georgringer/password-validation

Live server-side password policy feedback (password meter) for TYPO3 backend password fields.

Maintainers

Package info

github.com/georgringer/password_validation

Type:typo3-cms-extension

pkg:composer/georgringer/password-validation

Transparency log

Statistics

Installs: 0

Dependents: 0

Suggesters: 0

Stars: 0

Open Issues: 0

dev-main 2026-07-10 06:30 UTC

This package is auto-updated.

Last update: 2026-07-10 06:31:50 UTC


README

Live, server-side password policy feedback (a "password meter") for TYPO3 backend password fields. As you type, each requirement of the configured password policy is checked and the requirement list turns green ✅ / red ❌ in real time — no more guessing why the record won't save.

Example

⚠️ Security warning — read this first

This extension sends the typed password to the server (over your normal authenticated backend HTTPS connection) on every debounced keystroke, so the policy can be validated with the same server-side logic used on save.

  • The password is transmitted in clear text within the request body (like any normal login/save already does).
  • HTTPS is enforced. The meter only sends from a secure context (window.isSecureContext — HTTPS, or localhost in development), and the controller rejects any non-HTTPS request. Over plain HTTP nothing is sent and nothing is validated.
  • Do not install it if sending the in-progress password to the server is unacceptable in your threat model.

📦 Installation

Composer (recommended):

composer require georgringer/password-validation

⚙️ Configuration

None required. The meter uses the backend password policy configured in

$GLOBALS['TYPO3_CONF_VARS']['BE']['passwordPolicy']   // default: 'default'

Every backend type=password field that declares a passwordPolicy in its TCA automatically gets the live meter.

🧩 Compatibility

  • TYPO3 13.4 LTS and 14.3
  • PHP 8.2+

📄 License

GPL-2.0-or-later