leakcheck / leakcheck-laravel
Another secure way to check if your users` passwords have been breached
dev-main
2021-11-06 07:49 UTC
Requires
- php: ^7.3|^8.0
- laravel/framework: ^7.0|^8.0
This package is not auto-updated.
Last update: 2024-06-01 17:58:52 UTC
README
Yet another secure way to check if your users` passwords became a part of a breach. Before sending a password to the server we hash it with SHA256 and truncate to 24 characters.
This package was tested with Laravel 8.64 & PHP 7.3, but should work with Laravel >=7.0 too.
Installation
- Install with
composer require leakcheck/leakcheck-laravel
- Publish a configuration file
php artisan vendor:publish --provider "LeakCheck\LeakCheckServiceProvider"
- Set your LeakCheck API key in .env
LEAKCHECK_API_KEY=000011112222...
And you're all set!
Usage
use Illuminate\Support\Facades\Validator;
$validator = Validator::make($request->all(), [
'password' => 'required|string|leakcheck'
]);
You can even use it with standard Laravel's password breach checker:
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;
$validator = Validator::make($request->all(), [
'password' => ['required', 'string', Password::min(8)->uncompromised(), 'leakcheck']
]);
Localization
<lang>/validation.php
'leakcheck' => 'You can not use this password as it was compromised'
This package licensed under MIT license. Laravel is a Trademark of Taylor Otwell.