Accessing haveibeenpwned.com API's from Symfony applications.
Bundle to integrate cilician, a haveibeenpwned.com API client for PHP, into Symfony applications.
$ composer require jgxvx/cilician-bundle
This bundle wraps the Cilician library. Please refer to the library documentation to learn what you can do with it.
The bundle provides two public services: The main library service,
cilician, and the password validator
Type-hint your parameter with
Jgxvx\Cilician\Service\Cilician or require the service by its alias
cilician to inject the service into your components.
Password Validator & Constraint
To prevent users from choosing a password that has appeared in a documented data breach, add an
IsUnbreachedPassword constraint to your signup form:
$builder ->add('password', PasswordType::class, [ 'constraints' => [ new IsUnbreachedPassword(), ], 'label' => 'label.password', 'attr' => [ 'autocomplete' => 'off', ], ]);
There is also the possibility to add a constraint assertion to a property. However, this should be used with extreme caution: Make sure to not save plaintext passwords in your database. Also, if used with a User entity, this will most likely not work, because the password property will hold a password hash.
use Jgxvx\CilicianBundle\Validator\Constraints as CilicianAssert; // ... /** * @var string * * @CilicianAssert\IsUnbreachedPassword() */ private $password;
If a PSR-16 compatible caching service is available under the
cache alias, it will be injected into
cilician to enable caching.
If a PSR-3 compatible logger is available under the
logger alias, it will be injected into
cilician to enable logging.
CilicianBundle is open source software published under the MIT license. Please refer to the LICENSE file for further information.
Please refer to the Contribution Guidelines.