leakcheck/leakcheck-laravel

Another secure way to check if your users` passwords have been breached

Maintainers

Details

github.com/LeakCheck/leakcheck-laravel

Homepage

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 1

Forks: 1

Open Issues: 0

dev-main 2021-11-06 07:49 UTC

Requires

MIT 48520dc61b70ee8fd27177191d05d243740100a0

passwordleakbreachleakcheckdatabreach

This package is not auto-updated.

Last update: 2024-06-01 17:58:52 UTC

README

LeakCheck <3 Laravel

Discord Packagist Downloads Uptime Robot ratio (30 days) GitHub

Yet another secure way to check if your users` passwords became a part of a breach. Before sending a password to the server we hash it with SHA256 and truncate to 24 characters.

This package was tested with Laravel 8.64 & PHP 7.3, but should work with Laravel >=7.0 too.

Installation

  1. Install with composer require leakcheck/leakcheck-laravel
  2. Publish a configuration file php artisan vendor:publish --provider "LeakCheck\LeakCheckServiceProvider"
  3. Set your LeakCheck API key in .env LEAKCHECK_API_KEY=000011112222...

And you're all set!

Usage

use Illuminate\Support\Facades\Validator;

$validator = Validator::make($request->all(), [
	'password' => 'required|string|leakcheck'
]);

You can even use it with standard Laravel's password breach checker:

use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rules\Password;

$validator = Validator::make($request->all(), [
	'password' => ['required', 'string', Password::min(8)->uncompromised(), 'leakcheck']
]);

Localization

<lang>/validation.php

'leakcheck' => 'You can not use this password as it was compromised'

This package licensed under MIT license. Laravel is a Trademark of Taylor Otwell.