derhansen / add_pwd_policy
Additional password validators for usage in TYPO3 password policies
Installs: 239
Dependents: 0
Suggesters: 0
Security: 0
Stars: 1
Watchers: 2
Forks: 1
Open Issues: 0
Type:typo3-cms-extension
Requires
- typo3/cms-backend: ^12.4 || ^13.1
- typo3/cms-core: ^12.4 || ^13.1
- typo3/cms-felogin: ^12.4 || ^13.1
- typo3/cms-setup: ^12.4 || ^13.1
README
Additional Password Policy validators for TYPO3 CMS
This extension for TYPO3 CMS contains additional Password Policy validators for
usage in TYPO3 12+ projects. It also adds an event listener for the
EnrichPasswordValidationContextDataEvent
PSR-14 event, so the context data
used for password validation is extended with the users email-address.
Included validators
Pwned Password
Description:
This validator ensures, that the given password is not part of a known data breach on haveibeenpwned.com
Options:
- none
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PwnedPasswordValidator::class] = [
'options' => [],
'excludeActions' => [],
];
Does not contain username
Description:
This validator ensures, that the given password does not contain the users username
.
Options:
- none
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\NotUsernameValidator::class] = [
'options' => [],
'excludeActions' => [],
];
Password deny list
This validator ensures, that the given password is not part of a configurable list of denied passwords.
The password file must contain one password for each line.
Options:
passwordDenylistFilepath
Relative path to password file. EXT: notation is allowed.
Usage example
$GLOBALS['TYPO3_CONF_VARS']['SYS']['passwordPolicies']['default']['validators'][\Derhansen\AddPwdPolicy\PasswordPolicy\Validator\PasswordDenylistValidator::class] = [
'options' => [
'passwordDenylistFilepath' => 'EXT:add_pwd_policy/Resources/Private/Text/password_denylist.txt',
],
'excludeActions' => [],
];
PRs welcome
If you have created a custom password validator, feel free to provide it as pull request to this repository.
Credits
Password file
The included file with top 100.000 popular passwords has been downloaded from https://github.com/danielmiessler/SecLists