kylemass/haveibeenpwned

A plugin to check if your users passwords have been pwned by a known data breach via https://haveibeenpwned.com

Maintainers

Details

github.com/KyleMassacre/haveibeenpwned

Source

Issues

Installs: 9

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 0

Open Issues: 0

dev-master 2017-08-09 11:10 UTC

Requires

MIT f28bc2fd2019d8a1a4a367c0b47cf498c6534d66

  • Kyle Ellis <ky.ellis83.woop@gmail.com>

accountpasswordshaveibeenpwneddata breach

This package is not auto-updated.

Last update: 2025-01-05 05:01:22 UTC

README

Introduction

A plugin to check if your users passwords have been pwned by a known data breach via https://haveibeenpwned.com

Installation

Run:

composer require kylemass/haveibeenpwned:dev-master

Add the provider to your config file

KyleMass\Hibp\Providers\HibpServiceProvider::class

Add the Facade

'Hibp' => KyleMass\Hibp\Facades\Hibp::class

Next, publish the config file using:

php artisan vendor:publish --provider="KyleMass\Hibp\Providers\HibpServiceProvider" --tag=config

To Use:

Inside your validation just add the: beenpwned validation rule.:

Validator::make($data, [
    'name' => 'required|string|max:255',
    'email' => 'required|string|email|max:255|unique:users|beenpwned:false',
    'password' => 'required|string|min:6|confirmed|beenpwned',
]);

Please take note: that there is a boolean parameter. By default this checks for passwords. By leaving the parameter off or setting it to true it will check the password against the Have I been pwned API. If you set it to false, this will check their account login name or password.

Also note that by using the validation on an email and/or username, you potentially wont pass validation for the registering user. Only use this if this is what you truly desire.

TODO:

  1. Make it framework agnostic
  2. Add validating to a local storage of pwned accounts