Suggested change

Copilot uses AI. Check for mistakes.

}; ?>

<div class="flex flex-col gap-6">
Expand All @@ -79,11 +123,13 @@ protected function throttleKey(): string
<p class="mt-1 text-sm text-base-content/70">{{ __('Enter your email and password below to log in') }}</p>
</div>

@if (session('status'))
<x-mary-alert color="info" class="text-center">
{{ session('status') }}
</x-mary-alert>
@endif
@if (session('status'))
<x-mary-alert color="info" class="text-center">
{{ session('status') }}
</x-mary-alert>
@endif



Comment on lines +136 to 137
Copy link
Preview

Copilot AI Sep 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove the trailing whitespace on line 127 and the unnecessary blank line 128 to maintain clean formatting.

Suggested change

Copilot uses AI. Check for mistakes.

<form method="POST" wire:submit="login" class="flex flex-col gap-6">
<x-mary-input
Expand Down