derhansen / add_pwd_policy
Additional password validators for usage in TYPO3 password policies
Installs: 0
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Type:typo3-cms-extension
Requires
- typo3/cms-backend: ^12.4
- typo3/cms-core: ^12.4
- typo3/cms-felogin: ^12.4
- typo3/cms-setup: ^12.4
Requires (Dev)
- friendsofphp/php-cs-fixer: ^3.12.0
- phpstan/extension-installer: ^1.1
- saschaegerer/phpstan-typo3: ^1.1.2
- sbuerk/typo3-cmscomposerinstallers-testingframework-bridge: ^0.1.0
- typo3/testing-framework: ~7.0@dev || dev-main
Replaces
- typo3-ter/add-pwd-policy: 1.0.0
README
Additional Password Policy validators for TYPO3 CMS
This extension for TYPO3 CMS contains additional Password Policy validators for
usage in TYPO3 12+ projects. It also adds an event listener for the
EnrichPasswordValidationContextDataEvent
PSR-14 event, so the context data
used for password validation is extended with the users email-address.
Included validators
Pwned Password
Description:
This validator ensures, that the given password is not part of a known data breach on haveibeenpwned.com
Options:
- none
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PwnedPasswordValidator::class] = [
'options' => [],
'excludeActions' => [],
];
Does not contain username
Description:
This validator ensures, that the given password does not contain the users username
.
Options:
- none
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\NotUsernameValidator::class] = [
'options' => [],
'excludeActions' => [],
];
Password deny list
This validator ensures, that the given password is not part of a configurable list of denied passwords.
The password file must contain one password for each line.
Options:
passwordDenylistFilepath
Relative path to password file. EXT: notation is allowed.
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PasswordDenylistValidator::class] = [
'options' => [
'passwordDenylistFilepath' => 'EXT:add_pwd_policy/Resources/Private/Text/password_denylist.txt',
],
'excludeActions' => [],
];
PRs welcome
If you have created a custom password validator, feel free to provide it as pull request to this repository.
Credits
Password file
The included file with top 100.000 popular passwords has been downloaded from https://github.com/danielmiessler/SecLists