fix: unreliable HIBP caching strategy

[zepatrik]

No description provided.

[zepatrik]

Returning the count here does not rely on the cache having the value in the recursive run.

[zepatrik]

We had some fishy cases, therefore we ensure here the fetch was done.
Especially the first two cases had the same password, therefore cache hit.

[codecov]

Codecov Report

Merging #2468 (a2277eb) into master (50bdba9) will increase coverage by 0.00%.
The diff coverage is 97.22%.

❗ Current head a2277eb differs from pull request most recent head 1f0cf06. Consider uploading reports for the commit 1f0cf06 to get more accurate results

@@           Coverage Diff           @@
##           master    #2468   +/-   ##
=======================================
  Coverage   76.52%   76.53%           
=======================================
  Files         316      316           
  Lines       17596    17603    +7     
=======================================
+ Hits        13465    13472    +7     
  Misses       3197     3197           
  Partials      934      934           

Impacted Files	Coverage Δ
selfservice/flow/login/handler.go	80.83% <ø> (ø)
selfservice/strategy/password/validator.go	92.77% <92.30%> (+0.27%)	⬆️
courier/smtp.go	75.00% <100.00%> (+0.42%)	⬆️
driver/config/config.go	82.05% <100.00%> (+0.05%)	⬆️
ui/node/attributes.go	60.86% <100.00%> (ø)
ui/node/node.go	90.65% <100.00%> (ø)
persistence/sql/persister_courier.go	89.70% <0.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9a969fd...1f0cf06. Read the comment docs.

[aeneasr]

What is this check good for?

[zepatrik]

thisCount is the count of the actual password. We fetch a whole range of password hashes and add it to the cache. It could be that there is not a hit at all. In that case we want to return zero. But in case of a hit, we want to update thisCount before returning, which this if does.