Merge pull request #161 from FusionAuth/add-breached-password-guide

Add breached password guide

Author: mooreds

site/_layouts/doc.liquid

@@ -264,6 +264,7 @@
                 <li {% if page.url contains "/guides/" %} class="open"{% endif %}>
                   <a href="#" class="sub-menu"><i class="fal fa-fw fa-map-signs"></i> Guides <i class="fal fa-chevron-{% if page.url contains "/guides/" %}up{% else %}down{% endif %} fa-fw"></i></a>
                   <ul>
+                    <li {% if page.url == "/docs/v1/tech/guides/breached-password-detection.html" %}class="active"{% endif %}><a href="/docs/v1/tech/guides/breached-password-detection">Breached Password Detection</a></li>
                     <li {% if page.url == "/docs/v1/tech/guides/passwordless.html" %}class="active"{% endif %}><a href="/docs/v1/tech/guides/passwordless">Passwordless</a></li>
                     <li {% if page.url == "/docs/v1/tech/guides/api-authorization.html" %}class="active"{% endif %}><a href="/docs/v1/tech/guides/api-authorization">Securing your APIs</a></li>
                   </ul>

site/assets/img/docs/guides/breached-password-detection/acting-on-a-user.png

@@ -0,0 +1,11 @@
+<p>This password was found in the list of vulnerable passwords, and is no longer secure.</p>
+
+<p>In order to secure your account, it is recommended to change your password at your earliest convenience.</p>
+
+<p>Follow this link to change your password.</p>
+
+<a href="http://localhost:9011/password/forgot?email=${user.email}&tenantId=${user.tenantId}">
+  http://localhost:9011/password/forgot?email=${user.email}&tenantId=${user.tenantId}
+</a>
+
+- FusionAuth Admin

site/assets/img/docs/guides/breached-password-detection/admin-user-attempting-to-use-breached-password.png

@@ -82,17 +82,7 @@ Below you will find each stock template that FusionAuth ships for reference. The
 .HTML
 [source,text]
 ----
-<p>This password was found in the list of vulnerable passwords, and is no longer secure.</p>
-
-<p>In order to secure your account, it is recommended to change your password at your earliest convenience.</p>
-
-<p>Follow this link to change your password.</p>
-
-<a href="http://localhost:9011/password/forgot?email=${user.email}&tenantId=${user.tenantId}">
-  http://localhost:9011/password/forgot?email=${user.email}&tenantId=${user.tenantId}
-</a>
-
-- FusionAuth Admin
+include::docs/src/email/breached-password.html[]
 ----
 
 .Text

site/assets/img/docs/guides/breached-password-detection/admin-user-vulnerable-message.png

@@ -1,16 +1,15 @@
 ---
 layout: doc
 title: Guides Overview
-description: An overview of the FusionAuth Guides
+description: An overview of FusionAuth Guides
 ---
 
 :sectnumlevels: 0
 
 == Overview
 
-This section contains a number of guides that will help walk through some of the functionality of fusionauth.
-
-Here are our tutorials:
+This section contains guides which walk through various aspects of FusionAuth functionality. These documents are meant to give you thorough understanding of the technology covered. They should be used in conjunction with the link:../apis[API documentation].
 
+* link:breached-password-detection[Breached Password Detection]
 * link:passwordless[Passwordless Login]
-* link:api-authorization[API Authorization]
+* link:api-authorization[Securing Your APIs]

site/assets/img/docs/guides/breached-password-detection/breached-password-configuration-options.png

@@ -28,7 +28,7 @@ If you are planning to use passwordless, you have two options. The first option
 
 In either case, you should:
 
-* Configure your SMTP server settings under Tenants / Email. If you are testing this flow out locally, you may want to use https://mailcatcher.me/[mailcatcher]
+* Configure your SMTP server settings under [breadcrumb]#Tenants -> Email#. If you are testing this flow out locally, you may want to use https://mailcatcher.me/[mailcatcher]
 * Create an application
 * Turn on "Passwordless Login" under the "Security" tab of the application configuration:
 +

site/assets/img/docs/guides/breached-password-detection/breached-password-detection-diagram.png

@@ -41,7 +41,7 @@ Performing breach detection during login may introduce additional latency to the
 
 To enable and configure this feature navigate to [breadcrumb]#Tenants -> Edit -> Password#
 
-Detailed documentation on the configuration can be found in the link:core-concepts/tenants#password[Tenant Documentation].
+Detailed documentation on the configuration can be found in the link:core-concepts/tenants#password[Tenant Documentation] and the link:guides/breached-password-detection[Breached Password Detection Guide].
 
 Additionally, there is some keen insight into how the Reactor Breached Password Detection is performing on the *Reactor* page.